1/13/13
8:45 am

Forum Question: Will Gatekeeper and XProtect Protect From 3rd Party Exploits?

Let say I have Java, Adobe Flash and Office 2011 for Mac already installed on my Mac and any one of these has an un-patched vulnerability at the moment and a malicious piece of Malware has been created to exploit it. Will Gatekeeper and/or xProtect (File Quarantine) protect me from this Malware?
—–
Bill Gates

Comments: 4 Responses to “Will Gatekeeper and XProtect Protect From 3rd Party Exploits?”

    1/13/13 @ 8:57 am

    Gate Keeper is simply a setting where you can voluntarily block application installation. For instance, it can prevent you from easily installing an app that hasn’t been “signed” by a developer. So it is useful to get you to stop and thing about installing an app that doesn’t have a signature. And it is very useful if you are maintaining a Mac for someone else who isn’t as computer savvy (family member, students, employees, etc). But it has nothing to do with vulnerabilities in software you already have installed.
    See http://macmost.com/understanding-gatekeeper.html
    XProtect, the quite malware protection hidden in OS X on the other hand could help. Apple could issue an update to the library of definitions that lets XProtect identify and block malware. But there would have to be some malware — not just a vulnerability.
    It is important to know the different between “vulnerability” and “malware.” Like the news right now is reporting a vulnerability in certain versions of Java. This is like realizing you have left one of the doors in your house unlocked. It doesn’t mean someone is breaking into your house, or that someone intends to break in. And you can easily just go an lock the door (disable Java, in this case, or go to a version that doesn’t have this vulnerability).
    There have been no reports of malware being developed here. It is simply that a potential method for creating malware has been found. These things are made public precisely to discourage malware from being created. If people are switching off Java or using versions without the hole, and Oracle is working fast to issue a new version, and security pros everywhere know to protect this vulnerability, then malware creators will find it a waste of time to make malware that uses this flaw. Java can be patched and everyone can move on without there ever being a real threat.

      Michael A.
      1/13/13 @ 1:33 pm

      According to some news sites though, Apple has used XProtect to disable/block Java 7 because of it’s vulnerability, even though it itself is not malware. Hence the newsworthiness. I will be interesting to see if Apple increasingly uses XProtect and Gatekeeper to target vulnerable software instead of just malware. Maybe they just picked on Java because it could be exploited by visiting a website.

        1/13/13 @ 1:55 pm

        XProtect, yes. Gatekeeper though is very specific and simple in what it does. An app is either signed, or not. It is either in the app store, or not. So the term “increasingly uses” doesn’t apply.

    roberta
    1/14/13 @ 3:21 pm

    Bill who? Thanks for the question, and the good answer, Gary.

Comments Closed.