Mountain Lion’s Gatekeeper Is Not a Slippery Slope

by Steve Wildstrom   |   February 17th, 2012

Apple’s announcement of Gatekeeper, an anti-malware component of the new version of OS X, has set off the predictable horrified reactions among tech bloggers. Many are warning that this is a step in Apple’s plot to turn the Mac into an iPhone-like walled garden. But the reactions seem to be made of up equal parts misinformation and paranoia.

Gatekeeper offers Mac users three options. At its most stringent, it will install only software downloaded from the Mac App Store. A middle setting allows downloads from anywhere, but will warn users against installing them unless the code has been signed by a registered Mac developer. The third option is essentially the pre-Mountain Lion status quo: Anything is allowed.

Much of the criticism focuses on the dialog generated by unsigned code when using the middle option. It warns that the code “has not been signed by a recognized developer.  You should move it to the trash.” At Gizmodo, Casey Chan writes: “But Gatekeeper could also be interpreted as Apple heavily discouraging less savvy users from installing non-Mac App Store apps entirely. It’s one step away from turning the current app freedom on the Mac into the app dictatorship of iOS.

At BoingBoing,  Rob Bechizza opines:

“At this point, the thing that unnerves me is not the prospect of Gatekeeper as a crude tool to herd OS X developers into a walled garden and crush freedom. It’s the fact that code-controlling technologies tend to have unintended consequences that harm, rather than guarantee, the quality of user experiences.

“The prospect of Apple becoming a desktop control freak, going full Sony on its own community to stop it using software the way it has for thirty years? Fun, but let’s wait until it actually happens.

“The truth is that Macs don’t currently suffer much from malicious software, and DRM-esque lockouts are always circumvented. So what’s the point of a DRM-esque system for malware prevention? A more pleasingly cynical answer is that it’s a marketing move, aimed as much at analyst-fed Mac malware hysterics in the tech press as it is at real threats. For everyday users, Gatekeeper’s more likely to echo the good old days of Vista’s “Cancel or Allow” than to save them from themselves.”

This is wrong on several levels. First, malware is a very real problem. It may not be much of one on Macs today, but the  increasingly murky swamp that is the Android app market should serve as a warning. Second, raising the issue of digital rights management is a complete red herring. Gatekeeper has nothing to do with DRM, whose purpose is to restrict unauthorized copying of content or to limit its use to specific devices. He is guilty of the very fear-mongering he accuses Apple of.

Give Apple a little credit for understanding  the difference between a Mac and an iOS device. At the introduction of the iPad, Steve Jobs compared the iPads to cars and Macs to trucks. His point was that a car is all most people need, but people who build stuff need trucks. As analogies go, this isn’t a bad one. And the people who need Macs need the freedom to choose their own software.

Another important point that seems to be getting lost: Developer approval, unlike inclusion in the App Store, does not imply that Apple has looked at the software itself. Anyone can become a registered  Apple developer by paying $99 a year and getting code approved for Gatekeeper’s middle option requires only that developers digitally sign their apps. This allows an app to be traced back to its author and lets Apple de-register developers who distribute bad code. Can this be abused? Of course. But it is on the whole a very good thing to add accountability to app distribution.

Finally, the “walled garden” charge is a bit silly because of how easy Apple makes it to change Gatekeeper settings. It’s just a click on the Security & Privacy system preference. This may sound  elitist but I am going to say it anyway. As I tweeted yesterday, anyone who cannot figure out how to change the setting probably needs the greatest protection. Anyone who doesn’t know enough about their Mac to change a simple preference needs someone to curate their software choices.

 

Steve Wildstrom

Steve Wildstrom is veteran technology reporter, writer, and analyst based in the Washington, D.C. area. He created and wrote BusinessWeek’s Technology & You column for 15 years. Since leaving BusinessWeek in the fall of 2009, he has written his own blog, Wildstrom on Tech and has contributed to corporate blogs, including those of Cisco and AMD and also consults for major technology companies.
  • JamesKatt

    Gatekeeper is Apple’s way to knock out TROJAN apps.

    Every operating system is susceptible to trojan apps because they bypass security by having the user actually install it themselves in their own computer – like giving a gun to a child and telling them it is a toy gun and to shoot others with it. Trojan apps are the only type of malware that works in Mac OS X – unlike Windows or Android, where viruses run rampant.

    At its highest security setting – which is easy to set and unset – NO TROJAN apps can be installed on your Mac. Period. Only Vetted Mac App Store apps can be installed. This closes the door on Malware on Mac OS X.

    If you know what app you are installing, you set EASILY reduce the security setting of Gatekeeper to install either only Developer Signed Apps (so you know who wrote the software and are assured of some safety) or ANY software. Then, once you install the app, you can then EASILY set the security BACK to the highest settings. IT IS SO EASY.

    But the key is that Gatekeeper makes it magnificently impossible at the highest setting to have any trojan apps.

    Since Apple ALREADY built-in an antivirus app to Mac OS X, this then closes the loop on security from malware and does it in a very USER FRIENDLY manner.

  • Louis Wheeler

    I have to wonder about the kind of people who would oppose this. I’m guessing that they are Linux experts who want to control every part of their system. That strikes me as being so 1990s.

    One of the great things about expanding the computer market place is that your grandmother, or your toddler, can use an iPad. The bad part of this is that you can’t expect her to be an expert. She doesn’t want to be: this is why she never bought a computer before — they are so hard to use. She needs to be coddled and protected. She even needs to be protected from herself. In a dangerous world, she would find a walled garden comforting.

    The malware problem is insane. It depends on a dangerously insecure operating system: MS Windows. With great effort and care, you can keep it malware free. The problem is that the level of expertise necessary for doing so is beyond 90% of the people using computers. This is why they pay big bucks to computer technicians. Apple is threatening this business.

  • http://www.thegraphicmac.com/ JimD

    The last paragraph of this article is all that really needed to be said on the subject, in my opinion.