OS X 10.8 Mountain Lion [Review]

By

OS X Mountain Lion is here, and it's even sleeker than Lion.
OS X Mountain Lion is here, and it's even sleeker than Lion.

GateKeeper

GateKeeper at work keeping out Trojans.

Over the last year, the pervasive belief that Macs are invulnerable to malware hasn’t just been tested… it’s been completely shattered.

In April of this year, Russian antivirus vendor Dr. Web published evidence that over 500,000 Macs were infected by a variant of the Flashback trojan that installed itself using a Javascript vulnerability. According to some estimates, that may mean that Flashback, at the height of the epidemic, was installed on as many as 1% of all Macs out there.

Previously, most Mac users believed either that they were invulnerable to malware, or that malware developers wouldn’t target the Mac platform because it was obscure compared to Windows. Flashback changed all that, and Apple has consequently started taking security a lot more seriously, both publicly and privately.

GateKeeper is Apple’s biggest new security feature in Mountain Lion. It’s probably not going to make Macs any more invulnerable to malware, but GateKeeper is still certainly a step in the right direction in regards to keeping Mac users more aware of the origins of the software they are installing.

OS X has long blocked known malware, but GateKeeper takes this layer of security to the next level.

Ever since OS X Tiger, the Mac has had a feature called File Quarantine, which was essentially a download validation system: if you downloaded a potentially unsafe file or app, the system would warn you before you opened it. Starting in OS X 10.6, File Quarantine would compare the files you downloaded against a known list of malware, and warn you to trash the file if it turned up as a match with Apple’s own system.

GateKeeper is essentially File Quarantine taken to the next level. Instead of just warning you when an app has been downloaded from the internet or warning you if it’s known malware, GateKeeper will prevent you opening any app that comes from an untrusted source.

What is an untrusted source? That’s up to you. By default, GateKeeper only allows you to open apps that are downloaded from the Mac App Store and other identified developers who have registered with Apple and received a personalized digital certificate. If you feel like this is overkill, you can tell GateKeeper to allow any app that hasn’t been registered as malware, which essentially makes GateKeeper work exactly like File Quarantine; likewise, if you want to make absolutely sure your apps aren’t trojans, you can tell GateKeeper to only allow Mac App Store apps, which have all been individually vetted by Apple.

GateKeeper’s designed to keep these out of your Mac.

The big question about GateKeeper that many users have, though, has little to do with security, and everything to do with whether or not it’s a sign of things to come. In iOS, Apple has made a considerable amount of money — thirty cents off every dollar — thanks to the fact that iOS is a completely locked down operating system that simply can’t run apps that Apple hasn’t signed and approved. Since the launch of the Mac App Store in OS X 10.6.8, Apple has seemed interested in generating the same revenue source on the Mac, but have been hampered by the Mac’s more open architecture. It would be ironic if GateKeeper was Apple’s own Trojan Horse, designed to get Mac users used to running on locked-down systems.

We think this perspective is a little bit paranoid. In practice, we found that about 90% of the apps we downloaded with the default GateKeeper setting kept on installed without a problem, even if they didn’t come from the Mac App Store. The 10% of apps that didn’t install under GateKeeper’s default settings were obscure apps by small, sometimes one-man teams.

It would be ironic if GateKeeper was Apple’s own Trojan Horse, designed to get Mac users used to running on locked-down systems.

For most users, the default GateKeeper setting is probably going to be fine even when Mountain Lion launches, and we hope that this will inspire even smaller teams to register with Apple as trusted developers.

The bottom line is that GateKeeper isn’t encouraging developers to exclusively release their software through the Mac App Store — it’s encouraging them to register with Apple and basically promise not to release malware on the Mac. If you make that promise, Apple gives you a GateKeeper certificate; if you don’t, Apple’s going to require that users make an explicit choice to install your app; if you break that promise, Apple will revoke your certificate, classify you as malware, and ban you from all Macs. GateKeeper isn’t the sound of a boot stomping on a human face forever… it’s the sound of sensible, lenient security that aims more for awareness than lockdowns.

No need to be paranoid, GateKeeper is sensible, lenient security that aims to make users more aware, not lock down your Mac.

Next Page: Power Nap