Gatekeeper (OS X)
Gatekeeper under OS X Yosemite
|Preview release||1.0 (11D1069) / February 16, 2012|
|Operating system||OS X|
Gatekeeper is a security feature of the OS X operating system by Apple. It allows users to restrict which sources they can install applications from, in order to reduce the likelihood of inadvertently executing malware. It was originally introduced for OS X Mountain Lion and version 10.7.5 of its predecessor Mac OS X Lion. Gatekeeper can also be activated on Lion as of version 10.7.3 via the command-line utility spctl. The feature builds upon File Quarantine, which was introduced in Mac OS X Leopard.
Users have three options in the security & privacy panel of system preferences:
- Mac App Store: allows only applications downloaded from the Mac App Store to be launched.
- Mac App Store and identified developers: Allows applications downloaded from the Mac App Store and applications signed by certified Apple developers to be launched. This is the default setting in Mountain Lion and later.
- Anywhere: allows all applications to be launched. This is the default setting in Lion.
When the system attempts to open an application that does not meet the chosen option's criteria, the system will refuse to open it and inform the user accordingly. To override Gatekeeper, the user either has to manually switch to a more lenient option (typically requiring an administrator password) or has to open the application from the context menu, although this only works when the second option is chosen. Once an application has passed Gatekeeper, it will be allowed to run normally and won't be verified again.
When Apple identifies an application as malware, it can add the application to the known-malware list and prevent Gatekeeper from accepting it. In addition, Apple can revoke the developer's certificate and prevent the developer from spreading other malicious programs. Applications that are already installed by the user will not be affected.
The effectiveness of Gatekeeper in combating malware has been acknowledged, but the second option has been met with reservations. Security researcher Chris Miller noted that Gatekeeper will verify the developer certificate and consult the known-malware list only when the application is first opened. Malware that already passed Gatekeeper will not be stopped. In addition, Gatekeeper will only verify applications that have been downloaded from the Internet, but not from other sources like USB flash drives. Questions have also been raised about the registration process to acquire a developer certificate and the prospect of certificate theft.
- "OS X: About Gatekeeper". Apple. February 13, 2015. Retrieved June 18, 2015.
- Siegler, MG (February 16, 2012). "Surprise! OS X Mountain Lion Roars Into Existence (For Developers Today, Everyone This Summer)". TechCrunch (AOL Inc.). Retrieved March 3, 2012.
- "About the OS X Lion v10.7.5 Update". Apple. February 13, 2015. Retrieved June 18, 2015.
- Ullrich, Johannes (February 22, 2012). "How to test OS X Mountain Lion's Gatekeeper in Lion". Internet Storm Center. Retrieved July 27, 2012.
- "spctl(8)". Mac Developer Library. Apple. Retrieved July 27, 2012.
- Mogull, Rich (February 16, 2012). "Gatekeeper Slams the Door on Mac Malware Epidemics". TidBITS. Retrieved March 3, 2012.
- Snell, Jason (February 16, 2012). "Mountain Lion: Hands on with Gatekeeper". Macworld. Retrieved March 3, 2012.
- Foresman, Chris (February 17, 2012). "Mac developers: Gatekeeper is a concern, but still gives power users control". Ars Technica. Retrieved June 18, 2015.
- Chatterjee, Surojit (February 21, 2012). "OS X Mountain Lion Gatekeeper: Can it Really Keep Malware Out?". International Business Times. Retrieved March 3, 2012.