Freedom or security? Most users have chosen

Think about it: App stores are highly restrictive, and now both mobile and desktop OSes employ stores to bar bad apps

Freedom or security? Most users have chosen
flickr/fdecomite (Creative Commons BY or BY-SA)

The writing is on the wall. The future of computers is less application choice -- in exchange for a safer overall computing experience.

I’m not talking about a draconian security lockdown. I’m referring to the app stores that have emerged not only for mobile but also for desktop operating systems. OS vendors and their stores are deciding which applications can be trusted and offered for download.

To varying degrees, each online store offers users a censored, filtered experience, from the Apple App Store to Google Play to the Microsoft Store. These stores normally disallow apps that promote bullying, racism, or hardcore pornography. What’s allowable is completely under the control of the vendor -- and banned applications (or banned developers) often have little or no recourse.

Applications are analyzed for maliciousness and must be digitally signed by their authors to gain access to the store. A digital signature doesn’t mean an app isn’t malicious, but it allows the store to ban an app and/or its developer when enough complaints arrive.

Apple’s App Store was first, of course. The company then applied its App Store-only model to OS X a few versions ago. Starting with OS X Mountain Lion, by default, Apple’s Gatekeeper allows apps from certified Apple developers only (and from the App Store) to be downloaded and installed. This option can be opened to Identified Developers (apps from developers registered with Apple) or Anywhere (any app from anyone), but most users stick with the default.

Google and Microsoft aren’t quite so dictatorial, but the potential is there. Google pushes Google Play for all Android applications. Users can easily go outside of Google Play to get their apps, but the functionality is turned off by default. Android users must specifically acknowledge the risk they are taking to go outside of the Google Play store.

Microsoft has taken a softer approach. Any consumer buying a Windows 8 or later computer is pushed by default to the Microsoft Store when searching for new applications and content, although other non-Microsoft Store applications can easily be installed by default. Microsoft Store applications are scanned for maliciousness, and so far, only a tiny amount of bad stuff has managed to sneak through.

Windows 10 adds Device Guard, which, when enabled, allows only pre-approved, signed applications to run. By default Device Guard automatically allows you to download and install apps from any Microsoft Store or any Microsoft-signed application (similar to Apple's Identified Developer option). Furthermore, any person, vendor, or company can sign their own apps (or other people’s apps) to get them automatically trusted and allowed by Windows. When Device Guard is enabled, any application not previously approved (that is, potentially malicious) will have a much harder time getting installed and executed.

Consumers are quickly learning to love the safety of the vendor stores. Most users don’t want to install every application in the world. They want to browse the Web safely, use email, play some games, and work with a handful of productivity applications. They most certainly don’t want to spend time fighting malware or take their computer to a repair store to remove the latest Trojan.

The upshot is ironic: BYOD units are now more secure than the desktops and laptops managed by IT.

Not that app stores are perfectly secure -- malicious programs will get into app stores once in a while, and even approved applications can contain vulnerabilities. Approved applications can be used to hack people using macro viruses, scripting worms, and so on, not to mention that some people will always insist on jailbreaking their devices and taking their chances.

Nonetheless, I think the early part of the 21st century will be remembered as the time when most consumers gave up the freewheeling application ecosystem and sought a safer model. Sure, there will always be people who want to be trusted to run any application that they want -- and there will always be plenty of OSes, such as OpenBSD or Linux, for them to run. But the vast majority of people are willing to give up application freedom for dramatically improved safety.

Copyright © 2015 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)