Apple's Gatekeeper: A low cost for partial security

Gatekeeper functionality in OS X Mountain Lion provides somewhat enhanced security with only a potential downside

Out of the blue, Apple just announced Mountain Lion, the next generation of its OS X operating system. By the time Mountain Lion ships sometime next summer, Apple says it will have lots of new features, some transported from its iOS environment of the iPhone, iPad and iPod Touch world. This column will examine just one of the new features, one that, while good, has not yet included all the functions of its iOS prototype.

BACKGROUND: Apple counts down to 25 billion apps

Apple iOS performs a validity check on each application before the app runs. The check verifies that the application came from a trusted source and has not been modified. In the case of iOS, the trusted source must be the Apple iOS App Store. This check makes it much harder for the iOS device to be corrupted by a rogue application introduced by a computer virus. But it also locks the iOS device to only get new or updated applications from the Apple-run store. In this way, Apple controls what you, the titular owner of an iOS device, are permitted to run. With a collection of a half million applications in the App Store, this control over the user has been more of a theoretical than a practical problem.

Apple is now adding a poor man's version of this validity check to OS X in the form of Gatekeeper. Gatekeeper does the same validity check as the iOS system but only does it when an app is first installed, and then only if the application is downloaded over the Internet. As described, Gatekeeper will be able to be run in three modes. The default mode will permit applications to be installed from the OS X App Store (not to be confused with the iOS App Store) and from developers who have registered with Apple as long as the applications have not been modified since they were created. Gatekeeper will also be able to be run in a stricter mode where it will only permit applications from the OS X App Store to be installed or an open mode in which applications are not checked before installation. The last mode is equivalent to the way OS X currently operates -- you can install applications from anyone, including applications from developers that Apple has never heard of.

The reaction to Apple's announcement has been decidedly mixed. On the security side, some pundits seem to be from the branch of computer security that feels security is worthless unless it is perfect. These pundits dismiss Gatekeeper as almost worse than worthless because it only does the validity check when the software is installed. Checking only at the time of installation will not discover software that gets modified after installation and does not deal with the case where an application's bad behavior is only discovered later. Performing the validity check every time the application is run will catch modified applications and, because Apple can distribute a list of bad software developers in real time, it can block applications newly discovered to be bad.

I think the security provided by Gatekeeper is worthwhile but do hope that Apple changes to a check-before-running from the current check-when-installing operation before Mountain Lion is distributed.

The other area that some pundits have focused on is the one of lock-in. They are worried that this is the next step in a progression that would wind up with OS X being as closed as iOS. While there is no current reason to think that is in Apple's plans, it does bear watching.

By the way, it turns out that Apple included Gatekeeper in Lion -- just use the terminal command "sudo spctl --enable" to turn it on, and "sudo spctl --disable" to turn it off.

Gatekeeper is only a step along the path to better OS X security, but a useful one, as long as it is not also a step along a path to an Apple-knows-best future.

Disclaimer: I know of no one at Harvard who would complain about improved security, but I know of no university opinion on the topic. So the above is my own review.

Join the discussion
Be the first to comment on this article. Our Commenting Policies