Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Gatekeeper: Apple's answer to validity checks on OS X

Gatekeeper does the same validity check as the iOS system but only does it when an app is first installed

Article comments

Out of the blue, Apple just announced Mountain Lion, the next generation of its OS X operating system. By the time Mountain Lion ships sometime next summer, Apple says it will have lots of new features, some transported from its iOS environment of the iPhone, iPad and iPod Touch world. This column will examine just one of the new features, one that, while good, has not yet included all the functions of its iOS prototype.

Apple iOS performs a validity check on each application before the app runs. The check verifies that the application came from a trusted source and has not been modified. In the case of iOS, the trusted source must be the Apple iOS App Store. This check makes it much harder for the iOS device to be corrupted by a rogue application introduced by a computer virus. But it also locks the iOS device to only get new or updated applications from the Apple-run store. In this way, Apple controls what you, the titular owner of an iOS device, are permitted to run. With a collection of a half million applications in the App Store, this control over the user has been more of a theoretical than a practical problem.

Apple is now adding a poor man's version of this validity check to OS X in the form of Gatekeeper. Gatekeeper does the same validity check as the iOS system but only does it when an app is first installed, and then only if the application is downloaded over the Internet. As described, Gatekeeper will be able to be run in three modes. The default mode will permit applications to be installed from the OS X App Store (not to be confused with the iOS App Store) and from developers who have registered with Apple as long as the applications have not been modified since they were created.

Gatekeeper will also be able to be run in a stricter mode where it will only permit applications from the OS X App Store to be installed or an open mode in which applications are not checked before installation. The last mode is equivalent to the way OS X currently operates - you can install applications from anyone, including applications from developers that Apple has never heard of.

The reaction to Apple's announcement has been decidedly mixed. On the security side, some pundits seem to be from the branch of computer security that feels security is worthless unless it is perfect. These pundits dismiss Gatekeeper as almost worse than worthless because it only does the validity check when the software is installed.

Checking only at the time of installation will not discover software that gets modified after installation and does not deal with the case where an application's bad behaviour is only discovered later. Performing the validity check every time the application is run will catch modified applications and, because Apple can distribute a list of bad software developers in real time, it can block applications newly discovered to be bad.

I think the security provided by Gatekeeper is worthwhile but do hope that Apple changes to a check-before-running from the current check-when-installing operation before Mountain Lion is distributed.

The other area that some pundits have focused on is the one of lock-in. They are worried that this is the next step in a progression that would wind up with OS X being as closed as iOS. While there is no current reason to think that is in Apple's plans, it does bear watching.

By the way, it turns out that Apple included Gatekeeper in Lion - just use the terminal command "sudo spctl - enable" to turn it on, and "sudo spctl - disable" to turn it off.

Gatekeeper is only a step along the path to better OS X security, but a useful one, as long as it is not also a step along a path to an Apple-knows-best future.

Disclaimer: I know of no one at Harvard who would complain about improved security, but I know of no university opinion on the topic. So the above is my own review.


Share:

More from Techworld

More relevant IT news

Comments




Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *