As users of 10.8 Mountain Lion settle into their new environment, some of the most common questions about the new operating system relate to Gatekeeper – OS X’s newest security feature.
While Gatekeeper is a marquee feature of OS X Mountain Lion, there’s still some confusion about what it does and how it affects Mac users in everyday use. To summarize in a single sentence, Gatekeeper helps protect you from inadvertently installing malicious software on your Mac. But there’s a lot more to Gatekeeper than that basic description, so let’s explore why it exists and how it works!
Why Apple created Gatekeeper
Gatekeeper is Apple’s answer to trojan apps that trick users into installing software they don’t actually want. Trojans are a growing problem for Macs, Windows PCs, Android phones, and nearly all software platforms that let users install software from any source. These aren’t viruses that install on their own – they rely on the user’s ignorance or uncertainty to gain access to the system.
Since iOS only allows users to install Apple-approved apps from the App Store, iPhones and iPads are not at risk for these kinds of threats. Macs, of course, have an App Store too – but it’s not the only place users can find and install software. We can download apps from anywhere on the internet.
Rather than lock down the Mac like they’ve done with iOS, Apple took a different approach in OS X 10.8 Mountain Lion by introducing Gatekeeper. With Gatekeeper, your Mac will be safer and more secure without taking any control away from you.
How Gatekeeper works
So now that we know why Gatekeeper exists, how does it work? In general, it’s not something you have to worry about maintaining. Gatekeeper works in the background and only alerts you when there’s a problem. But depending on how you have Gatekeeper configured, those alerts could come at different times.
In System Preferences under the Security & Privacy section, there are 3 options under the “Allow applications downloaded from” heading.
- Mac App Store: Selecting this option makes your Mac behave like an iOS device. It will only allow software downloaded from the Mac App Store to be installed. All other apps will be denied if you try to launch them. This is the most secure choice, but also the most restrictive.
- Mac App Store and identified developers: Mountain Lion’s default setting allows your Mac to install apps from the Mac App Store, plus any apps that you’ve downloaded from the web – as long as they meet one important criteria: The developer needs to be registered with Apple to confirm their legitimacy. More on this below.
- Anywhere: This gives you free reign to install whatever you want, from wherever you want – just like all the previous versions of OS X.
You might be wondering what an “identified developer” is and why that is the default option Apple chose for Gatekeeper. Developers who want to distribute their software outside of the Mac App Store are encouraged to sign up with Apple to get a certificate they can use to sign their apps. This way, if an app has been maliciously modified by someone other than the developer before the user downloads it, the signature will be broken and the app won’t install. On the flip side, it also gives Apple the ability to blacklist developers who intentionally distribute malware. Once Apple flips the switch on a rogue developer, Mountain Lion users will be protected from installing that developer’s sketchy apps in the future.
It’s important to note Apple’s developer ID program is not an approvals process like the Mac App Store. Any developer can get a certificate immediately without Apple ever seeing their app. It’s just a way for Apple to protect users if a developer is later found to be doing something they shouldn’t.
How to configure Gatekeeper
That “Anywhere” setting sure sounds good for you expert users and control freaks, right? Wait! Let’s not jump back into old habits just yet. This option leaves the door wide open for trojans to be installed without your knowledge. It’s much safer to leave Gatekeeper on its default setting (“Mac App Store and identified developers”) so you know everything you install is legit.
But what about those apps whose developers haven’t registered with Apple to get a certificate? If you’re confident this app is from a safe and trusted source, it’s easy to manually override Gatekeeper on a case-by-case basis without changing the default setting. Just right-click (or control+click) the app and select Open from the menu. Gatekeeper will still display a warning, but it will also give you the option to install the app anyway. Once installed, Gatekeeper won’t bother you about that app again. Happy user, happy Mac… everyone wins!