Gatekeeper

Of the Mountain Lion announcements, Gatekeeper has been one of the most discussed. Apple has touted OS X as being a safer, more secure environment than Windows, offering its customers a relatively malware-free experience. In the early days this was often discounted by saying that OS X wasn't a likely target for malware simply because no one used it. Today Apple claims to have a Mac installed base of 63 million users. While there are far more Windows users, that's not an insignificant number. And it's growing.

As the likelihood for significant malware targeting OS X increases, Apple must do whatever it can to maintain its pristine image. In a sense, Apple made its bed by promising a more secure, virus/malware-free experience, and now it has to sleep in it. It's not a bad thing, but it's something that is going to require a lot of work.

The easiest and most obvious solution to the problem is the Mac App Store. Every app distributed through the Mac App Store is certified by Apple and thus no malware/viruses should ever make their way to a customer's Mac if they only run apps from the Store. That's a step in the wrong direction unfortunately. Companies like Adobe and Microsoft don't make their applications available in the Mac App Store (paying Apple 30% for every copy of Photoshop sold seems unlikely to happen), not to mention the tons of useful open source or other programs that aren't distributed through the MAS. While the iPhone can sell just fine as a platform that's more of an appliance, Macs (at least today) cannot.

The alternative is to heavily warn users that what they're running isn't exactly safe but allow applications, regardless of origin, to be run. This is what's done today in Lion. The first time you run an application that you downloaded you'll get a message that looks like this:

It's the everlasting debate between freedom and security. Give up one to get the other, but what's the right balance?

The compromise in Mountain Lion comes in the form of a tool called Gatekeeper. An innocuous little radio selection in the Security preference pane, Gatekeeper lets you choose what applications can be run on your Mac.

You can choose to only allow applications from the Mac App Store, allow all (the two extremes we discussed above) or pick an in-between option: allow anything downloaded from the MAS or anything by an identified developer.

This in-between setting is the compromise.

If a developer joins the Mac developer program ($99/year) it can become an officially identified developer with Apple. The developer can then sign its applications with a unique cryptographic key that Apple recognizes, without requiring that the apps be distributed through the Mac App Store. Unlike the Mac App Store, there's no approval process that the developer's signed apps need to go through. There's only one stipulation that goes along with the identified developer label: the apps distributed with that key cannot be malware.

Apps from identified developers will communicate with Apple's servers to verify the digital signature is intact and correct only upon install or the first run of the application. Subsequent runs do not phone home and there's no remote kill switch for these applications. Should Apple find out that a developer has been distributing malware Apple can revoke the developer's key, but that would only render those apps that have yet to be installed/run from working. Without a certification process for non-MAS apps there's still a degree of risk associated with this compromise. I don't believe the ideal solution is to force everyone to buy through the MAS, but Gatekeeper's compromise isn't an impervious solution.

Apple tells us the default Gatekeeper setting in Mountain Lion will be to allow apps from the Mac App Store or from identified developers to run. Hopefully by the time Mountain Lion ships many third party developers will be on-board and identified making the transition mostly seamless. If you don't change the default Gatekeeper setting there's another way around the protection: simply control-click (or right click) on the app you're trying to run and select open. Doing so will override the Gatekeeper setting and let you run an unsigned app.

General Impressions & New Safari Software Updates & Moving Toward the Mac App Store
POST A COMMENT

96 Comments

View All Comments

  • Jaybus - Tuesday, February 21, 2012 - link

    Well, I think that if they go that route, then they will find themselves in court, just as Microsoft did. Embedding APIs available only to App Store apps is almost identical to Microsoft embedding Internet Explorer primitives into Windows. It is an unfair trade practice, and the DOJ will be all over it seeking a hefty fine to line the DOJ lawyers pockets. Reply
  • InsaneScientist - Sunday, February 19, 2012 - link

    Awesome preview as always, guys!

    A little niggle that has been bugging me for some time, I've just never gotten around to mentioning it: When you have an article with multiple authors that includes personal opinion (ie. things that are written first person) could you provide some indication of who wrote which sections? I'm pretty sure I've seen it from time to time in the past, but it's not consistent.
    I'm just OCD enough that I'm always wondering which person's opinion I'm reading at a particular point in time.

    With that out of the way, a random question: Does 10.8 support the ability to pause and resume file copies? I've actually found that I use that feature in the Windows 8 developer preview a LOT more than I would have thought.

    I also find it interesting that they seem to be simultaneously trying to make OS X server more consumer friendly (such as the management options for iOS devices) whilst making it so that it can't be the only server on a network by (potentially?) removing DHCP. Any insights into the contradiction?
    Reply
  • Malih - Sunday, February 19, 2012 - link

    exactly, I think many readers wonder who is "I" on one particular section of the article. Reply
  • Kristian Vättö - Monday, February 20, 2012 - link

    Unfortunately, you cannot pause a file transfer in the current developer preview :-( Reply
  • Mr. S - Sunday, February 19, 2012 - link

    "... Mountain Lion is dropping support for any Mac that is not capable of booting OS X's 32-bit kernel."

    I think you mean 64-bit.
    Reply
  • Andrew.a.cunningham - Sunday, February 19, 2012 - link

    Yup! Fixed. Reply
  • MonkeyPaw - Sunday, February 19, 2012 - link

    My concern with aggressive OS releases is that of support. While I think iOS does a better job than Android when it comes to mobile unity, Apple has been notorious for dropping "old" desktop models from its support list. These aren't cheap pieces of hardware, nor are they useless as everyday machines on the day Apple drops them. While you can continue to run old versions of OS X on these machines, will security and stability updates continue? Will Apple will find that people are using anywhere from 10.6 to 10.10 in 3 years? Seems like it will get fragmented, which, as MS can tell you, is a nightmare. Sure Apple can just end support of "old" versions of OS X, but that has its risks. Will software developers keep up? What if people choose to stay on a given version because they don't want to upgrade?

    Don't get me wrong. I want to like Apple's products. I've owned Macs before back in the PPC days, and I have an iPhone 4 (work-issue). The hardware is top notch, and I like OS X for the most part. It's Apple's business practices that I just can't get on board with. I just wonder how many more people there are that feel this way that elude Apple's sales. Apple reap billions already, so maybe they are just fine with not having people like me as customers.
    Reply
  • HunterKlynn - Monday, February 20, 2012 - link

    Well, for dropping old hardware I kind of understand it, and if anything I think they're trying to reduce fragmentation. Right now, they're basically saying "it's time for 32 bit to just go away forever" which is a mindset I can easily get behind. That and requiring everyone to have OpenCL support which also is a matter of bringing the platform in line.

    I would assume an annual release cycle would have a reduced list of dropped hardware since A) things won't have changed quite so much and B) the two major changes in hardware types have been covered by the requirements on Mountain Lion.
    Reply
  • name99 - Tuesday, February 21, 2012 - link

    What exactly is your complaint? That's the part I don't understand.

    Apple has a very clear policy on security updates; and even when they stop providing them, chances are that your system is secure enough that it's not big deal.
    So you are upset that you bought a computer and Apple will stop providing new software for it seven years later?

    If you still want to use your slow computer seven years after Apple stopped supporting it, go ahead and do so --- it will still work. I have a PPC laptop I use as server running 10.5, and a 1st gen Intel laptop running 10.6. I don't bitch and whine about how they can't run newer OSs because what's the big freaking deal? They still work every bit as well as they did last year and the year before that. You come across as a guy who buys a car then complains that he has to buy gas every so often.

    Maintaining backward compatibility forever is not free --- just ask MS. Forcing backward compatibility introduces bugs and makes it that much more difficult to add new features or improved algorithms. To take an obvious example --- if (when?) Apple introduce a new file system, it's a whole lot easier if they can just assume that it runs only on 64-bit machines and that they can cleanly use 64-bit integers and even 64-bit assembly where-ever they need to. (And don't tell me that compilers can support 64-bit longs transparently on a 32-bit machine --- yes they can, but not atomic operations on 64-bit longs.)

    And it's not like Apple have made these decisions randomly. Dropping PPC, then dropping Intel 32-bit support are both obvious decisions that allow the company to concentrate on moving forward rather than constantly being slowed down by the past.
    The good news is that, for the most part, it's over now. The obvious future transitions are
    - drop ALL 32-bit code support (maybe coming in Mountain Lion even)
    - drop Carbon
    at which point ideally Apple has the energy to move forward with one OS and one runtime a whole lot faster.

    On the other hand, we are going to see, soon enough, the transition to 64-bit iOS. Expect a whole lot of bitching at that point from people who are upset that Apple won't support their iPad2 for the rest of time.
    Reply
  • B3an - Sunday, February 19, 2012 - link

    It's very obvious that this faster release cycle is in response to Windows 8. All the massive changes and improvements in W8 obviously have Apple worried. Especially with all the upcoming W8 tablets that will cut in to iPad sales. And unlike Mountain Lion which wont run on older Apple hardware, W8 will run on most PC's that can run the decade old XP, because as a benefit of all the performance optimisations for tablets i've managed to get Win 8 to run atleast as good as XP on laptops that are over 7 years old and only have 512MB RAM.

    And correct me if i'm wrong, but i dont remember seeing any article like this mentioning the new stuff within the Windows 8 Dev Preview when it came out late last year. Win 8 is a FAR bigger change and update than Mountain Lion, yet there was nothing like this article. I know the Dev Preview was missing many features but still disappointing.
    Reply

Log in

Don't have an account? Sign up now