The Decade-Long Campaign to Lock Down Your Computer
This month’s Wired magazine includes a milestone I’m incredibly excited about: My first published print column! You can read Safe In Its Shell, my exploration of the long history of introducing software lockdown mechanisms to mainstream computer operating systems. I keyed on the Gatekeeper feature in Apple’s upcoming version of OS X which locks down which applications can run on your computer, and how it uses a method that was first broadly described by Microsoft as part of its Trustworthy Computing efforts a decade ago.
I’m happy with how the piece came out (I’ve never worked with an editor before!) but I thought that, before I republish the piece on my own site, I’d share some of the key resources that I found valuable in understanding the ideas which informed by column.Put another way, if that column were a movie, these are the DVD extras.
Microsoft’s History With Palladium
Microsoft’s “Palladium” effort to begin providing a framework for software security that was controlled by the software behemoth inspired an immense amount of controversy from the moment it was announced. Some key resources:
- Microsoft did a briefing at NIST in 2002 about the basic principles behind Palladium
- The original Newsweek launch story about Palladium by Steven Levy is still up on the Daily Beast website
- And you can still find the original “Trustworthy Computing” memo by Bill Gates (in RTF format!) which acted as a rallying cry for the troops at Microsoft. (Looks like they added an HTML version as well.)
- And of course, Gates’ memo was inspired by Craig Mundie’s original TrustWorthy Computing memo (in convenient Microsoft Word format), which Mundie revisited on its 10th anniversary in a retrospective writeup
- I’d written a bit about that original Trustworthy Computing memo a few years ago myself
- Microsoft still has an active Trustworthy Computing site which offers a detailed timeline on the initiative, and presages their later site about the mellifluously-named successor program, the Next-Generation Secure Computing Base
- And though it’s apparently no longer on Microsoft’s site, the intense scrutiny of the original responses is evident in this cached version of Microsoft’s original Palladium FAQ
The blowback to the Palladium announcement in 2002:
Lots of folks took exception to Palladium’s announcement. Some highlights from the time:
- David Coursey, then of ZDNet, explains why the effort couldn’t be trusted
- The Register called it an attempt to eradicate the GPL and destroy Linux
- Robert Cringely naturally deemed it “diabolical“
- Chris Hoofnagle from EPIC described Microsoft’s Palladium presentation as “Orwellian”
- Microsoft exec Mario Juarez did an interview on Palladium in June 2002
- And Security Focus had a contemporary story at the time of Palladium’s launch
- EPIC naturally offered some detailed resources about Palladium.
- Catherine Flick at the University of Sydney offered a detailed analysis in her June 2004 paper
- Ross Anderson’s 2003 FAQ was also a seminal resource
- Microsoft then started to back off of Palladium (by then rebranded as “NGSCB”), as also mentioned Ars Technica
- Naturally, Microsoft immediately backtracked, vaguely reaffirming its commitment to Palladium shortly thereafter
Apple resources on Gatekeeper
Meanwhile, Apple’s rollout of Gatekeeper has been very deliberate, and fairly low-key:
- A characteristically understated consumer explanation of Gatekeeper offers up Apple’s only real customer-facing description of the feature:
“Advanced features in OS X already help protect you from malware no matter where you download apps. Gatekeeper brings you even more security options — and even more control. For maximum security, you can install and run only apps from the Mac App Store. You can choose to install and run apps from the Mac App Store and apps that have a Developer ID. Or you can install all apps from anywhere, just as you can today. You can even temporarily override your setting by Control-clicking, and install any app at any time. Gatekeeper leaves it all up to you.”
- Rich Mogull (what a great name!) offered a detailed overview of Gatekeeper’s functions and also summarized the feature in Tidbits
- Steven Frank had a thoughtful take on Gatekeeper
“I have a personal flaw in the form of a small conspiracy theorist who lives in my head. He worried that this may have been created as just a temporary stepping stone — like Rosetta for the Intel transition, or Carbon for the OS 9 to OS X transition — and that one day, the Mac App Store-only option might still be enforced.
But I can’t find it in me to disparage this goodwill effort that Apple has undertaken to not turn every third-party developer upside-down with regard to app distribution. To me it’s a great sign that they’re aware and at some level sympathetic to our concerns, while remaining committed to a high-security experience for users.”
SmartScreen in Windows 8:
Finally, the new SmartScreen features in the upcoming Windows 8 bring the whole thing full circle:
- Where does any discussion of a new Windows feature start except with how to turn the damn thing off?
- Microsoft describes the code-signing requirements at the OS level on their developer site
- The great Windows fan site I Started Something goes into great depth about how the SmartScreen controls actually work in the new OS
This first Wired column was a great experiment for me in learning how to write without hyperlinks, but I’m enjoying the process greatly and hope that sharing some of the links behind the piece make it even more interesting.