Security experts: Apple did OS X Mountain Lion’s Gatekeeper right

“Many people complain about Apple controlling what apps can run on the iPhone, but with Mac OS X Mountain Lion, the company has struck the right balance between security and freedom, experts say,” Elinor Mills reports for CNET. “‘Users can opt to turn this off and allow any software to be installed with the click of a button,’ said Dino Dai Zovi, chief technology officer at security firm Trail of Bits. ‘There’ll be no need to jailbreak your Mac.'”

Mills reports, “This level of protection is unprecedented, although it sounds like Microsoft might be headed in a similar direction with Windows 8 and its Metro app store… ‘Apple is advancing the farthest in the level of control of their platform, which is a very Apple thing to do and does provide security benefits,’ Dai Zovi said.”

Mills reports, “‘Gatekeeper is a very big deal. Combined with the other recent security enhancements in OS X, it virtually eliminates the possibility that Macs will ever see the sort of malware epidemic that Windows users have dealt with,’ Rich Mogull, CEO of Securosis told CNET. ‘I’m not saying it will stop all kinds of Trojan-based attacks, but that it will prevent that from happening on a wide, long-term scale…For average consumers this could be game changing.’

Read more in the full article here.

Related articles:
Apple’s OS X 10.8 Mountain Lion heralds annual Mac operating system updates – February 16, 2012
Tim Cook: Apple may further meld iOS and OS X; says Macs could run on ARM chips – February 16, 2012
OS X Mountain Lion’s Gatekeeper slams the door on Mac trojans – February 16, 2012
My experience with Apple’s OS X Mountain Lion Developer Preview – February 16, 2012
Apple’s Phil Schiller talks rapid speed of OS X Mountain Lion release; mere 7 months after Lion – February 16, 2012
Hands on with Apple’s new OS X Mountain Lion – February 16, 2012
Apple releases OS X Mountain Lion Developer Preview; public release coming in late summer 2012 – February 16, 2012


            1. Not likely. Silverlight proves DRM (Digital Rights Manglement) protection for streaming video. It keep the MPAA all happy and stuff. Apple have nothing equivalent for video of which I am aware.

              And Silverlight also works fine, according to my years of experience using it via Netflix. It took Microsoft 5 tries to come up with a workable media player, but they finally got it right. It’s Microsoft code, so it has bugs. But I’ve never found the workarounds to be more complicated than reloading the affected URL page. I don’t mind using it at all, and I absolutely despise Microsoft.

            2. Derek Currie, it’s Microsoft code associated with video and DRM. Those are two things Microsoft has never done right. I cringe to thing about what is hidden in that code.

              You may ‘absolutely despise Microsoft.’ But you need to transition to ‘utter loathing.’ 😉

          1. Hi, could you please let me know what you did to get it to work with I have installed silverlight and every time I go to it is prompting me to install silverlight…!! I tried in safari, firefox and chrome…nada. Dont know what else to do. I run mountain lion and it was silverlight 4.1 Thanks for your time

    1. No, on contrary: something bad happens has potential to make Apple look very good if they respond swiftly and effectively. If I understand this correctly if you have a developer ID they can pull your programs down across all Macs and toss you out of the store and maybe prosecute you.

      It will be very hard or nearly impossible to infect a significant number of machines with that safeguard up.

      Trojan horses were the only really serious vector left open to Mac malware and this ends that before it has a chance to begin.

    2. Kind of a silly premise, isn’t it?
      Apple is already responsible for the superb security currently on OS X.
      When there is a chink in the armor found (normally trivial and the apple haters attempt to it importance to seem like a real threat) Apple takes the heat.
      Are you saying that apple should try to make a security better because if it isn’t perfect they will look bad?

    3. “MAC” refers to Media Access Control, as in “MAC Address”, an identification number assigned to all physical network devices.

      “Mac” refers to the Apple Macintosh computer.

      Confusing the two is considered typical of clueless TrollTardiness.

      And no, Apple’s Gateway technology is not considered a perfect solution for Macs as there is no such thing as a perfect solution for computer security, apart from a locked embedded system. Instead there are at this time only security ‘best efforts’ and Apple’s Gateway qualifies nicely.

      As Rich Mogull was discussing: There is no way for Apple to be absolutely up-to-date with its malware identification. Part of the problem is the time it takes to ID, analyze, describe and push out a malware infection solution.

      Another enormous part of the problem, unfortunately, is that the malware community is outrageously unprofessional in many ways, leading to a default lack of sharing malware with other anti-malware companies or providers. I have described Gatekeeper and this situation at my Mac-Security blog:

  1. I agree that this is the way to do it. There are many apps from reputable developers that are on the App Store that are not the full versions because Apple will not allow the full versions on the store. I have several purchased straight from the developer, and I am glad developers aren’t being forced between leaving the App Store or dumbing down their products.

  2. In other word, Gatekeeper has condom-like feature. Users can use it for much greater protection, although it will not protect all “viruses” . 🙂

    On the other hand, Windows is like a condom with tons of holes in it. Enough said… 🙂

  3. For sure that’s not about security, if that was for security they could at least make it not so restrictive (as a part of parental controls for example). Windows XP had a similar feature for years, and it did not help against viruses at all. Moreover, don’t you think it’s strange that yesterday they claimed “Mac os X is completely virus free” and then next day they ban ALL third party apps “to protect you”. When governments or corporations want to cut your freedom – they’re always talking about security. Most of masses are only glad to have their freedom cut.
    Also don’t you think if there was no AppStore, they would even bother with this GateKeeper? No!
    The only (only!) reason they push it is to force developers (and users) to use their AppStore. And that was very predictable. First it hits alternative online distributors and resellers, and eventually it will hit developers – cause the monopoly is always bad. That’s definitely anti-competitive behaviour and people must understand – it won’t be good for them in a long term. Eventually developers won’t own their apps, and Apple will own everything! They will be able to change their rules, commissions etc and there will be no alternative! That is what they want! That is so old practice! But in 1990th there were so many court cases against Microsoft! What now?

    Developers should complain and protest about banning their non-signed apps by default, as it’s a way to a digital slavery! It’s so obvious in the USA, are you still believe in any security and good thoughts? That’s a BS! That’s all about money and greed! Now 30% and you cannot even mention a competing OS in your app, what next? Isn’t that the dictatorship the Unites States were always fighting with? It IS! The freedom is in danger again and again!
    That the same as SOPA and PIPA – it results in the same freedom loss!
    Don’t be so stupid to think it’s about security!

    1. Sorry but Apple doesn’t have a monopoly therefore there is no risk of antitrust. Also, with the default settings you can still install an unsigned app. You just have to specifically intend to do so (no doing it by mistake). This is a good thing, stop being so paranoid.

    2. Did you even read anything about it before your posted your drivel…you can turn it off if you don’t like it — exactly like it is today…do a little reading before spouting off….

      1. While your argument stands, one could easily argue that Apple is starting on a slippery slope and it wouldn’t be difficult to argue that the barriers to entry outside of that App Store may become increasingly higher and more difficult to surmount, for developers whose products can’t meet Apple’s guidelines and/or restrictions.

        The level of paranoia of the original post, however, simply isn’t warranted at this time. Apple’s history so far doesn’t indicate any possibility of sinister goals for the future. In other words, yes, this really IS just about security and not much else (hint: Apple store generates negligible amount of revenue for Apple; for an organisation that was NEVER driven by P&L, revenue and financial consideration, this is of absolutely NO consequence whatsoever).

    3. Non-savvy users will benefit from GateKeeper, as they don’t know any better how to protect themselves from threats. Those of us that know our Macs well will simply turn off GateKeeper and continue to utilize caution, as always.

      There’s even a middle ground to allow apps distributed outside the App Store but with properly signed Developer IDs to be installed and run for those users that want more control, but still feel secure. And, if I understood the announcement correctly, you can still tell a single app to run without proper signing and keep GateKeeper active for all new apps by right-clicking and choosing Open.

      Relax, take a deep breath, and remember that not every change is meant for you.

        1. Agreed. Having that little warning that says, “We have no idea who this developer is or what they want to do to your computer. Are you sure you trust them?” is an excellent way to give pause to those of us that are used to installing exciting new software with little to no regard to the developer’s background.

          I’ll probably do it anyway, but at least I can only blame myself if it blows up in my face. 😀

    4. Last I checked, no one was forcing you to buy Apple products. Keep XP or better yet, go get a ChromeBook. Nothing says freedom like viruses or a slew of ads in my face.
      True freedom would be anarchy. No government, rules or laws to abide by. Everyone’s free to do as they wish, no matter the consequences.

    5. Moggy, you really are paranoid. Take off the aluminum hat and try reading up on some of the facts of GateKeeper first.

      Next, you mistakenly say that developers lose 30% of their app’s sales price to Apple. What you don’t take into consideration is that developers no longer have to pay their own credit card processing fees, maintain ecommerce capable websites, etc. in order to sell their apps. That is a significant savings, because most developers do not have the volume purchasing power to negotiate lower credit card processing fees. Not to mention the headaches which go along with it.

      The other advantage to developers is they don’t have to host their apps on any other servers for downloading, and Apple protects their apps from being corrupted by some malicious party who wants to install a piece of malware in their apps.

      And we haven’t even gotten to the additional marketing Apple does for its developers.

  4. GateKeeper in Mac Os X 10.8 is definitely a way to a closed computing look here, this guy predicted that even before it was released

    that’s so obvious, don’t b dumb thst it’s about secutity. It’s about money and locked system monopoly. it’s VERY profitable to make os x closed like iOs , or just make AppStore a preferrable way to get most of the software. iOs devices generate a main revenue for Apple just now and threy want macs to go the same way.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.