Gatekeeper: Better Security or Big Brother?

With OS X Mountain Lion, there’s a new sheriff in town: Gatekeeper. This utility gives you the power to decide which apps are acceptable to install on your system and which should be blocked due to being from a questionable source.

Does the arrival of Gatekeeper mean that Apple is inching closer towards full control over your apps? Or will this utility actually give you more control in the long run? Read on to find out.

Trouble Ahead?

When Apple announced the Mac App Store, many felt that they were pushing OS X toward a model similar to the iOS ecosystem, in other words, that Mac applications would someday be restricted only to the Mac App Store. One could certainly make the argument that this would be better in many ways for end users. For instance, if applications only came from the Mac App Store, and had to pass through the scrutiny of the app reviewers, then the end user could be assured a high degree of probability that the downloaded application is not malware.

But this model would also not be without problems. We are used to installing any third party application we please. Many called foul on the Mac App Store and warned to stay away from it. Well, at least with Mountain Lion, Apple has not taken that route. But Apple also did not sit still on this issue.

Gatekeeper: What It Is Not

  • Gatekeeper is not a way to restrict third party applications on the Macintosh.
  • Gatekeeper is not some heavy handed and draconian system for making unreasonable demands on developers.
  • Gatekeeper does not (by default) restrict the user from downloading and installing applications from sources other than the Mac App Store.
  • Gatekeeper does not mean the end of the third party eco system as we know it

A Logical Step

The Macintosh community enjoys a fairly risk-free experience. The reason for this, I think, is twofold.

  1. OS X is a very robust and secure Operating System. To do any real damage, an application must ask for admin access.
  2. OS X toils in relative obscurity by comparison to it’s largest, malware infested competitor (don’t flame me, I’m just stating fact. I don’t buy into the security via obscurity myth, but I do think OS X is less of a target than Windows).

However, this is not to say OS X is immune. While there are no known viruses in the wild for OS X, there are a few trojans. Some time back, Apple implemented a blacklisting system in OS X to warn users if they try to execute known malware. The list is updated remotely as these sorts of things come up. But it’s far from robust. Gatekeeper is just another stone in the security foundation, and another step toward robustness.

As I move forward, understand that I am not a developer and do not have access to the Mountain Lion Developer Preview. If I did, I wouldn’t be able to talk about it because I would be under NDA. So this information all comes from Apple’s website, or from other sources around the internet. But I think it’s important to spell all this out.

Default Settings

Gatekeeper, by default will allow two types of applications. Those that come from the Mac App Store (obviously), and those from identified developers.

So what is this identified developer stuff? The short of it is this: a developer signs up for the Developer ID program and Apple gives them a unique ID to sign their apps with. This digital signature serves a couple of purposes. First of all, it assures that the application has not been tampered with since the original developer compiled it. If it has been tampered with, the signature won’t match and OS X will tell you the app has not been signed by a registered developer. And secondly, someone making malware or trojans for OS X is not going to rush out and get one of these developer IDs.

One assumes also that, much like the safe downloads list, Apple has a way of letting OS X know if a registered developer did decide to go rogue and start distributing malware and thus revoke the signature.

Even in this default setting, Apple has stated on Mountain Lion’s security page that you can control click on an application to access controls for over-riding Gatekeeper’s settings.

Other Settings

Security settings

Image From Apple.com

If you are feeling overzealous about the security of OS X, you can change Gatekeeper’s preferences to allow only apps from the Mac App Store. And yes, I think the presence alone of this settings is an indication that Apple has not entirely ruled out moving in that direction at some point in the future.

It gives me a little bit of pause. On the other hand, it’s not unreasonable to include this as a preference. I’m not sure who would use it, but it makes sense for the radio button to be there.

And of course, the third setting allows you to make OS X behave in the manner it always has — allow all applications regardless of source.

Developers

As I said, I am not a developer. However, I think that this is mostly a good thing for good developers. Developers who are doing good work, who are trusted and make great applications should get good standing and recognition in the OS.

By Apple giving devs a certificate they are essentially saying to the user, “We trust this developer, this is our stamp of approval.” Good developers should appreciate this. It protects the user, recognizes good developers, and doesn’t force anyone to compromise. And I would think that everyone is happy, developers certainly, that Apple has not moved to an App Store only model. There are quite a few great apps out there that Apple simply won’t allow in the Mac App Store.

Dissent

Even Gatekeeper’s gentle approach will not be without it’s detractors. I am only going to link to one example here.

Dustin Curtis, user interface designer, thinks Apple may be a bit draconian here. He does not like the dialog that comes up when you try to run an unsigned app (of which, right now, there are plenty of course). In the instance of trying to run Adium the dialog says:

“Adium” has not been signed by a recognized distributor and may damage your computer. You should move it to the Trash.

“Adium” is on the disk image “Adium_1.4.4.dmg”. Safari downloaded this disk image today at 11:06 AM from adium.im.”

Dustin says of this:

This is a fearmongering dialog. The vast majority of apps people download will not damage their computer, and mere mortals have no idea what “signed by a recognized distributor” means. The word “signed” in relation to security certificates is a very technical term and no one ever calls developers “distributors.” Also, saying “You should move it to the Trash” is weirdly strong wording.

Yes, perhaps it is. On the other hand, if it’s not worded strongly enough, users may not pay that much attention to the warning, and this defeats the purpose of Gatekeeper.

An Additional Resource

I just finished listening to episode 55 of John Siracusa’s excellent podcast Hypercritical. There is lots of talk about Mountain Lion in general, and John does discuss Gatekeeper. If you are interested in Gatekeeper (and Mountain Lion for that matter), then I highly recommend this episode: Hypercritical #55: Region of Pain

What Do You Think of Gatekeeper?

Personally, I think Gatekeeper is absolutely a good thing. It has not taken anything away from us and it will help to bolster security of OS X. And for those of us who know what we are doing and know our way around OS X, we can still certainly install any application we would like to. I don’t see any downsides at all, and plenty of upsides.

What do you think? We’d love to hear your thoughts on Gatekeeper, whether you’re a user or developer. Do you think it’s ultimately a good thing or is this a bad direction for OS X?


  • Jeremy

    I see no issue with it at all. If you want the added security, use it. If you don’t, don’t. Apple isn’t forcing anyone to use this, but it’s a nice safe guard for paranoid people afraid their Mac could get a virus or something. I don’t find the wording to be “weirdly strong”, either. Apple can’t verify what the downloaded file was, so it suggests deleting it. Makes sense to me considering the whole purpose of Gatekeeper is “Better safe than sorry”.

    • http://alexarena.com Alex Arena

      I agree, except I’m afraid of the next logical step being to just kill non-App Store apps all together.

  • Sigilist

    I skip most of the nonsense spewed here about not viruses in the wild for OSX. Yet another ignorant neophyte to those of use who have or do work network security and actually monitor the realm underground.

    Overall, Gatekeeper is beginning to sound about as weak as the Windows firewall, and like that simplistic “nothing in but everything out”, an ignorant user could actually cause security issues through its misuse.

    One of the few things I will give Mac over Windows (as I use both and other OSes everyday on a single machine… let alone others) is that the UNIX underbelly has an excellent firewall. The downside is that as is it is almost as bad as the Windows version. Anything that does manage to get in – by mistake or force – can call out to almost anything on the internet. I do not see GateKeeper having anywhere near the control of the best OS X Firewall in existence… Little Snitch.

    THere are more robust ways to manage the firewall, but LS covers most of the real choices for the average user in a savvy way and provides 90% of the finite control an midrange to advance user might need.

    I have little to no interest in Lion or Mtn. Lion, and I’ll wait to review GT personally at a later time… since this review of it only makes me shrug. But I will add one last thing about the choice of name on this app…

    Is there anyone at Apple who actual gets outside their incrowd long enough to get some real pop culture and not mac-think? There were at least three popular shows, one of them Leverage, are all had a them about distributed security software that a malicious intent… and the were all called GateKeeper.

    It is too laugh.

  • WeiSkiy

    GateKeeper, and replacing twitter etc. to Sina microblog in mainland of China, is the two major reasons why I decided to leave Mac system and go to Linux Mint.

    First, I cannot accept a system which is obviously going to “close” completely in near future, despite most people do not believe.

    Second, I cannot accept Apple’s decision to compromise with the censorship of Chinese Communist Party, deleting twitter and other mail service, replacing them with crap like Sina microblog in their products sold in the mainland of China.

  • B30

    “Gatekeeper does not mean the end of the third party eco system as we know it”

    For now, but in the near future (perhaps OS X 10.9) we have to jailbreak our Mac’s (or whatever they call it then) to install software which is non-available at the MAS.

    No, I don’t really like the direction BIG BRO… uh Apple is heading nowadays.

    • Jeremy

      How is offering added protection any indication of them trying to block third party apps? Even with the option to require third party developers to have security certificate, those developers can get the certificate for FREE and they don’t even have to follow the Mac App Store guidelines to be able to get it. How does any of that indicate they plan on “blocking” these apps later on?

      • B30

        This is not about protection, this is all about controll. Apple wanna know exactly what we (the users) do with our mac’s, what stuff we’ve installed, what apps we use and so on. And that Gatekeeper-thing is just one big hint, that they WILL come up with a closed system.

      • http://appleuserpro.com TJ Draper

        “This is not about protection, this is all about controll (sic). Apple wanna know exactly what we (the users) do with our mac’s, what stuff we’ve installed”

        This is ridiculous. This is not what Gatekeeper does. Gatekeeper verifies a dev’s signature, nothing more.

        “And that Gatekeeper-thing is just one big hint, that they WILL come up with a closed system.”

        I’m not convinced, why would Apple go to this much trouble to implement a system that is super friendly to 3rd party devs, in or out of the MAS, only to tick everyone off next update? It doesn’t fit.

        Panic, a fairly prominent 3rd party dev has this to say:

        “So it seemed feasible that we’d wake up one day and Apple would decree that all Mac apps must be sold through the App Store.

        But instead, Apple went to considerable effort and expense to find a middle ground.”

        And skipping ahead:

        “I have a personal flaw in the form of a small conspiracy theorist who lives in my head. He worried that this may have been created as just a temporary stepping stone — like Rosetta for the Intel transition, or Carbon for the OS 9 to OS X transition — and that one day, the Mac App Store-only option might still be enforced.

        But I can’t find it in me to disparage this goodwill effort that Apple has undertaken to not turn every third-party developer upside-down with regard to app distribution. To me it’s a great sign that they’re aware and at some level sympathetic to our concerns, while remaining committed to a high-security experience for users.

        Further cementing this feeling is the fact that we were invited to a private briefing at Apple about Gatekeeper a week before today’s announcement. Cabel was told point-blank that Apple has great respect for the third-party app community, and wants to see it continue to grow — they do not want to poison the well. I think their actions here speak even louder than their words, though.”

        Panic seems to be reassured.

        As I said in the article, I’m not putting it outside the realm of possibility that Apple would close off the Mac to anything but MAS apps, but they have not done so. Instead, they’ve implemented Gatekeeper, which is perfectly reasonable and logical. The common phrase no use crying over spilt milk has some application here, but in this case it’s more like, why are you crying over the possibility that the milk may or may not be spilled at some point in the future. The fact is, Apple did not do what everyone feared they would do. Let’s give them some points for that.

      • B30

        @TJ Draper

        “This is not about protection, this is all about controll.”

        Sorry, don’t get me wrong, with this phrase I didn’t only mean the Gatekeeper-software, what I meant was Apple as a whole.

        “I’m not convinced, why would Apple go to this much trouble to implement a system that is super friendly to 3rd party devs, in or out of the MAS, only to tick everyone off next update?” (sic)

        um, let me think? — ’cause of the money? (they will force us to use the MAS)

    • Paul Dunahoo

      I completely agree.

  • Hawk

    Finally a post that I was able to find interesting!

    I agree that GateKeeper will (probably) be a Good Thing™ in OS X Mountain Lion. I am, like many others, worried about the more distant future though. I promised myself that if Apple one day decides to take that control away from me and force me to use the Mac App Store to acquire software, I will get a Linux machine and try to transition to that as best as I can.

    I also agree with Sigilist that OS X should have a built-in function like Little Snitch or Hands Off!, which would increase security and privacy just as much as GateKeeper, if not more.

    I have a question about GateKeeper which maybe someone here can answer. If I set GateKeeper to only allow MAS/signed apps, would I be able to manually mark specific non-MAS/unsigned apps as trusted, i.e. self-signing it, similar to when your web browser warns you about an untrusted SSL certificate and you can choose to trust it, and that signature is remembered and you aren’t prompted about it again?

    • http://appleuserpro.com TJ Draper

      I don’t have access to the beta so I can’t say what the experience is like for sure, but here is what Apple says on the Gatekeeper page:

      “You can even temporarily override your setting by Control-clicking, and install any app at any time. Gatekeeper leaves it all up to you.”

      Who knows yet if that will permanently override the settings for that app only, or if you have to control-click on the app every time you want to run it.

  • Thomas
  • http://www.guatemalaontheweb.com Alfonso Batres

    So now, if apple is doing this in good faith, maybe they can add to IOS for iphone also. The reason I switched from iphone to an adroid phone was that I was bored of doing a jailbreak everytime a new IOS version came out. If I have the option of installing whatever I want in my iphone, I would consider going back (when my contract expires).

  • Pingback: Apple warns Developers to get ready for Developer ID and Gatekeeper « iOS Empire

  • Pingback: Trackback Replicas de Relogios

  • http://paralegalsalary90.wikispaces.com/ paralegal

    Once I originally commented I clicked the -Notify me when new feedback are added- checkbox and now every time a remark is added I get four emails with exactly the same comment. Is there any means you possibly can remove me from that service? Thanks!

  • http://kasynocasino.wordpressy.pl Alia Mcclymonds

    Queer livelihood, i all things considered don’t bone up on mountains’s of article, but your place hard loot my mind. Remedy today is in my favorite and i start to subscribe it. Realy, most beneficent quagmire hoe doomsday reading. Knuckle under to it as very much as something extended as you can!

  • http://www.freeonlinegamegames.com computer games

    One thing I have actually noticed is the fact there are plenty of misconceptions regarding the finance institutions intentions if talking about foreclosure. One myth in particular is the fact the bank wishes to have your house. The bank wants your hard earned money, not the house. They want the cash they lent you along with interest. Preventing the bank will still only draw any foreclosed conclusion. Thanks for your publication.

theatre-aglow
theatre-aglow
theatre-aglow
theatre-aglow