Rapid adoption rates, three hundred and fifty thousand apps, but not much malware. What gives?
1) The power of whitelisting. Call it what you may, but having Apple act as the steward of all applications via its App Store is a form of whitelisting (where the list of approved applications [whitelist] is defined by those that Apple approves to be posted). Whitelisting is an extremely powerful security concept that hasn’t been widely used by enterprise IT – yet. Could Apple do more in terms of security testing? Absolutely, but there hasn’t been a major malware outbreak or market demand (yet) to change the current level of application certification.
2) The benefit of users running without administrative rights. You don’t have “root” rights on your iPhone/iPad unless you’ve jailbroken the device. The vast majority of users won’t be compelled to do this because they can do everything they need as a “standard user”. They extend the device, customize their environment, download and install applications, and so on without knowing that they don’t have “root” access.
Think about it. Even with the removal of administrative rights and with implicit whitelisting, the users don’t complain about being “locked down”.
Imagine what we could do for enterprise Windows users with a similar model…
Category: Beyond Anti-Virus Endpoint Protection Platform Information Security Microsoft Security Windows 7 Tags: Apple, Beyond Anti-Virus, Defense-in-Depth, Endpoint Protection Platform, Lockdown, Security-Summit-NA, Windows