Have you been following Apple’s technical roadmap these days? I know most of us track the new whiz-bang features and amazing marketing that comes out of that company.
You know I was counseled by some Apple folks recently and told “If we get you an audience with Steve Jobs, don’t say a word about Apple being in the “IT business”…and further that “Apple is a consumer products and content company and that technology is all about helping to deliver consumer experience…” (We will get kicked out if I start talking about “IT”…)
Hmmmmm. Makes good sense. IT, technology and the services built upon them are the means to the end…not the end. The end is sexy and easy to use. The technology is largely transparent to the user experience.
Sort of like a well made German sports car…
As the subject of this blog is really observations of IT in transition, and because I am a closet geek anyway – I must dive a level down and make some technology observations.
I’ll start with a note from Steve Jobs last week. See a copy here: http://blog.zingwat.com/?p=164
Note his comment on code security and “integrity”:
“It will take until February to release an SDK because we’re trying to do two diametrically opposed things at once—provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc. This is no easy task. Some claim that viruses and malware are not a problem on mobile phones—this is simply not true. There have been serious viruses on other mobile phones already, including some that silently spread from phone to phone over the cell network. As our phones become more powerful, these malicious programs will become more dangerous. And since the iPhone is the most advanced phone ever, it will be a highly visible target.”
Also last week Apple made the highly touted announcement of “Leopard” and the mind boggling list of new capabilities and features. See: http://www.apple.com/macosx/features/300.html
Well, one very capable analyst, Carl Howe, wrote an interesting article zeroing in on some common technological similarities between the challenges with these offerings. See:
The two items that Carl picked out and correlated (iPhone to Leopard) are really interesting and relevant to these blog pages. From the article:
Tagging Downloaded Applications
Protect yourself from potential threats. Any application downloaded to your Mac is tagged. Before it runs for the first time, the system asks for your consent — telling you when it was downloaded, what application was used to download it, and, if applicable, what URL it came from.
Feel safe with your applications. A digital signature on an application verifies its identity and ensures its integrity. All applications shipped with Leopard are signed by Apple, and third-party software developers can also sign their applications.
And Carl goes on to say:
“Those features jumped out at me because the very first Forrester report I wrote in 1996 was about desktop security and the threat of active content. In that report, I wrote that if you want a truly secure platform, you need both app signing and run-time validation to guarantee that you only run trusted code. I further noted that Windows would never become a truly secure platform without these features. The fact that these features are built into Leopard says that even as Macs gain in popularity, Apple has no intent of letting its OS or its iPhone become an easy security target. And these two features are worth the entire cost of upgrade and more to anyone worried about desktop and server security.”
Wow, did you note the “positive platform attestation” comments in his observations? He is saying (I believe) that the device itself is responsible for maintaining the boundaries of what code should be allowed to run on the platform. And that we can “secure a platform” by making sure the trusted code stays trusted, and deal with mobile code asserted to the platform by having some sense of “provenance” – i.e. “where did the code come from, who (which app) requested it, and is it safe to run.”
He finishes the article with “Nice work Apple…”
I concur – great stuff. Not sexy in its own right necessarily. But by building these features into both the architecture AND the third party infrastructure, intrinsic positive platform protection can be more effectively assured.
With this, the stuff just works better. It is more reliable. It is safer…and all leads to a better user experience, and (likely) lower support costs for Apple.
Happier customer, more security transparency based on positive code measurement (signing) and attestation (verification).
Nice work Apple.
And nice work Carl for helping to sort this out.
(Have to run, heading to the Apple store)