With OS X Mountain Lion, there’s a new sheriff in town: Gatekeeper. This utility gives you the power to decide which apps are acceptable to install on your system and which should be blocked due to being from a questionable source.
Does the arrival of Gatekeeper mean that Apple is inching closer towards full control over your apps? Or will this utility actually give you more control in the long run? Read on to find out.
When Apple announced the Mac App Store, many felt that they were pushing OS X toward a model similar to the iOS ecosystem, in other words, that Mac applications would someday be restricted only to the Mac App Store. One could certainly make the argument that this would be better in many ways for end users. For instance, if applications only came from the Mac App Store, and had to pass through the scrutiny of the app reviewers, then the end user could be assured a high degree of probability that the downloaded application is not malware.
But this model would also not be without problems. We are used to installing any third party application we please. Many called foul on the Mac App Store and warned to stay away from it. Well, at least with Mountain Lion, Apple has not taken that route. But Apple also did not sit still on this issue.
Gatekeeper: What It Is Not
- Gatekeeper is not a way to restrict third party applications on the Macintosh.
- Gatekeeper is not some heavy handed and draconian system for making unreasonable demands on developers.
- Gatekeeper does not (by default) restrict the user from downloading and installing applications from sources other than the Mac App Store.
- Gatekeeper does not mean the end of the third party eco system as we know it
A Logical Step
The Macintosh community enjoys a fairly risk-free experience. The reason for this, I think, is twofold.
- OS X is a very robust and secure Operating System. To do any real damage, an application must ask for admin access.
- OS X toils in relative obscurity by comparison to it’s largest, malware infested competitor (don’t flame me, I’m just stating fact. I don’t buy into the security via obscurity myth, but I do think OS X is less of a target than Windows).
However, this is not to say OS X is immune. While there are no known viruses in the wild for OS X, there are a few trojans. Some time back, Apple implemented a blacklisting system in OS X to warn users if they try to execute known malware. The list is updated remotely as these sorts of things come up. But it’s far from robust. Gatekeeper is just another stone in the security foundation, and another step toward robustness.
As I move forward, understand that I am not a developer and do not have access to the Mountain Lion Developer Preview. If I did, I wouldn’t be able to talk about it because I would be under NDA. So this information all comes from Apple’s website, or from other sources around the internet. But I think it’s important to spell all this out.
Gatekeeper, by default will allow two types of applications. Those that come from the Mac App Store (obviously), and those from identified developers.
So what is this identified developer stuff? The short of it is this: a developer signs up for the Developer ID program and Apple gives them a unique ID to sign their apps with. This digital signature serves a couple of purposes. First of all, it assures that the application has not been tampered with since the original developer compiled it. If it has been tampered with, the signature won’t match and OS X will tell you the app has not been signed by a registered developer. And secondly, someone making malware or trojans for OS X is not going to rush out and get one of these developer IDs.
One assumes also that, much like the safe downloads list, Apple has a way of letting OS X know if a registered developer did decide to go rogue and start distributing malware and thus revoke the signature.
Even in this default setting, Apple has stated on Mountain Lion’s security page that you can control click on an application to access controls for over-riding Gatekeeper’s settings.
If you are feeling overzealous about the security of OS X, you can change Gatekeeper’s preferences to allow only apps from the Mac App Store. And yes, I think the presence alone of this settings is an indication that Apple has not entirely ruled out moving in that direction at some point in the future.
It gives me a little bit of pause. On the other hand, it’s not unreasonable to include this as a preference. I’m not sure who would use it, but it makes sense for the radio button to be there.
And of course, the third setting allows you to make OS X behave in the manner it always has — allow all applications regardless of source.
As I said, I am not a developer. However, I think that this is mostly a good thing for good developers. Developers who are doing good work, who are trusted and make great applications should get good standing and recognition in the OS.
By Apple giving devs a certificate they are essentially saying to the user, “We trust this developer, this is our stamp of approval.” Good developers should appreciate this. It protects the user, recognizes good developers, and doesn’t force anyone to compromise. And I would think that everyone is happy, developers certainly, that Apple has not moved to an App Store only model. There are quite a few great apps out there that Apple simply won’t allow in the Mac App Store.
Even Gatekeeper’s gentle approach will not be without it’s detractors. I am only going to link to one example here.
Dustin Curtis, user interface designer, thinks Apple may be a bit draconian here. He does not like the dialog that comes up when you try to run an unsigned app (of which, right now, there are plenty of course). In the instance of trying to run Adium the dialog says:
“Adium” has not been signed by a recognized distributor and may damage your computer. You should move it to the Trash.
“Adium” is on the disk image “Adium_1.4.4.dmg”. Safari downloaded this disk image today at 11:06 AM from adium.im.”
Dustin says of this:
This is a fearmongering dialog. The vast majority of apps people download will not damage their computer, and mere mortals have no idea what “signed by a recognized distributor” means. The word “signed” in relation to security certificates is a very technical term and no one ever calls developers “distributors.” Also, saying “You should move it to the Trash” is weirdly strong wording.
Yes, perhaps it is. On the other hand, if it’s not worded strongly enough, users may not pay that much attention to the warning, and this defeats the purpose of Gatekeeper.
An Additional Resource
I just finished listening to episode 55 of John Siracusa’s excellent podcast Hypercritical. There is lots of talk about Mountain Lion in general, and John does discuss Gatekeeper. If you are interested in Gatekeeper (and Mountain Lion for that matter), then I highly recommend this episode: Hypercritical #55: Region of Pain
What Do You Think of Gatekeeper?
Personally, I think Gatekeeper is absolutely a good thing. It has not taken anything away from us and it will help to bolster security of OS X. And for those of us who know what we are doing and know our way around OS X, we can still certainly install any application we would like to. I don’t see any downsides at all, and plenty of upsides.
What do you think? We’d love to hear your thoughts on Gatekeeper, whether you’re a user or developer. Do you think it’s ultimately a good thing or is this a bad direction for OS X?