Over the years, every time a new mobile phone came out I switched to it, to anticipate security questions from clients. When I went from a Blackberry to an iPhone I thought there were two really game changing features:
- Visual voice mail - having worked at a telephone company (GTE) for 11 years, I was amazed that Steve Jobs got ATT to change voice mail so you could see a listing of messages and choose which to listen to first! That was a truly irrestible force tumbling a previously immovable object.
- The App Store - since day 1, iPhones have had a restrictive whitelist, called the App Store, and, more importantly, no user has ever complained!!
Can you imagine how different the security world would have been if the Windows PC had come with a built-in App Store from the start?? Users would have never gotten into the mode of expecting to be able to send executables to each other and much of the malware problem would have been thwarted from the start. Not all malware - dealing with macro viruses and other active content would have still required OS changes in Windows that Microsoft didn't even want to consider until 2003 or so.
So, white lists like the Apple App Store, Google Play, Microsoft's Windows Store, etc. have the potential to both raise the bar against malware and change user behavior and expectations - both potentially very good things for security. But, and this is a large but: whitelists are like lifeguards at a beach: people see them, trust them and jump into waters that could be dangerous because they expect the lifeguard to be looking for sharks and keeping the waters safe. If the lifeguards fall asleep (or spend most of their time playing Fruit Ninja on their smartphones) or the beach doesn't invest in really good lifeguards, then we have the worst of both worlds: people letting their kids swim in shark infested, riptide-laden waters with a false feeling of security.
Both Apple and Google have had malware get through their app store processes, but have continually increased their level of security inspection (and continual monitoring) of apps, though it would be nice to have more transparency into how much they are actually doing. The Windows Store is pretty new (I switched to a Windows Phone two years ago anticipating security questions - not a one, yet...) and there is some risk that Microsoft may get sloppy in order to rapidly ramp up the number of apps in the Windows Store to try to get within an order of magnitude of the quantity Apple and Google have in their app stores. But I'm hoping Microsoft will try to leverage its Secure Development Lifecycle investment to trumpet a more secure app store for Windows devices.
On the whitelist side, Bit9 just had a very serious compromise of their systems that allow attackers to poison their whitelist with malicious executables. This is like the sharks climbing up into the lifeguard chairs, not a good thing. Bit9 has issued a patch to their product and let's hope they will take drastic steps to make sure this does not happen again - that Bit9 will make sure the lifeguards are alrert and not playing FruitNinjas, that the critical security controls keeping the sharks out are in place and being monitored and so on.
White lists and app stores done right can still be a game changer - we need more demonstration that they are being done right.