or Connect
AppleInsider › Forums › Software › Mac OS X › Apple urges developers to get Developer IDs ahead of Gatekeeper launch
New Posts  All Forums:Forum Nav:

Apple urges developers to get Developer IDs ahead of Gatekeeper launch

post #1 of 30
Thread Starter 
With the expected summer release of OS X Mountain Lion just a few months away, Apple on Monday sent out a mass email to Mac developers urging them to apply for a Developer ID in preparation for the new operating system's Gatekeeper security system.

The email says that while the Mac App Store is the safest place for users to download software for their computers, the company is concerned about protection from possibly malicious applications obtained through unmonitored channels. To block these unwanted programs from making their way onto users' Macs, Apple has created the Gatekeeper security system which will be running behind the scenes in the next-generation OS X Mountain Lion.

With Gatekeeper, software can only be installed if it is digitally signed by a vetted developer who has been assigned a Developer ID. The system allows for verified applications, plug-ins and installer packages to be installed while blocking those that are unsigned, thus lowering the possibility of running malware.

Gatekeeper will allow users to select from three security levels. At its highest setting, the system will only allow the installation of applications from the Mac App Store, much like the current settings for iOS apps. The default setting will loosen restrictions and let users install software that has been digitally signed with a Developer ID regardless of its origin, while the lowest setting basically allows for the installation of any application.

Developer ID


While not a full-fledged anti-virus program, it is hoped that Gatekeeper will help thwart future malicious software like the recent Flashback trojan which harvested user IDs, passwords and other sensitive information from over 600,000 Macs worldwide.

Apple is pushing Mac Developer Program members to apply for their free-of-charge Developer IDs so that their respective software offerings will be ready when Gatekeeper launches with Mountain Lion this summer. Monday's email is the second such invitation to developers, the first being issued in February.
post #2 of 30

Boycott Gatekeeper!!

 

 

[Forum Signature]  I have no signature.  [Forum Signature]

Reply

[Forum Signature]  I have no signature.  [Forum Signature]

Reply
post #3 of 30

 

Quote:
Originally Posted by AppleInsider View Post

Gatekeeper will allow users to select from three security levels. At its highest setting, the system will only allow the installation of applications from the Mac App Store, much like the current settings for iOS apps. The default setting will loosen restrictions and let users install software that has been digitally signed with a Developer ID regardless of its origin, while the lowest setting basically allows for the installation of any application.

I wonder how this affects legacy software already running on the machine. Assuming you might want to reinstall something older, I hope you can allow it on a case by case basis. Also how do you suppose it works when installing things like PHP, Python, Ruby, MySql, Apache or other open source Unix applications that are not created with Xcode or by Apple developers?

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #4 of 30

Apple's in their heyday of ui design inspiration...

 

bf8c511a_MSE.x-ms-bmp

post #5 of 30

Gatekeeper is an extension of the quarantine process Apple already uses on downloaded apps.  All apps that have already passed the quarantine prior to installing ML will pass Gatekeeper.  Also, as a manual way around Gatekeeper you can just remove the com.apple.quarantine extended attribute and the app will launch.

 

"Slow vehicle speeds with frequent stops would signal traffic congestion, for instance."

uh... it could also signal that my Mom is at the wheel...
Reply
"Slow vehicle speeds with frequent stops would signal traffic congestion, for instance."

uh... it could also signal that my Mom is at the wheel...
Reply
post #6 of 30

"Apple's in their heyday of ui design inspiration..."

 

What? Microsoft is clearly protecting their windows, and Apple is protecting its gates. Its VERY different, thus the difference in the castle towers. lol

 

post #7 of 30

 

Quote:
Originally Posted by bottleworks View Post

Boycott Gatekeeper!!

 

 

 

Why in the world would I want to boycott Gatekeeper! Sounds like something we should have had years ago. But maybe you are just trolling. If so, I fed you now go away.

post #8 of 30
Quote:
Originally Posted by bottleworks View Post
Boycott Gatekeeper!!

 

Enjoy going bankrupt.

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply
post #9 of 30

 

Quote:
Originally Posted by mstone View Post

 

I wonder how this affects legacy software already running on the machine. Assuming you might want to reinstall something older, I hope you can allow it on a case by case basis. Also how do you suppose it works when installing things like PHP, Python, Ruby, MySql, Apache or other open source Unix applications that are not created with Xcode or by Apple developers?

 

Didn't you bother to read the article or did you miss where it said that Gatekeeper will have 3 levels of security. Level 3 or the lowest security level allows you to put anything on your Mac.

post #10 of 30

 

Quote:
Originally Posted by ljocampo View Post

 

 

Didn't you bother to read the article or did you miss where it said that Gatekeeper will have 3 levels of security. Level 3 or the lowest security level allows you to put anything on your Mac.

 

 


He was most likely referring to users running non signed apps under gatekeeper after an upgrade (pre-gatekeeper).  My understanding is that everything you have before gets grandfathered in.

post #11 of 30

So Adobe & Microsoft software, not being sold through the Mac App Store, won't qualify for Level 1? Hmmmm.

post #12 of 30

I foresee a lot of billable hours installing apps for people who are too afraid to.

TechnoMinds

We are a Montreal based technology company that offers a variety of tech services such as tech support for Apple products, Drupal based website development, computer training and iCloud...

Reply

TechnoMinds

We are a Montreal based technology company that offers a variety of tech services such as tech support for Apple products, Drupal based website development, computer training and iCloud...

Reply
post #13 of 30

 

Quote:
Originally Posted by mstone View Post

 

I wonder how this affects legacy software already running on the machine. Assuming you might want to reinstall something older, I hope you can allow it on a case by case basis. Also how do you suppose it works when installing things like PHP, Python, Ruby, MySql, Apache or other open source Unix applications that are not created with Xcode or by Apple developers?

 

As I read the article, it says ...."Gatekeeper will allow users to select from three security levels. At its highest setting, the system will only allow the installation of applications from the Mac App Store, much like the current settings for iOS apps. The default setting will loosen restrictions and let users install software that has been digitally signed with a Developer ID regardless of its origin, while the lowest setting basically allows for the installation of any application."

See, in the record business, you can show someone your song, and they don’t copy it. In the tech business, you show somebody your idea, and they steal it. (Jimmy Iovine)
Reply
See, in the record business, you can show someone your song, and they don’t copy it. In the tech business, you show somebody your idea, and they steal it. (Jimmy Iovine)
Reply
post #14 of 30

 

Quote:
Originally Posted by mstone View Post

 

I wonder how this affects legacy software already running on the machine. Assuming you might want to reinstall something older, I hope you can allow it on a case by case basis. Also how do you suppose it works when installing things like PHP, Python, Ruby, MySql, Apache or other open source Unix applications that are not created with Xcode or by Apple developers?

 

There is no impact whatsoever.

 

If you want to install something that isn't available in the Mac App Store or hasn't been updated to include the Developer ID you can simply go to System Preferences>Security>General and set the system to "Allow applications downloaded from: Anywhere."  Once an application is installed there are no issues.  Additionally, there are no issues with "installing things like PHP, Python, Ruby, MySql, Apache or other open source Unix applications that are not created with Xcode or by Apple developers" if the security setting is set to "Allow applications downloaded from: Anywhere."  This isn't an issue initially when downloading such applications nor when updating such applications.  In fact, there isn't an issue if you download an application from a developer who doesn't use a Developer ID then change the setting to "Allow applications downloaded from: Mac App Store" then attempt to update the application.

 

Gatekeeper truly is an outstanding solution to a serious issue.  As we have seen from the iOS App Store, the reduction in malware is incredible.  In fact, I hope that Apple implements Gatekeeper on iOS as well.  Gatekeeper for iOS would solve an entirely different problem, the perceived problem with the "walled garden."  Imagine, the control and customization of jailbreaking without the associated effort or (minimal) risk!  If Apple does this we would truly find out who the trolls are because Google Android-based smartphones would have absolutely no advantage whatsoever.  Of course, we already know who the trolls are though.

 

The "great advantage" of Google Android-based smartphones is their control and customization yet all Android proponents talk about the difficulty of jailbreaking.  The difficulty with customizing whether jailbreaking or otherwise is knowing what you want to do and determining how to do what you want but jailbreaking is too difficult?


Edited by MacBook Pro - 4/30/12 at 3:47pm
post #15 of 30

Apparently I did not state my questions clearly enough since I got basically the same response several times none of which answered my question and yes I read the article. Basically what I would like to know is do I have to go to the settings panel and disable the gatekeeper app then go back and install a non signed app and then go back to the settings and turn it back on? What happens to the app when I try to run it if gatekeeper is turned on again? I was thinking it would be a lot better if it just did what it already does and reminds me that an app was downloaded from the Internet and not from a signed source or the Mac App Store then asks if I want to run it anyway and then put it into the known applications list so it doesn't complain about it again.

 

And just taking someone's word about 'make' ./configure rpm srcs and the like, are not going to be affected is just pure speculation unless there is some trusted definitive documentation. 


Edited by mstone - 4/30/12 at 4:11pm

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #16 of 30

 

Quote:
Originally Posted by mstone View Post

Apparently I did not state my questions clearly enough since I got basically the same response several times none of which answered my question and yes I read the article. Basically what I would like to know is do I have to go to the settings panel and disable the gatekeeper app then go back and install a non signed app and then go back to the settings and turn it back on? What happens to the app when I try to run it if gatekeeper is turned on again? I was thinking it would be a lot better if it just did what it already does and reminds me that an app was downloaded from the Internet and not from a signed source or the Mac App Store then asks if I want to run it anyway and then put it into the known applications list so it doesn't complain about it again.

 

And just taking someone's word about 'make' ./configure rpm srcs and the like, are not going to be affected is just pure speculation unless there is some trusted definitive documentation. 

 

Perhaps you missed my post.  Gatekeeper uses the current quarantine mechanic where downloaded apps are marked with an extended attribute of com.apple.quarantine.  You can see this by using the -@ switch with the ls command. All you need to do to get around this is run sudo xattr -d com.apple.quarantine AppName.  No need to change the gatekeeper level.  

"Slow vehicle speeds with frequent stops would signal traffic congestion, for instance."

uh... it could also signal that my Mom is at the wheel...
Reply
"Slow vehicle speeds with frequent stops would signal traffic congestion, for instance."

uh... it could also signal that my Mom is at the wheel...
Reply
post #17 of 30

 

Quote:
Originally Posted by Mr Beardsley View Post

 

 

Perhaps you missed my post.  Gatekeeper uses the current quarantine mechanic where downloaded apps are marked with an extended attribute of com.apple.quarantine.  You can see this by using the -@ switch with the ls command. All you need to do to get around this is run sudo xattr -d com.apple.quarantine AppName.  No need to change the gatekeeper level.  

 

Got it thanks,

 

I saw your post but I did not know the bash command. Thanks for the update.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #18 of 30

 

Quote:
Originally Posted by techno View Post

I foresee a lot of billable hours installing apps for people who are too afraid to.

 

Probably less billable hours than people currently spend fixing windows machines that have been riddled with viruses, keystroke trackers, trojans and everything else in the world.

post #19 of 30

 

Quote:
Originally Posted by ljocampo View Post

 

 

Didn't you bother to read the article or did you miss where it said that Gatekeeper will have 3 levels of security. Level 3 or the lowest security level allows you to put anything on your Mac.

level 3 = disabled :-P

 
Quote:
Originally Posted by MacBook Pro View Post

Gatekeeper truly is an outstanding solution to a serious issue.  As we have seen from the iOS App Store, the reduction in malware is incredible.  In fact, I hope that Apple implements Gatekeeper on iOS as well.  Gatekeeper for iOS would solve an entirely different problem, the perceived problem with the "walled garden."  Imagine, the control and customization of jailbreaking without the associated effort or (minimal) risk!  If Apple does this we would truly find out who the trolls are because Google Android-based smartphones would have absolutely no advantage whatsoever.  Of course, we already know who the trolls are though.

 

The "great advantage" of Google Android-based smartphones is their control and customization yet all Android proponents talk about the difficulty of jailbreaking.  The difficulty with customizing whether jailbreaking or otherwise is knowing what you want to do and determining how to do what you want but jailbreaking is too difficult?

 

While its.. ok... I still think its the first step... in a few more versions some of the "levels" might vanish.  They really want to set it to let App Store apps only, but they know they would end up losing a lot of users.

 

Quote:
Originally Posted by mstone View Post

Apparently I did not state my questions clearly enough since I got basically the same response several times none of which answered my question and yes I read the article. Basically what I would like to know is do I have to go to the settings panel and disable the gatekeeper app then go back and install a non signed app and then go back to the settings and turn it back on? What happens to the app when I try to run it if gatekeeper is turned on again? I was thinking it would be a lot better if it just did what it already does and reminds me that an app was downloaded from the Internet and not from a signed source or the Mac App Store then asks if I want to run it anyway and then put it into the known applications list so it doesn't complain about it again.

 

you do not have to do anything that complicated.  If you right-click the app and select to open it, it will give you a warning but you can click to allow the app.  You do not need to change your global setting.  I think it should pop up on the main warning and let you by pass it with a big warning... but its not that hard to tell people about right clicking and selecting Open.

post #20 of 30

What about AppleScripts? If I save an AppleScript as an uneditable executable, isn't that effectively an app? Sure I know about com.apple.quarantine xattr, but how does it work in this case? I don't know of a way (short of using AppleScript Objective C) to sign an AppleScript, so doesn't any script I create & try to distribute fail the Gatekeeper test when the com.apple.quarantine bit gets set upon the recipient downloading it? So Gatekeeper is the effective end of AppleScript distribution unless one either packages it in ASOC or distributes it in editable text form, right?
 

post #21 of 30

 

Quote:
Originally Posted by bottleworks View Post

Boycott Gatekeeper!!

 

 

 

Good luck with that. I'm sure Apple will feel the financial pain you and maybe 6 others in the world will inflict upon it. 

post #22 of 30

hmmm... I keep trying to go on and register so I can get my stuff a cert... but it appears they still only let paid membership developers actually do this... meaning if you don't pay apple, you dont get a cert.  I read earlier they would let anyone get a cert even if you don't pay Apple, but so far... i don't see a way to.

post #23 of 30

 

Quote:
Originally Posted by doh123 View Post

hmmm... I keep trying to go on and register so I can get my stuff a cert... but it appears they still only let paid membership developers actually do this... meaning if you don't pay apple, you dont get a cert.  I read earlier they would let anyone get a cert even if you don't pay Apple, but so far... i don't see a way to.

 

That's because Mountain Lion is still in Developer Preview, which does require a paid account to get the software and developer tools for it. Once Mountain Lion is public, anyone registered as an Apple developer (paid or unpaid) will be able to register for your Developer ID, you just don't have the ability to sign up for it before the launch date.

post #24 of 30

 

Quote:
Originally Posted by AppleInsider View Post

Apple is pushing Mac Developer Program members to apply for their free-of-charge Developer IDs so that their respective software offerings will be ready when Gatekeeper launches with Mountain Lion this summer. Monday's email is the second such invitation to developers, the first being issued in February.

 

Quote:
Originally Posted by hittrj01 View Post

 

That's because Mountain Lion is still in Developer Preview, which does require a paid account to get the software and developer tools for it. Once Mountain Lion is public, anyone registered as an Apple developer (paid or unpaid) will be able to register for your Developer ID, you just don't have the ability to sign up for it before the launch date.

The article seems to imply otherwise... since its not free of charge since you cannot get it without a paid account if what you say is true.

 

of course the article also implies Gatekeeper could have prevented Flashback, when it couldn't  have done a thing about it.

 

post #25 of 30

GateKeeper does not mean your computer will only run signed apps, it means you can only install signed apps.

 

This was a clever distinction by Apple I think, because it prevents malware getting on there, without instantly breaking half the stuff you already have installed when you upgrade to Mountain Lion.

 

It is not the only new security feature in Mountain Lion. A lot more OS apps are sandboxed, or have the malware-vulnerable parts broken off and running in separate processes called XPC services. Looking at the ads for Mountain Lion you would think it's all about a few apps ported from iOS, but I wonder if security is really the main feature, Apple just aren't hyping it.

post #26 of 30

 

Quote:
Originally Posted by doh123 View Post
The article seems to imply otherwise... since its not free of charge since you cannot get it without a paid account if what you say is true.

 

I got the email in the OP about getting your apps signed, I should point out that I just have the free account and don't have any any access to pre-release software.  Of course it is possible that they are sending this out to all developers paid or otherwise but it only applies to paid members. 

post #27 of 30

 

Quote:
Originally Posted by diddy View Post

 

 

 


He was most likely referring to users running non signed apps under gatekeeper after an upgrade (pre-gatekeeper).  My understanding is that everything you have before gets grandfathered in.

 

My take is that Gatekeeper has nothing to do with running programs already on your Mac. Just those you want to INSTALL. The article states that level 3 of Gatekeeper allows you to install anything you want signed or not. Just like you do now.

post #28 of 30
Quote:
Originally Posted by AppleInsider View Post

While not a full-fledged anti-virus program, it is hoped that Gatekeeper will help thwart future malicious software like the recent Flashback trojan which harvested user IDs, passwords and other sensitive information from over 600,000 Macs worldwide.

Pardon my ignorance but how a security system that controls only which applications are being installed on the Mac, would be able to prevent the Flashback, or similar, infection? I just don't see how is this possible.

post #29 of 30
Quote:
Originally Posted by PB View Post

Pardon my ignorance but how a security system that controls only which applications are being installed on the Mac, would be able to prevent the Flashback, or similar, infection? I just don't see how is this possible.

 

So you believe that malware developers will get their DeveloperIDs and distribute their products via the Mac App Store?

post #30 of 30
Quote:
Originally Posted by Mr. Me View Post

 

So you believe that malware developers will get their DeveloperIDs and distribute their products via the Mac App Store?


The Flashback infection relies on a Java vulnerability and has nothing to do with the installation of applications. You visit a web site and you get infected without any warning and without installing anything, simply because there is a hole in Java that will let remote instructions to pass through it without requiring admin rights. I don't see the connection with what Gatekeeper is designed to do; at least with what is made known so far to non-developers.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Apple urges developers to get Developer IDs ahead of Gatekeeper launch