The Decade-Long Campaign to Lock Down Your Computer

This month’s Wired magazine includes a milestone I’m incredibly excited about: My first published print column! You can read Safe In Its Shell, my exploration of the long history of introducing software lockdown mechanisms to mainstream computer operating systems. I keyed on the Gatekeeper feature in Apple’s upcoming version of OS X which locks down which applications can run on your computer, and how it uses a method that was first broadly described by Microsoft as part of its Trustworthy Computing efforts a decade ago.

I’m happy with how the piece came out (I’ve never worked with an editor before!) but I thought that, before I republish the piece on my own site, I’d share some of the key resources that I found valuable in understanding the ideas which informed by column.Put another way, if that column were a movie, these are the DVD extras.

Microsoft’s History With Palladium

Microsoft’s “Palladium” effort to begin providing a framework for software security that was controlled by the software behemoth inspired an immense amount of controversy from the moment it was announced. Some key resources:

The blowback to the Palladium announcement in 2002:

Lots of folks took exception to Palladium’s announcement. Some highlights from the time:

Apple resources on Gatekeeper

Meanwhile, Apple’s rollout of Gatekeeper has been very deliberate, and fairly low-key:

“Advanced features in OS X already help protect you from malware no matter where you download apps. Gatekeeper brings you even more security options — and even more control. For maximum security, you can install and run only apps from the Mac App Store. You can choose to install and run apps from the Mac App Store and apps that have a Developer ID. Or you can install all apps from anywhere, just as you can today. You can even temporarily override your setting by Control-clicking, and install any app at any time. Gatekeeper leaves it all up to you.”

“I have a personal flaw in the form of a small conspiracy theorist who lives in my head. He worried that this may have been created as just a temporary stepping stone — like Rosetta for the Intel transition, or Carbon for the OS 9 to OS X transition — and that one day, the Mac App Store-only option might still be enforced.

But I can’t find it in me to disparage this goodwill effort that Apple has undertaken to not turn every third-party developer upside-down with regard to app distribution. To me it’s a great sign that they’re aware and at some level sympathetic to our concerns, while remaining committed to a high-security experience for users.”

SmartScreen in Windows 8:

Finally, the new SmartScreen features in the upcoming Windows 8 bring the whole thing full circle:

This first Wired column was a great experiment for me in learning how to write without hyperlinks, but I’m enjoying the process greatly and hope that sharing some of the links behind the piece make it even more interesting.