Windows 8 should have Gatekeeper

Yes, I said it. Windows 8 should completely, blatantly steal a feature from OS X “Mountain Lion”. Issue certs for ISVs outside (not just inside) the store, lock Windows down to them by default, and revoke them when they go rogue.

The reality is that Windows 8 on x86/x64 needs Gatekeeper (signature-based whitelisting) far more than the Mac does.

I’ve seen huge cry from the open-source crowd about Windows 8 boot security, Mac App Store apps having to live within the sandbox, and now, Gatekeeper. It’s always the same, “they’re taking away our freedoms, one by one!!!”

You have the freedom to run an old operating system, on older hardware. Nobody is forcing you to upgrade.

When I was a kid, my elementary school had two wooden playsets. They gave us splinters, had nominal safety considerations, certainly no safety ratings, and frankly, I think they were made of pressure-treated wood that was probably soaked in arsenic or something equally toxic.

Today, you don’t see playsets built like that. Why? Because it’s crazy!

People howl when “rights” are taken away when features like secure boot or Gatekeeper come along. Cars didn’t used to have doors, seatbelts, airbags either. Today they’re faster, safer, and less likely to kill you. I think we’d do well to make Windows run the same.

It is time we moved from considering “computing” as a hobby and instead to be a consumer electronics experience that focused on reliability and ease of use – not just flexibility and “power”. The era of the digital flivver is coming to a close. Sorry to break it to the geeks – but most consumers (those crazy people who keep buying devices from Apple en masse) don’t want hackability. They want reliability. Consumers don’t want the bleeding edge. They want edges that don’t cut them. You know what Dave? There are actually lots of people that actually like Disneyland.

In many ways, it’s wonderful that WoA doesn’t include Win32 support beyond the desktop and Office. I think it’ll be a much more secure platform – and much closer to an experience, and less of a computer – exactly what most consumers want. But I think going one step further, and putting a Gatekeeper-type approach in Windows 8 would not only be a good thing, but the right thing. Put in a mechanism for the hobbyists to turn it off – fine. Even turn it off by default on upgrades – but man, for new systems? There’s never been a better chance to take out cybercriminals before they even have a chance to run code on millions of computers.

3 comments

  1. I don’t agree. GateKeeper is just an attempt to reinforce Apple’s monopoly of the applications developed for OS X. The presence of a code-signature does not guarantee that the app is malware or virus free. It only guarantees that the developer has paid 99 dollars/euros to Apple to get a Developer ID. No check is performed on the code-signed applications downloaded from a private developer’s Web site and this demonstrates that GateKeeper was introduced for purely commercial reasons. I really hope that Microsoft will never implement something like that. A good antivirus piece of software could certainly do GateKeeper’s job… but it’s not commercially convenient to the software house shipping the operating system.

  2. Do you really think GateKeeper will protect you from malware? Think twice, and make that triple before you post.

  3. Nobody here really believes that GateKeeper was developed for security reasons. Its presence in Mountain Lion is just a way to force Mac developers to pay Apple to sell their software. By adopting that disgusting money-hungry policy, Apple is digging its own grave.