Mac Gatekeeper Reminds Us No Computer Is Safe

Mac Gatekeeper Reminds Us No Computer Is Safe

Apple has often made a selling point of Macs being “more secure” and allegedly impervious to malware, but its forthcoming Mountain Lion update for Mac OS X includes a feature designed purely to keep malicious apps off your Mac. It’s a sensible move, and a welcome reminder that there is no such thing as a completely safe machine, no matter what the OS.

Here’s the official description of Gatekeeper from Apple’s release announcement:

Gatekeeper is a revolutionary new security feature that gives you control over which apps can be downloaded and installed on your Mac. You can choose to install apps from any source, just as you do on a Mac today, or you can use the safer default setting to install apps from the Mac App Store, along with apps from developers that have a unique Developer ID from Apple. For maximum security, you can set Gatekeeper to only allow apps from the Mac App Store to be downloaded and installed.

It’s typical Apple hyperbole to describe this as “revolutionary”. As our guide to getting Mountain Lion’s features right now points out, you can easily adopt “only install apps from the App Store” as a policy without having it integrated into Mac OS X at all. The main difference once Mountain Lion rolls out will be that by default, you’ll only be able to install apps from the Mac App Store or from developers registered with Apple. Apps developed outside that process will, by default, be blocked (though you can switch back to “install anything” mode if you want). That will make it harder for malicious apps to make their way onto the system.

That won’t make it a perfect system. It might potentially cause headaches for open-source developers who aren’t happy with Apple’s sign-up terms. That has long been an issue with Windows, where some developers either don’t want to pay the fees or don’t like the terms associated with Microsoft’s similar developer authorisation schemes.

It’s good that Apple describes the default option as “safer”, since this recognises (however obliquely) that just because an app has made it through Apple’s vetting process doesn’t guarantee that it might not cause security concerns, especially when it comes to how apps access and share your data. This week, we saw Apple admit that apps on iOS could share and upload your contacts without explicitly notifying you. It is planning to fix that problem in a forthcoming update, but it’s a reminder that a “trusted” app can’t always be trusted, and that you can’t just jump from “it comes from Apple” to “it must be secure”.

A common argument for buying a Mac is the idea that it’s “more secure” and “can’t get viruses”. The first is a vague and contestable statement; the second simply isn’t true. The two important points to recognise are that security is about much more than whether you get a classic computer “virus” — it encompasses anything that might compromise your personal data — and that a vital factor in keeping your system secure is human behaviour.

No security system can totally protect against human stupidity. If you set a stupidly easy password, or provide your credit details in a form, or click through the user agreements and default settings on an app, you could get into trouble. Systems like Gatekeeper will block some obvious problems, but they won’t eliminate the need to be an alert computer user. Nothing will.


  • The only reason why Macs are less likely to get malware is market share. As Apple products get more of a market share, the amount of available malware will increase.

  • i feel i should point out here that any signed up does not need to be distributed through the mac app store. developers can sign up for a free account, sign their apps, and distribute (or sell) through whatever channel they wish, including their own website. apple does not check, or validate, or “approve” or whatever, these apps. if they are flagged as malware, THEN they do, and if it IS malware, that developers’ certificate is revoked.

    the default setting for gatekeeper is that apps that have not been obtained through the mac app store OR through a developer signing the app and distributing it themselves, cannot be installed.

    so in the above case, where a malicious developer has signed an app and distributed it themselves, when their certificate is revoked, it instantly can’t do any damage to any computers that it may already be installed on, and it can’t be installed on any more computers that have gatekeeper enabled.

    apple aren’t stopping you from installing whatever you like, anyway. if you don’t like gatekeeper, turn it off.

  • Tomorrow’s post: Hackers find way around Gatekeeper in Mountain Lion, Mac enthusiasts deny the claim, states they were probably talking about Windows and laugh condescendingly at anyone not using a Mac

    • Well as the whole Path / Contact book bit showed us, having an app listed in the App Store™ doesn’t necessarily mean it’s safe and can be trusted. What if I build a timebomb feature into it so it gets by the App store process undetected, but on December 21st 2012, it takes out all four of the Macs in the world?

  • I know there are some Trojan horses for the Mac, but can anyone name a true Virus? I don’t know of any even after a cursory google. A virus is something that self replicates and doesn’t need user intervention, that is clicking on it like a trojan.

Show more comments

Log in to comment on this story!