Mountain Lion's Gatekeeper to bring optional app restrictions to OS X

Posted:
in macOS edited January 2014


The new behind-the-scenes Gatekeeper security feature in the upcoming release of Mac OS X 10.8 Mountain Lion is one of the most anticipated additions to the operating system upgrade Apple unveiled on Thursday because it provides users with additional security options for installing and running third-party applications.



Apple announced early Thursday plans to release a major update to its desktop OS annual, with the first of said updates set to arrive this summer in the form of OS X 10.8 Mountain Lion.



Among the 100+ features that will be built into the new software, Apple has placed special focus on ensuring Mac security. The addition of Gatekeeper is one of the primary ways that plays out.



According to Apple, Gatekeeper is built to help prevent users from "unknowingly downloading and installing malicious software." Mountain Lion will allow users to select from three security options for running newly downloaded apps. The highest level of security only allows applications from the Mac App Store, not unlike Apple's restrictions for iOS devices and third-party applications on the App Store.



The default level of security will allow applications downloaded from the Mac App Store and "identified developers." Apple is instituting a new Developer ID Program that will allow developers to apply for a free-of-charge unique digital ID for signing applications. That signature will then communicate with Gatekeeper to ensure that new applications are clean and have not been tampered with.











Digital signatures will be created "by combining a secret key known only to the developer with a digital summary of the contents of the application," Apple explained on a page dedicated to new security features in Mountain Lion. The resulting signature will then be "wrapped together" in an encrypted file within the app and will be checked by Gatekeeper.



The lowest security option is to allow applications downloaded from any source to be opened. Gatekeeper will warn users if apps don't have Developer IDs associated with them. Jim Dalrymple of The Loop, who spent a week with a preview copy of OS X Mountain Lion, reported that applications triggered by Gatekeeper can still be manually installed or opened by Control-clicking an app and choosing Open.











Daring Fireball's John Gruber called Gatekeeper his favorite feature in Mountain Lion, despite the fact that it "hardly even has a visible interface." He praised the default setting as being "exactly right," noting that it is a win for both users and developers. Gruber expressed hope that the feature will one day make its way into iOS.



Dalrymple also agreed that the default setting was the "best choice" since he imagines all the apps he uses will be signed by a Developer ID. "Using this setting I can download apps from a developer’s Web site and install it without any issues, but still be safe," he said.



Gatekeeper builds upon a malware detection and removal feature that was built into Mac OS X Snow Leopard. Last year, Apple updated the security feature to detect the MAC Defender malware that pretended to be anti-virus software in hopes of tricking users into providing payment information.



Though the number of malicious applications on the Mac OS X platform still pales in comparison to its long-time rival Windows, the rising sales of the Mac have begun to negate the argument that its small market share would keep it safe from threats. According to one analysis from last month, Mac OS faced 58 malicious software threats during the last three quarters of 2011.\t



[ View article on AppleInsider ]

«13

Comments

  • Reply 1 of 47
    DOOM. BEGINNING OF THE END. WALLED GARDEN. NO APPLICATIONS FROM THIRD PARTIES ALLOWED AT ALL IN 10.9. APPLE IS KILLING DEVELOPERS.



    What else, what else? what haven't I covered?
  • Reply 2 of 47
    Quote:
    Originally Posted by Tallest Skil View Post


    DOOM. BEGINNING OF THE END. WALLED GARDEN. NO APPLICATIONS FROM THIRD PARTIES ALLOWED AT ALL IN 10.9. APPLE IS KILLING DEVELOPERS.



    What else, what else? what haven't I covered?



    android is the future of desktop OS, apple better start using it like they did with windows.

    can you imagine how snappier safari will be in mountain lion?



    is this good enough?



    BTW, what is happening to the stock?
  • Reply 3 of 47
    Quote:
    Originally Posted by pedromartins View Post




    BTW, what is happening to the stock?



    Big money trading on technical charts. Pump and dump. Profit taking on it crossing into 500 territory. Not much to see there, it'll bounce back. Welcome to Wall St.
  • Reply 4 of 47
    Quote:
    Originally Posted by pedromartins View Post




    BTW, what is happening to the stock?



    Chance to buy more. $1000 in 2 years when every electronic device in your home and pocket is an Apple.
  • Reply 5 of 47
    Quote:
    Originally Posted by Tallest Skil View Post


    DOOM. BEGINNING OF THE END. WALLED GARDEN. NO APPLICATIONS FROM THIRD PARTIES ALLOWED AT ALL IN 10.9. APPLE IS KILLING DEVELOPERS.



    What else, what else? what haven't I covered?



    Users get a scary message that their Mac is less secure if they change the default gatekeeper setting, making anything outside the walled garden seem illegitimate or questionable at least.
  • Reply 6 of 47
    Quote:
    Originally Posted by thataveragejoe View Post


    Big money trading on technical charts. Pump and dump. Profit taking on it crossing into 500 territory. Not much to see there, it'll bounce back. Welcome to Wall St.



    IOW, it continues to tank.
  • Reply 7 of 47
    Quote:
    Originally Posted by Magic_Al View Post


    Users get a scary message that their Mac is less secure if they change the default gatekeeper setting, making anything outside the walled garden seem illegitimate or questionable at least.



    It's arguable that any app developer that isn't signing their work actually *is* "illegitimate or questionable."



    All this means is that if the developer is an amateur or worse, actually out to do harm, then you will have to click twice more to install the product.



    Microsoft Office makes you click twice as much as that already just to install Word and they are (supposedly), reliable developers with certificates.
  • Reply 8 of 47
    Quote:
    Originally Posted by Prof. Peabody View Post


    Microsoft Office makes you click twice as much as that already just to install Word and they are (supposedly), reliable developers with certificates.



    "Warning: this program may devour RAM, cause endless frustration due to a cumbersome user-interface, and may be incompatible with previous and more commonly used versions. Do you wish to allow or disallow?



    ALLOW DISALLOW"
  • Reply 9 of 47
    Quote:
    Originally Posted by Prof. Peabody View Post


    It's arguable that any app developer that isn't signing their work actually *is* "illegitimate or questionable."



    All this means is that if the developer is an amateur or worse, actually out to do harm, then you will have to click twice more to install the product.



    Microsoft Office makes you click twice as much as that already just to install Word and they are (supposedly), reliable developers with certificates.



    We have to see what the terms are for receiving and maintaining a signing key from Apple. They could easily refuse to give you or revoke your key if you distribute apps that Apple doesn't like. And they might even ban you for life for whatever reason. I'm just speculating, we should give Apple the benefit of the doubt for now, but look carefully at the terms and details when they are available.
  • Reply 10 of 47
    nasseraenasserae Posts: 3,167member
    I like this feature. MacRumors showed a screenshot that says you can allow individual apps by control-click and open even when "From Everywhere" is not selected.
  • Reply 11 of 47
    nasseraenasserae Posts: 3,167member
    Quote:
    Originally Posted by techguy911 View Post


    We have to see what the terms are for receiving and maintaining a signing key from Apple. They could easily refuse to give you or revoke your key if you distribute apps that Apple doesn't like. And they might even ban you for life for whatever reason. I'm just speculating, we should give Apple the benefit of the doubt for now, but look carefully at the terms and details when they are available.



    Based on Apple website, the Developer ID is only used to verify that the app is not malware and the app hasn't been tampered with. Apple will not be checking apps to make sure they meet specific standards. There is no "submit" and no approval process for any app.



    Quote:

    A developer?s digital signature allows Gatekeeper to verify that their app is not known malware and that it hasn?t been tampered with.



  • Reply 12 of 47
    lkrupplkrupp Posts: 10,557member
    Mark mine and other's words. This panic over security and privacy will give way to whining and complaints about usability and functionality after panicked users say no to every data request



    "This app would like to use your current location. WARNING! Saying yes may compromise your privacy."



    User: Well NO then.



    Call to Apple tech support: "This P.O.S. device of yours can't find any restaurants around me. WTF, I paid good money for this junk and it doesn't work. I'm calling my lawyer and I'm gonna sue your asses off. I want my money back or ELSE."



    Support tech: "sigh........"
  • Reply 13 of 47
    It does not sound like a major feature requiring new OS build. Why can't this be add-on to Lion or even to Snow Leopard?



    Oh I got it... beacuse I need to buy new computer from Apple to make sure revenue is okay.





    I was hoping that foolish installer check on hardware codes could be skipped to allow to upgrade OS (some managed this with tricks and it works fine). Some of us upgraded Core Duo to Core 2 Duo and 64-bit apps work fine (not kernel as it is in 32-bit mode).



    I think I will be forced to upgrade those few computers when this new cat comes, but I hope it will not be the quality of Lion/Windows Vista.
  • Reply 14 of 47
    Quote:
    Originally Posted by pedromartins View Post


    android is the future of desktop OS, apple better start using it like they did with windows.

    can you imagine how snappier safari will be in mountain lion?



    is this good enough?



    BTW, what is happening to the stock?



    Safari is not snappier because Apple chose logic of rendering being deferred to loading all content first. I consider this excessive and annoying. Your best bet for improvement is to get faster Internet (and faster content providers... like if you could fix that problem).



    I am in between using Safari, Chrome, Firefox, Camino and Opera... while I should need only one.
  • Reply 15 of 47
    nasseraenasserae Posts: 3,167member
    Quote:
    Originally Posted by maciekskontakt View Post


    It does not sound like a major feature requiring new OS build. Why can't this be add-on to Lion or even to Snow Leopard?



    Oh I got it... beacuse I need to buy new computer from Apple to make sure revenue is okay.



    Or you can upgrade to Mountain Lion and get the new features. You will have to get used to pay $29 a year if you want to get the latest OS X feature. I personally don't mind. I spend double that on full tank of gas.
  • Reply 16 of 47
    Quote:
    Originally Posted by NasserAE View Post


    Or you can upgrade to Mountain Lion and get the new features. You will have to get used to pay $29 a year if you want to get the latest OS X feature. I personally don't mind. I spend double that on full tank of gas.



    Exactly. Kids these days with their iOS devices and their YouTubes and their social networkings?



    Back in my day, we paid $129 for our OS updates and we DIDN'T BAT AN EYE. Whining about $30 once a year for a new OS when you pay, as was said, TWICE that for gas multiple times a month is ludicrous.
  • Reply 17 of 47
    mac_dogmac_dog Posts: 1,069member
    Quote:
    Originally Posted by maciekskontakt View Post


    It does not sound like a major feature requiring new OS build. Why can't this be add-on to Lion or even to Snow Leopard?



    Oh I got it... beacuse I need to buy new computer from Apple to make sure revenue is okay.





    I was hoping that foolish installer check on hardware codes could be skipped to allow to upgrade OS (some managed this with tricks and it works fine). Some of us upgraded Core Duo to Core 2 Duo and 64-bit apps work fine (not kernel as it is in 32-bit mode).



    I think I will be forced to upgrade those few computers when this new cat comes, but I hope it will not be the quality of Lion/Windows Vista.



    cry me a river. you don't really have to buy a new computer, just fork out $25 for the upgrade. troll much? better yet, quit your whining and stay with lion.
  • Reply 18 of 47
    It's amazing people are complaining about Apple giving us an option to install a new version of OS X.
  • Reply 19 of 47
    I guess I'm going to be in the minority but I think Apple's approach on this is perfect.



    If you want to download anything then click that box. But defaulting to MAS and trusted developers will enhance security and that just makes for a better end user experience.
  • Reply 20 of 47
    Quote:
    Originally Posted by backtomac View Post


    I guess I'm going to be in the minority but I think Apple's approach on this is perfect.



    If you want to download anything then click that box. But defaulting to MAS and trusted developers will enhance security and that just makes for a better end user experience.



    Agreed. I also think that if Apple were to implement this feature in iOS, it would pretty much kill jailbreaking for good. At that point, the only reason to jailbreak would be to pirate apps, and I doubt any of the current dev team would be interested in making jailbreaks solely for that purpose. Maybe this will come to the iPhone in iOS 6?
Sign In or Register to comment.