Apple has often made a selling point of Macs being “more secure” and allegedly impervious to malware, but its forthcoming Mountain Lion update for Mac OS X includes a feature designed purely to keep malicious apps off your Mac. It’s a sensible move, and a welcome reminder that there is no such thing as a completely safe machine, no matter what the OS.
Here’s the official description of Gatekeeper from Apple’s release announcement:
Gatekeeper is a revolutionary new security feature that gives you control over which apps can be downloaded and installed on your Mac. You can choose to install apps from any source, just as you do on a Mac today, or you can use the safer default setting to install apps from the Mac App Store, along with apps from developers that have a unique Developer ID from Apple. For maximum security, you can set Gatekeeper to only allow apps from the Mac App Store to be downloaded and installed.
It’s typical Apple hyperbole to describe this as “revolutionary”. As our guide to getting Mountain Lion’s features right now points out, you can easily adopt “only install apps from the App Store” as a policy without having it integrated into Mac OS X at all. The main difference once Mountain Lion rolls out will be that by default, you’ll only be able to install apps from the Mac App Store or from developers registered with Apple. Apps developed outside that process will, by default, be blocked (though you can switch back to “install anything” mode if you want). That will make it harder for malicious apps to make their way onto the system.
That won’t make it a perfect system. It might potentially cause headaches for open-source developers who aren’t happy with Apple’s sign-up terms. That has long been an issue with Windows, where some developers either don’t want to pay the fees or don’t like the terms associated with Microsoft’s similar developer authorisation schemes.
It’s good that Apple describes the default option as “safer”, since this recognises (however obliquely) that just because an app has made it through Apple’s vetting process doesn’t guarantee that it might not cause security concerns, especially when it comes to how apps access and share your data. This week, we saw Apple admit that apps on iOS could share and upload your contacts without explicitly notifying you. It is planning to fix that problem in a forthcoming update, but it’s a reminder that a “trusted” app can’t always be trusted, and that you can’t just jump from “it comes from Apple” to “it must be secure”.
A common argument for buying a Mac is the idea that it’s “more secure” and “can’t get viruses”. The first is a vague and contestable statement; the second simply isn’t true. The two important points to recognise are that security is about much more than whether you get a classic computer “virus” — it encompasses anything that might compromise your personal data — and that a vital factor in keeping your system secure is human behaviour.
No security system can totally protect against human stupidity. If you set a stupidly easy password, or provide your credit details in a form, or click through the user agreements and default settings on an app, you could get into trouble. Systems like Gatekeeper will block some obvious problems, but they won’t eliminate the need to be an alert computer user. Nothing will.