Gatekeeper (OS X)

Gatekeeper

Gatekeeper under OS X Yosemite
Developer(s)	Apple Inc.
Initial release	July 25, 2012
Operating system	OS X

Not to be confused with the third-party extension Gatekeeper for "classic" Mac OS.

Gatekeeper is a security feature of the OS X operating system by Apple.^[1]^[2] It allows users to restrict which sources they can install applications from, in order to reduce the likelihood of inadvertently executing malware. It was originally introduced for OS X Mountain Lion and version 10.7.5 of its predecessor Mac OS X Lion.^[3] Gatekeeper can also be activated on Lion as of version 10.7.3 via the command-line utility spctl.^[4]^[5] The feature builds upon File Quarantine, which was introduced in Mac OS X Leopard.

Functions

Users have three options in the security & privacy panel of system preferences:^[6]

Mac App Store: allows only applications downloaded from the Mac App Store to be launched.
Mac App Store and identified developers: Allows applications downloaded from the Mac App Store and applications signed by certified Apple developers to be launched.^[7] This is the default setting in Mountain Lion and later.
Anywhere: allows all applications to be launched. This is the default setting in Lion.

When the system attempts to open an application that does not meet the chosen option's criteria, the system will refuse to open it and inform the user accordingly. To override Gatekeeper, the user either has to manually switch to a more lenient option (typically requiring an administrator password) or has to open the application from the context menu, although this only works when the second option is chosen. Once an application has passed Gatekeeper, it will be allowed to run normally and won't be verified again.^[1]

When Apple identifies an application as malware, it can add the application to the known-malware list and prevent Gatekeeper from accepting it. In addition, Apple can revoke the developer's certificate and prevent the developer from spreading other malicious programs. Applications that are already installed by the user will not be affected.^[1]

Implications

The effectiveness of Gatekeeper in combating malware has been acknowledged, but the second option has been met with reservations. Security researcher Chris Miller noted that Gatekeeper will verify the developer certificate and consult the known-malware list only when the application is first opened. Malware that already passed Gatekeeper will not be stopped. In addition, Gatekeeper will only verify applications that have been downloaded from the Internet, but not from other sources like USB flash drives.^[8] Questions have also been raised about the registration process to acquire a developer certificate and the prospect of certificate theft.^[9]

References

1 2 3 "OS X: About Gatekeeper". Apple. February 13, 2015. Retrieved June 18, 2015.
↑ Siegler, MG (February 16, 2012). "Surprise! OS X Mountain Lion Roars Into Existence (For Developers Today, Everyone This Summer)". TechCrunch (AOL Inc.). Retrieved March 3, 2012.
↑ "About the OS X Lion v10.7.5 Update". Apple. February 13, 2015. Retrieved June 18, 2015.
↑ Ullrich, Johannes (February 22, 2012). "How to test OS X Mountain Lion's Gatekeeper in Lion". Internet Storm Center. Retrieved July 27, 2012.
↑ "spctl(8)". Mac Developer Library. Apple. Retrieved July 27, 2012.
↑ Mogull, Rich (February 16, 2012). "Gatekeeper Slams the Door on Mac Malware Epidemics". TidBITS. Retrieved March 3, 2012.
↑ Snell, Jason (February 16, 2012). "Mountain Lion: Hands on with Gatekeeper". Macworld. Retrieved March 3, 2012.
↑ Foresman, Chris (February 17, 2012). "Mac developers: Gatekeeper is a concern, but still gives power users control". Ars Technica. Retrieved June 18, 2015.
↑ Chatterjee, Surojit (February 21, 2012). "OS X Mountain Lion Gatekeeper: Can it Really Keep Malware Out?". International Business Times. Retrieved March 3, 2012.

OS X

Versions

Applications

Automator Calculator Calendar Chess Contacts Dashboard Dictionary DVD Player FaceTime Finder Game Center Grapher iTunes (version history) Launchpad Mac App Store Mail Messages Notes Notification Center Photo Booth Photos Preview QuickTime Reminders Safari (version history) Stickies TextEdit Time Machine

Discontinued	Front Row iChat iPhoto iSync Sherlock

Utilities

Activity Monitor AirPort Utility AppleScript Editor Archive Utility Audio MIDI Setup Bluetooth File Exchange Boot Camp ColorSync Configurator Console Crash Reporter DigitalColor Meter Directory Utility DiskImageMounter Disk Utility Font Book Grab Help Viewer Image Capture Installer Keychain Access Migration Assistant Network Utility ODBC Administrator Screen Sharing System Preferences System Information Terminal Universal Access VoiceOver

Discontinued	Software Update Remote Install Mac OS X

Technology and
user interface

AirDrop Apple menu Apple Push Notification Service AppleScript Aqua Audio Units Bonjour CloudKit Cocoa ColorSync Command key Core Animation Core Audio Core Data Core Foundation Core Image Core OpenGL Core Text Core Video CUPS Cover Flow Darwin Dock File Quarantine FileVault Fonts Gatekeeper Grand Central Dispatch icns iCloud Inkwell I/O Kit Kernel panic Keychain launchd Mach-O MacRuby Menu extra Metal Mission Control OpenCL Option key Preference Pane Property list Quartz QuickTime Quick Look Smart Folders Speakable items Spotlight Stacks System Integrity Protection Uniform Type Identifier Universal binary WebKit XNU XQuartz

Deprecated	Carbon

Discontinued	BootX Brushed metal Classic Environment Rosetta Spaces Xgrid

This article is issued from Wikipedia - version of the Tuesday, September 15, 2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.

Gatekeeper (OS X)

Functions

Implications

See also

References