Interesting post about Mac OS X 10.8 detailing “Gatekeeper.” This seems like a similar approach to what I’m doing with AppLocker in Windows 7.
“My favorite Mountain Lion feature, though, is one that hardly even has a visible interface. Apple is calling it “Gatekeeper”. It’s a system whereby developers can sign up for free-of-charge Apple developer IDs which they can then use to cryptographically sign their applications. If an app is found to be malware, Apple can revoke that developer’s certificate, rendering the app (along with any others from the same developer) inert on any Mac where it’s been installed. In effect, it offers all the security benefits of the App Store, except for the process of approving apps by Apple. Users have three choices which type of apps can run on Mountain Lion:
- Only those from the App Store
- Only those from the App Store or which are signed by a developer ID
- Any app, whether signed or unsigned
The default for this setting is, I say, exactly right: the one in the middle, disallowing only unsigned apps. This default setting benefits users by increasing practical security, and also benefits developers, preserving the freedom to ship whatever software they want for the Mac, with no approval process.”