Gatekeeper

Of the Mountain Lion announcements, Gatekeeper has been one of the most discussed. Apple has touted OS X as being a safer, more secure environment than Windows, offering its customers a relatively malware-free experience. In the early days this was often discounted by saying that OS X wasn't a likely target for malware simply because no one used it. Today Apple claims to have a Mac installed base of 63 million users. While there are far more Windows users, that's not an insignificant number. And it's growing.

As the likelihood for significant malware targeting OS X increases, Apple must do whatever it can to maintain its pristine image. In a sense, Apple made its bed by promising a more secure, virus/malware-free experience, and now it has to sleep in it. It's not a bad thing, but it's something that is going to require a lot of work.

The easiest and most obvious solution to the problem is the Mac App Store. Every app distributed through the Mac App Store is certified by Apple and thus no malware/viruses should ever make their way to a customer's Mac if they only run apps from the Store. That's a step in the wrong direction unfortunately. Companies like Adobe and Microsoft don't make their applications available in the Mac App Store (paying Apple 30% for every copy of Photoshop sold seems unlikely to happen), not to mention the tons of useful open source or other programs that aren't distributed through the MAS. While the iPhone can sell just fine as a platform that's more of an appliance, Macs (at least today) cannot.

The alternative is to heavily warn users that what they're running isn't exactly safe but allow applications, regardless of origin, to be run. This is what's done today in Lion. The first time you run an application that you downloaded you'll get a message that looks like this:

It's the everlasting debate between freedom and security. Give up one to get the other, but what's the right balance?

The compromise in Mountain Lion comes in the form of a tool called Gatekeeper. An innocuous little radio selection in the Security preference pane, Gatekeeper lets you choose what applications can be run on your Mac.

You can choose to only allow applications from the Mac App Store, allow all (the two extremes we discussed above) or pick an in-between option: allow anything downloaded from the MAS or anything by an identified developer.

This in-between setting is the compromise.

If a developer joins the Mac developer program ($99/year) it can become an officially identified developer with Apple. The developer can then sign its applications with a unique cryptographic key that Apple recognizes, without requiring that the apps be distributed through the Mac App Store. Unlike the Mac App Store, there's no approval process that the developer's signed apps need to go through. There's only one stipulation that goes along with the identified developer label: the apps distributed with that key cannot be malware.

Apps from identified developers will communicate with Apple's servers to verify the digital signature is intact and correct only upon install or the first run of the application. Subsequent runs do not phone home and there's no remote kill switch for these applications. Should Apple find out that a developer has been distributing malware Apple can revoke the developer's key, but that would only render those apps that have yet to be installed/run from working. Without a certification process for non-MAS apps there's still a degree of risk associated with this compromise. I don't believe the ideal solution is to force everyone to buy through the MAS, but Gatekeeper's compromise isn't an impervious solution.

Apple tells us the default Gatekeeper setting in Mountain Lion will be to allow apps from the Mac App Store or from identified developers to run. Hopefully by the time Mountain Lion ships many third party developers will be on-board and identified making the transition mostly seamless. If you don't change the default Gatekeeper setting there's another way around the protection: simply control-click (or right click) on the app you're trying to run and select open. Doing so will override the Gatekeeper setting and let you run an unsigned app.

General Impressions & New Safari Software Updates & Moving Toward the Mac App Store
POST A COMMENT

96 Comments

View All Comments

  • tipoo - Sunday, February 19, 2012 - link

    Safari seems like the last of the major browsers apart from Chrome (which does have it, but buried in the settings) that fails at GPU acceleration, even on mac. Is that any different this time? Reply
  • Guspaz - Monday, February 20, 2012 - link

    Chrome buries it in the experimental settings because it's still experimental. In my case, it provides a massive performance improvement to Chrome for even simple use like scrolling pages, but causes Chrome to crash far more often...

    I really hope they get it done soon, it makes a big difference.
    Reply
  • tipoo - Sunday, February 19, 2012 - link

    I can't help but feel Apple is headed towards an App store only distribution model for Macs like it is on iOS. Gatekeeper currently lets you choose where apps can come from and lets you still install any programs if you turn it to the most lenient setting, but what about a few years down the line when developers are all onboard the program and Apple feels comfortable enough to stop external sources? Reply
  • solipsism - Sunday, February 19, 2012 - link

    If that were the case then why give us that middle option as it will make it harder to remove in the future? Reply
  • sbmassey - Monday, February 20, 2012 - link

    Apple still supports Mac Ports, still provides the Terminal application, and still provides the free "Developer Tools" IDE. Given that pretty much all iOS and OSX software development uses some of these tools, I'm pretty sure that Apple is not going to go into full lockdown any time soon. Reply
  • MobiusStrip - Tuesday, February 21, 2012 - link

    No, they'll just throw an assload of FUD up on the screen and disable the installation of any app that's not from the App Store by default, even if other options are buried somewhere. Reply
  • chaise2jardin - Wednesday, February 22, 2012 - link

    You will have to jailbreak your OSX ! How pathetic.... Reply
  • TEAMSWITCHER - Thursday, February 23, 2012 - link

    Yes, but in this case Apple has provided the radio button to do it. Reply
  • Bozzified - Sunday, February 19, 2012 - link

    "This is another example where Apple has to carefully straddle the line between pushing everyone to the Mac App Store and not abandoning the rest of the Mac software ecosystem. I would like to see feature parity regardless of distribution model (perhaps with some restrictions) on OS X going forward, but I'm not sure that will happen."

    --

    Not only that this won't happen.. but it is an approach that Apple is using to make sure that developers are forced into the Mac App Store. If your non-Mac app store app doesn't have access APIs reserved only for those who distribute through the App Store than you are at a serious disadvantage thus you need to make a version for the app store.

    Doing so you basically scar your customers who buy directly, basically forcing you to give Apple 30% and go through the app store.

    So if Apple doesn't directly cut off any software that doesn't come from them (or through them) this is the way they will most definitely force developers to give them money.

    It is not matter of whether they will do it, but when. By default, deliberately, they have placed a huge warning sign already telling users that they can't run an app that's not from the App Store.. 80% of the users will never go to Preferences to check off unsigned apps and thus forcing developers to again go through the Mac App Store.

    Either way, this is a disgusting Apple tactic, that locks everyone in even further into their platform under the disguise of "security".

    But I guess, as time passes by, most people "loving" Apple will realize what kind of evil they have been supporting but it will be too late as it already may be.

    This is the beginning of the end of the computing as we knew and grew up with it.
    Reply
  • MonkeyPaw - Sunday, February 19, 2012 - link

    Yeah, even Linux distros are going the wrong way. Rather than making powerful features available through the control panel (like advanced user management), you are only given very simple options through the GUI, and have to resort to the terminal for relatively simple things. I'm referring to Gnome3, and Unity. :( Reply

Log in

Don't have an account? Sign up now