‘Perry’ wrote (on the RogueAmoeba blog post “Code Signing and You”):
“…the case for Code Signing on a Mac – in the service of its administrator/owner – is very compelling. In a sense, the Mac is living on borrowed time – viruses and worms and other nasty bit-critters will surely come our way, and going to an all-signed environment is one the most potent weapons we have to keep your systems from being overrun. I realize this capability *could* eventually be abused in various ways, and I trust you’ll all keep Apple honest about it. But it can also be a powerful force *for* you.
Oh, and to put that to rest: I do work for Apple, and I designed and implemented Code Signing in Leopard. If you think it’s going to usher in a black wave of OS fascism, you have every right to blame me – it was, pretty much, my idea.”
Like some, I see code-signing as a necessary neutral. It’s neither good nor evil but it could be used for evil purposes (where evil is really just a shade of ‘not good’).
It’s all about trust again. When we first heard of Intel’s Palladium, there was an uproar. When we heard about processor serial numbers on the Intel platform, there was an uproar (despite the fact they had been quietly present for years on PowerPC).
The other commenters on the blog put forward scenarios where corporations will use this facility for evil and point to Apple’s DRM’ed music (using FairPlay) and also Apple’s odd restrictions within DVD Player.app on Mac OS X as an example of how the company is ‘evil’.
Of course it’s bollocks.
It took FairPlay to get the media owners (record labels) to start to play ball. Now we have DRM-free music available from multiple sources. Similar Apple’s DVD Player is compliant with the law because they want to avoid litigation. You can get round it by using other DVD-playing applications but Apple plays it safe. They’re not interfering with other third party apps.
It may be blind and stupid faith but I know enough people within Apple and I’ve read enough accounts of people working there that I trust them to do the right thing. Individual end users do need help in discovering which applications are bad and which are good and Apple, in order to reduce the amount of legwork required, is bound to have a review process where they solicit information from users of iPhone applications. This will have the dual effect of speeding up the eventual distribution of applications and also making sure there’s a peer review process.
I’d like to hear more from Perry on this debate as individual security on computing devices is important to me from the point of view of working in the IT business. There’s always a considerable difference in working with Macs and PCs – the latter is always slower in my experience (considering that my day job gives me a Core Duo machine running XP and my home machine is a Core Duo machine running Leopard) due to the need to perpetually run AV and firewall software and if not running them, due to the amount of malware that has been picked up.
Not enough people hear the reasons for design decisions and this is an Apple fault. They don’t make individuals publicly known. Every time there has been an outcry, I’ve always managed to speak to someone within Apple and they’ve given me the reasons for this and that. And yeah, in the wake of their spin doctoring I’ve always agreed.
For the average end user there needs to be a helping hand, an additional way to reduce the contact they have with malware. It’s something that will piss off some people who for political reasons want to have 100% access to their devices but I’m confident that the jailbreaking crowd will cater for them adequately.