6 Apr 2008

A secure platform at last?

The iPhone has an interesting approach to software installation -- you can install only apps that Apple certifies. At one shot, this eliminates malware of various kinds -- viruses/worms, trojan horses, spyware, adware/nagware, rootkits...

The PC approach is to detect malware on your PC. Even if you did not have to do your research and install anti-virus and anti-spyware and rootkit detectors and what-have-you -- that is, even if first-rate anti-malware came with the OS and worked invisibly without bothering you, it's a costly arms race that we're losing. When tested with new viruses, the best antivirus software let through 32% of them. Not to mention that anti-malware constantly consumes resources, an especially serious problem for mobile phones.

If we can't reliably detect malware on the PC, can we prevent it from getting installed in the first place? Hence the usual exhortations about not downloading or installing stuff. But that doesn't work. People will click on anything that looks interesting, partly because bad software has conditioned them to click Yes to any prompt that appears, and partly because "given a choice between dancing pigs and security, users will pick dancing pigs every time". But why should users have to become security experts, in the first place? Any technology that doesn't just work by itself and requires you to learn and follow a set of dos and don'ts is broken.

So if we can't reliably detect malware once it's installed, and if we can't and shouldn't require users to decide what's harmful, the alternative is to outsource this decision-making to people who are actually capable and interested in doing it. The iPhone is one model, where Apple decides what's good for you and what's not. The problem with this is that power corrupts -- the gatekeeper decides what's good for them, instead of what's good for you. Apple doesn't allow anti-DRM tools on the iPhone, even for fair use -- the right to play media that you paid for on a device of your choice.

How about we allow the user to decide whom to trust? Have multiple certification authorities --services that tell you if a given application is harmful. The user gets to decide which one to use. Have the OS speak an open protocol to the certification authority, so that anyone can roll his own. When you install an app, the OS contacts the service of your choice, sends it a hash of the application package and asks if it's safe. That way, you have security and control.

A certification authority can use many ways to detect malware. For instance, they can run the app through the top 20 antivirus tools. They can run the submitted app in a virtual machine and run the antivirus software from the host OS. They can have a list of all syscalls the app makes and look for suspicious disk or network activity... Basically why do the dangerous job of malware detection on your desktop?

Certification services can go one step further than security. For example, insist that the app follows Human Interface Guidelines for consistent, decent user interfaces (the iPhone SDK license agreement mentions this). Weed out multiple me-too softwares that do nothing different. One of the nice things about the Mac software market is that there are fewer apps for a given task, but they are high-quality. What if you could check a High-quality Apps Only option in your system preferences and have it weed out the train wrecks?

Imagine how much better things could be if malware of various kinds were gone. That would also eliminate spam.

No comments:

Post a Comment