Will the Mac App Store keep malware at bay?


App Store LogoThe blogosphere is abuzz with talk of convergence between the smartphone, tablet and laptop device markets. Apple, who have led innovation in at least two of those areas, took another step down that path today with the release of version 10.6.6 of OS X.

As well as fixing a vulnerability in the Software Update program, this new update introduces the Mac App Store.

App Store has been key to the success of iPhone and iPad. It turns the chore of finding, downloading and installing apps from a huge range of software vendors into a simple pleasure.

Because Apple also vet apps according to some very strict rules, it also takes much of the risk out of the process. Apple have so far proven very effective at keeping bad stuff out of the Store.

And last but not least, it also gives Apple a nice additional revenue stream. Apple are clearly hoping that the App Store’s success will carry over to the Mac.

Others will no doubt comment on App Store’s usability and content, but what does does it mean for security?

On the plus side, all software on the Mac App Store will be vetted by Apple, just like on their mobile platforms. The long list of rejection criteria ranges from the specific (Apps that request escalation to root privileges) to the vague (Apps that are not very useful). These rules have certainly been the source of controversy in the development community in the past, but for App Store users it allows them to buy and download Apps with peace of mind.

But App Store alone cannot provide complete protection.

On the iPhone and iPad, the App Store is the only authorized way for users to download and install new software. By creating a walled garden (or maybe a walled orchard) where only vetted Apps are admitted, Apple have created a very safe environment. Traditional binary malware attackers are locked out.
Screenshot of popular App Store appsOn the Mac, the App Store is just one more way of deploying software. You can still download and install software the old-fashioned way and so you still need to be on your guard.

Another area of concern is the black market for pirated apps. As the Android community has been discovering this is an almost inevitable consequence of the creation of a thriving legitimate marketplace. While users who are willing to pay for their Apps are likely to remain relatively safe, those who are prepared to run pirated software expose themselves to downloading fake or maliciously modified apps. To do this on an iPhone requires the irreversible and deliberate step of jailbreaking the phone, but not on the Mac.

Finally, many popular, serious and widely-used Mac applications will likely fall foul of the App Store’s strict criteria. For example, applications like VMWare Fusion or Parallels rely on Kernel Extensions (kexts) and other banned techniques to interact with the operating system.

Security products are also likely to fall foul of these rules. Any anti-virus tools made available through the App Store will be limited to performing on-demand scans of files and folders that you can access without requiring elevated privileges. Without kernel extensions they cannot protect you as you download, copy or run stuff, and without using their own channels for updates they may have to compromise on the effectiveness of their scanning. They certainly can’t claim to provide an effective barrier against infection.

So while the App Store certainly makes it easier to get hooked on the latest levels of Angry Birds, on its own it doesn’t do much to address the security and privacy problems to which we are all exposed.