In addition to the obvious new apps like Reminders and Messages, Mountain Lion includes several “behind the scenes” features. One of the important ones is Gatekeeper, an attempt to help protect users from “bad” applications on the Web. Back when MacDefender was causing hair loss in support groups, Apple released a security update that would keep a list of known rogue applications and warn you if you attempted to run an application that appeared on that list. Gatekeeper takes that one step further by adding a set of options to better handle applications based on where they come from.
Currently, OS X will alert you that an application came from the Internet, and make sure you want to run it. (You might see this and reply “Of course it is, I just downloaded it! Stupid warning message!” What if a rogue application downloaded a hacked copy of Address Book that was modified to send your contact list to a spammer? The next time you tried to run it, OS X would tell you that “Address Book is a program downloaded from the Internet.” THAT is why the warning exists—to make you stop and think.)
Instead of just popping up a warning message, Gatekeeper will first attempt to validate that the application came from a trusted source, and if it did, the application will launch normally. If it could not be verified, then you will get the same familiar warning. By using this method, that “stupid warning message” should pop up a lot less often.
Gatekeeper has three settings, found under Security and Privacy: Mac App Store, Mac App Store and identified developers, and Anywhere.
- The first option is self-explanatory—you can only download programs from the App Store. Any other application would be rejected. It has been said in several articles that this is the default setting, but when I did an upgrade and a clean install, the setting was “Anywhere.”
- The second option adds applications from developers that have been issued Developer ID’s from Apple’s Developer Program. A Developer ID adds the ability for a developer to digitally sign their application, which not only identifies who wrote it, but proves that the code has not been altered in some way.
- “Anywhere” offers no protection other than from the blacklist that already exists in Snow Leopard. If you download a program that is known malware, it will be blocked, but anything else is allowed.
A common way of spreading malware is to download a legitimate program, add code to it, then repackage and redistribute it. Another way is to imitate someone else’s installation program, such as the fake Flash Updater that was floating around some time ago. You think you’re installing Adobe Flash Player, when really you’re putting dangerous code on your system that can allow someone to steal your private data. Gatekeeper will check the app’s “digital signature” and verify that it is valid. If someone changes the code, the digital signature is no longer present, and Gatekeeper will reject the program.
Is Gatekeeper perfect? No, but it’s also still in beta, so there is time to improve it. I have seen a lot of comments that imply that Apple is trying to lock down the OS by only allowing applications that came from the App Store. While that would be good in that all apps would be verified safe, a lot of independent developers don’t like the idea of Apple taking a percentage of every app sold. There is the fear of the small time developer being squeezed out.
Another possible problem is that there is nothing to stop someone determined to distribute malware from joining the Developer Program. They get their app into the Mac App Store, Gatekeeper says “this is a verified developer” and allows the program to run, and people get infected. The associated Developer ID would be used to trace the app back to the developer, the developer would be banned and all their apps would be removed from the App Store, but not before a bunch of people had their private data stolen by a trusted application. The damage is already done. The only solution to this is better vigilance on the part of Apple’s App Store approval process. They need to do more than a few automated checks before stamping “Approved” on the app.
Apple has stated that the functionality of Gatekeeper is already built into OS X Lion 10.7.3, so if you want to see how it works, simply use the Terminal command:
sudo spctl —enable
To disable it, replace “—enable” with “—disable”
(Note – each parameter is supposed to be preceded by two dashes, not one. Our blog is turning two – signs into one long one. The command won’t work as it appears; please use two dashes in front of “enable” and “disable”.)
This feature is so developers can see how Gatekeeper will react to their applications. It is not intended as normal usage for an end user—since the majority of applications out there are not using digital signing via Apple’s Developer ID, Gatekeeper is quite likely going to reject everything you download, even though there is no actual problem with the app itself. Many news sites are using this to point out that Gatekeeper is fundamentally flawed because the support is not yet out there. Gatekeeper has to be told what is good and what is bad, and like Joshua from WarGames, it hasn’t learned yet!