Sunday, October 21, 2012

Mac OS Security: Gatekeeper (1)

Mac Mountain Lion OS 10.8.2 introduced some new changes in the area of OS security. In this blog I am going to explore the first one: Gatekeeper. It is a very interesting concept. Security concern has been with computer OS since it started. How to protect user data, information, and their privacy has become one of most important issues in personal computers. Even Apple's Mac OS has been very strong in terms of fighting computer virus or malware, with the population of Internet, Apple has realized the potential danger of malware invading Mac OS. Macs still takes very  small market share, comparing to Microsoft Windows. This has been used as an excuse for Mac not having much malware attach. However, Apple is aware the potential attack, and has been keeping very close eyes on the battles of malware against to personal computers.

Based on the information from the past WWDC, there some seminars on Mac security issues. I noticed that Apple has learned lessons in this battle. In this battle, most security focuses have been mainly on defensive side. For example, wildly used anti-virus softwares are always one step behind malware. As a result, Windows treats apps from Internet as potential malware and prompt daunting warning messages to let user to make decision to accept them or not. Apple thinks that this would be a never-win-war.

In Mountain Lion OS, Apple introduced Gatekeeper concept. This is based on a very different concept. In stead of black-kist strategy, Apple implements white-list strategy. This is very analogous to security gate in reality. Security guard will allow any one to enter as long as they have proper id card. Alarm will be on if a faulty or unauthorized id is present. As a part of Gatekeeper strategy, Apple asks all the Mac application developers to apply for Apple developer's id. Apple recomments developers to sign their applications with their ids.

Hence Mountain Lion OS introduced a big change. In order to smooth the transition to this new security practice, the new Mac OS provides three convenient options for Mac users to install apps:

  • Mac App Store 
  • Mac App Store and identified developers
  • Anywhere
With those options, users can temporally loose control on Gatekeeper if they want to install known apps without developer id. You can keep your gate door wide open by allowing Any one, but I think most people will choose the first or second option.

I think this will be a new change in app development. Any developer will require to obtain his/her id if he/she wants to distribute apps through internet.