PDA

View Full Version : [Resolved] Gatekeeper will be useless if adobe/microsoft/blizzard do not sign their apps




Processor
Jul 16, 2012, 03:41 PM
I think I should enable gatekeeper for security now

If microsoft/blizzard/adobe/vmware etc do not sign their applications, many of ML users will need to disable the gatekeeper. There should be a feature like a exception list but I didn't see that on GM.
Should I install bootcamp for those software or just disable gatekeeper?

:D



Krazy Bill
Jul 16, 2012, 03:49 PM
I have done homework before posted this thread.
If microsoft/blizzard/adobe/vmware etc do not sign their applications, many of ML users will need to disable the gatekeeper. There should be a feature like a exception list but I didn't see that on GM.
Should I install bootcamp for those software or just disable gatekeeper?

:D


When I upgrade to ML... here's my checklist:

1.) Turn on Mac
2.) Disable Gatekeeper

Death-T
Jul 16, 2012, 04:06 PM
I find Gatekeeper to be useless in my opinion. I can judge for myself whether an app is safe to download or not, and when in doubt I can always enter in a quick Google search to see what's up. To my knowledge I don't often download apps that Gatekeeper would have a problem with anyway, but if one comes up than it would just get in my way. I understand why it may be a useful feature to some people. Perhaps a parent whose Mac is often used by their family and kids and wants some control over what's happening on their PC while they're not using it will like what Gatekeeper has to offer. But if you have common sense and other people rarely if ever even use your PC (and then when they do, only surf the web for a minute or whatever) then it's pretty silly to even bother with Gatekeeper. You're ultimately the one who decides what is and what isn't downloaded on your PC anyway.

lunarworks
Jul 16, 2012, 04:09 PM
Right-click on the app, choose "Open", it will ask you if you really wanna do that, allow, and for that app it will never ask you again.

Plus, pretty much every dev that hasn't abandoned their software is going to sign sooner or later.

roadbloc
Jul 16, 2012, 04:21 PM
They should have added an exception list for apps that you know are safe, but are unsigned. It is a shame that Apple have made such a botched job on added security.

lunarworks
Jul 16, 2012, 04:23 PM
They should have added an exception list for apps that you know are safe, but are unsigned. It is a shame that Apple have made such a botched job on added security.

Again:

Right-click on the app, choose "Open", it will ask you if you really wanna do that, allow, and for that app it will never ask you again.

westonm
Jul 16, 2012, 05:04 PM
I'd place the odds of most developers signing their apps as, high.

jasomill
Jul 16, 2012, 09:07 PM
I have done homework before posted this thread.
If microsoft/blizzard/adobe/vmware etc do not sign their applications

jtm@socrates ~ $ codesign -dvv /Applications/Adobe\ Photoshop\ CS6/Adobe\ Photoshop\ CS6.app /Applications/Microsoft\ Office\ 2011/Microsoft\ Excel.app /Applications/VMware\ Fusion.app
Executable=/Applications/Adobe Photoshop CS6/Adobe Photoshop CS6.app/Contents/MacOS/Adobe Photoshop CS6
Identifier=com.adobe.Photoshop
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=282388 flags=0x0(none) hashes=14113+3 location=embedded
Signature size=4232
Authority=Developer ID Application: Adobe Systems, Inc.
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Signed Time=Mar 15, 2012 6:03:05
Info.plist entries=28
Sealed Resources rules=15 files=357
Internal requirements count=1 size=260
Executable=/Applications/Microsoft Office 2011/Microsoft Excel.app/Contents/MacOS/Microsoft Excel
Identifier=com.microsoft.Excel
Format=bundle with Mach-O thin (i386)
CodeDirectory v=20100 size=128048 flags=0x0(none) hashes=6396+3 location=embedded
Signature size=3686
Authority=Microsoft Corporation
Authority=VeriSign Class 3 Code Signing 2009-2 CA
Authority=
Signed Time=Jun 16, 2012 5:07:26
Info.plist entries=34
Sealed Resources rules=2 files=0
Internal requirements count=1 size=188
Executable=/Applications/VMware Fusion.app/Contents/MacOS/VMware Fusion
Identifier=com.vmware.fusion
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=30866 flags=0x0(none) hashes=1537+3 location=embedded
Signature size=4218
Authority=Developer ID Application: VMware, Inc.
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Signed Time=May 27, 2012 16:31:39
Info.plist entries=24
Sealed Resources rules=7 files=3915
Internal requirements count=1 size=380

Processor
Jul 16, 2012, 09:22 PM
jtm@socrates ~ $ codesign -dvv /Applications/Adobe\ Photoshop\ CS6/Adobe\ Photoshop\ CS6.app /Applications/Microsoft\ Office\ 2011/Microsoft\ Excel.app /Applications/VMware\ Fusion.app
Executable=/Applications/Adobe Photoshop CS6/Adobe Photoshop CS6.app/Contents/MacOS/Adobe Photoshop CS6
Identifier=com.adobe.Photoshop
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=282388 flags=0x0(none) hashes=14113+3 location=embedded
Signature size=4232
Authority=Developer ID Application: Adobe Systems, Inc.
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Signed Time=Mar 15, 2012 6:03:05
Info.plist entries=28
Sealed Resources rules=15 files=357
Internal requirements count=1 size=260
Executable=/Applications/Microsoft Office 2011/Microsoft Excel.app/Contents/MacOS/Microsoft Excel
Identifier=com.microsoft.Excel
Format=bundle with Mach-O thin (i386)
CodeDirectory v=20100 size=128048 flags=0x0(none) hashes=6396+3 location=embedded
Signature size=3686
Authority=Microsoft Corporation
Authority=VeriSign Class 3 Code Signing 2009-2 CA
Authority=
Signed Time=Jun 16, 2012 5:07:26
Info.plist entries=34
Sealed Resources rules=2 files=0
Internal requirements count=1 size=188
Executable=/Applications/VMware Fusion.app/Contents/MacOS/VMware Fusion
Identifier=com.vmware.fusion
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=30866 flags=0x0(none) hashes=1537+3 location=embedded
Signature size=4218
Authority=Developer ID Application: VMware, Inc.
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Signed Time=May 27, 2012 16:31:39
Info.plist entries=24
Sealed Resources rules=7 files=3915
Internal requirements count=1 size=380


Awesome, I learned to use this good tool to check my applications :D

waitingallday
Jul 17, 2012, 01:36 AM
Also see CodeSign Checker (http://fernlightning.com/doku.php?id=software:misc:cscheck) for a GUI app that does the same. Signing has been around for a while and is not the same as Gatekeeper-friendly Developer ID signing (https://developer.apple.com/resources/developer-id/).

superriku11
Jul 17, 2012, 10:42 PM
Right-click on the app, choose "Open", it will ask you if you really wanna do that, allow, and for that app it will never ask you again.

Plus, pretty much every dev that hasn't abandoned their software is going to sign sooner or later.

Not necessarily. Signing costs money. You have to be part of the Mac Developer Program which costs $99 per year. If you develop free software, to pay $100 per year for no good reason is pretty stupid. If you're a huge company like Adobe and you make $100 per 2 seconds, yeah sure, then it's okay. But for freeware developers, no.

If Apple insists on pushing Gatekeeper, which I suspect they will in future releases, making it more difficult to disable, then they need to make it so that anyone can sign software for free, and only publishing to the Mac App Store costs money. That would be fair if you ask me.

This Gatekeeper thing is either going to not make much impact on anything, or it's going to make negative impact on freeware developers. More likely the latter. Most basic computer users will download a freeware application, try to open it, can't open it, and not know what's wrong.

I personally think it's a stupid feature. It should be off by default and turned on if the user sets it that way, not the other way around.



The whole concern about malware is completely blown out of proportion. So some script kiddies who develop Flashback to make advertising money get half a million installs? There are large botnets with over a million installs on Windows PCs. Do we hear about those in the same way we heard about Flashback? No.

As I said, blown out of proportion.

Any decent malware is spread by non-user-interaction. Malware developers like using exploited Java vulnerabilities to initiate payloads without requiring any sort of confirmation from the user. Because the chances of getting a user to execute a shady program decrease with every step the user must do.

If the user has to download, unpack, run, and authorize a piece of "malware" for Mac, that is not only pathetic for the user's stupidity, but for the fact that the developer couldn't figure out how to use a better attack vector.

Gatekeeper still will not stop vulnerabilities in Java (for those who've installed it) or other plugins, nor will it stop buffer exploits in services, or any other potential threat. It will only stop downloaded programs, which haven't proven to be a large threat like Flashback has anyways.



They are creating an artificial "need" for this Gatekeeper "protection". You did not need it before, you do not need it now. Not having it before didn't allow any major attacks in particular, and having it won't likely prevent any either. They are making people think they need things they don't need. Truth is, Apple has an ulterior motive. They want to push all software distribution to the Mac App Store so as to generate more profit for themselves. So they can grab that 30% cut of every paid app downloaded. This Gatekeeper thing is only the first step. Just watch. In future releases, it will get harder or even impossible to turn it off. In the future, OS X may require a "jailbreak" to run 3rd party software, but it would be pretty useless since any developer would rather distribute on the MAS. And the MAS's restrictions don't allow for freedom of software.

If things continue going in this direction, to the point I predicted, and I sure hope they don't, but if they do, I'll have to switch to a GNU/Linux OS that does respect my freedom.

As I said, it is a useless feature. It will not protect against any professional form of attack, and it will only hamper development of freeware. Bad idea, Apple.

stisdal
Jul 17, 2012, 11:53 PM
As I said, it is a useless feature. It will not protect against any professional form of attack, and it will only hamper development of freeware. Bad idea, Apple.


In my case, I like Gatekeeper, on my wife's MacBook! She has no idea what to install, update or anything else. I have to grab her Mac once a week or so and check for / install updates or programs.

With Gatekeeper, I at least have that extra caution step to turn her back before installing anything malicious. Now she can get things when needed as long as Gatekeeper allows with less concern. (I travel for work, so I'm not always there if she wants an app or program)

bob616
Jul 18, 2012, 09:00 AM
Not necessarily. Signing costs money. You have to be part of the Mac Developer Program which costs $99 per year. If you develop free software, to pay $100 per year for no good reason is pretty stupid. If you're a huge company like Adobe and you make $100 per 2 seconds, yeah sure, then it's okay. But for freeware developers, no..

Apple said in there keynote address that developers would be able to sign there apps without being a part of the $100 Mac Dev Program.

heisenberg123
Jul 18, 2012, 09:11 AM
Again:

Right-click on the app, choose "Open", it will ask you if you really wanna do that, allow, and for that app it will never ask you again.

lol maybe if you say it 3 times people will understand

----------

Not necessarily. Signing costs money. You have to be part of the Mac Developer Program which costs $99 per year. If you develop free software, to pay $100 per year for no good reason is pretty stupid. If you're a huge company like Adobe and you make $100 per 2 seconds, yeah sure, then it's okay. But for freeware developers, no.

I personally think it's a stupid feature. It should be off by default and turned on if the user sets it that way, not the other way around.



as said you can sign without a dev program account, and no features like this need to be on by default, people that dont need the feature know enough to turn it off, the people that are at risk to malware are not the type that know enough to turn it on.

superriku11
Jul 18, 2012, 11:29 AM
In my case, I like Gatekeeper, on my wife's MacBook! She has no idea what to install, update or anything else. I have to grab her Mac once a week or so and check for / install updates or programs.

With Gatekeeper, I at least have that extra caution step to turn her back before installing anything malicious. Now she can get things when needed as long as Gatekeeper allows with less concern. (I travel for work, so I'm not always there if she wants an app or program)
This is one of those cases where it would be better to turn it on as needed. Not on by default.

What should be done actually, is during setup of the system, it has a part that asks you. It describes that Enabled mode prevents unsigned programs from running, but if you happen to want an unsigned program, it may be a problem. And that Disabled mode provides software freedom, but will make your computer open to an attack vector that is highly unlikely to be used in the first place.


as said you can sign without a dev program account, and no features like this need to be on by default, people that dont need the feature know enough to turn it off, the people that are at risk to malware are not the type that know enough to turn it on.
Read above where I said it still shouldn't be on by default but you should be prompted to make a choice during setup.


Apple said in there keynote address that developers would be able to sign there apps without being a part of the $100 Mac Dev Program.
Well I don't know much about the Apple ecosystem. Mainly because I don't like the idea than anyone, especially a company, can act as the deity of all software and make arbitrary decisions about what programs run and what ones don't. Last I heard you needed an iTunes Connect ($100 developer program fee) account in order to even have a signing certificate.

If what you said is correct though, this doesn't prevent any threats from this attack vector. Anybody can just get a new ID to sign with if they're free. Pretty much rendering the feature useless against malware. Sure Apple can revoke the ID and make the signature invalid, but what's stopping the developer from just getting a new one and re-signing?





As I said before, downloaded programs on Mac isn't an attack vector that's frequently used. Even on Windows, anybody who's serious about spreading their malware would not make something where the user has to download a program. What hackers prefer is something that doesn't require user interaction. Maybe a remote exploit, where they can grab lots of IPs and exploit a zero day vulnerability in an OS X internet service. Or maybe an exploit to Flash or Java, both of which many people have installed.

They look at downloaded programs as their last option I'd say. It's about the worst method of spreading malware that there is.

So, as to my original point, Gatekeeper will not help in any significant way.

heisenberg123
Jul 18, 2012, 12:02 PM
If what you said is correct though, this doesn't prevent any threats from this attack vector. Anybody can just get a new ID to sign with if they're free. Pretty much rendering the feature useless against malware. Sure Apple can revoke the ID and make the signature invalid, but what's stopping the developer from just getting a new one and re-signing?

im sure all signed apps need a finally approval from apple, i wouldn't imagine its just instantly approved

superriku11
Jul 18, 2012, 03:29 PM
im sure all signed apps need a finally approval from apple, i wouldn't imagine its just instantly approved

To my knowledge, apps submitted to the App Store definitely require review before they're distributed. But with the concept behind code signing, it should be possible to make a signature that validates and runs instantly. Meaning, if you sign your application and distribute it outside the App Store, it should run without issue.

Though Apple does hold the ability to revoke (think "flag") a certificate, rendering a signature invalid, I don't know how they could possibly keep track of applications that aren't distributed through the App Store. Apple also couldn't possibly get the source code, the best they could do is debug/disassemble it in ASM. So it would become exceedingly hard for them to review 3rd party applications.

NATO
Jul 20, 2012, 04:54 AM
I think Gatekeeper is a fantastic idea for non-techy users. For example, when I set up the Mac at my parent's house I'm going to install whatever they need (MS Office mainly), then turn Gatekeeper up to its highest setting. They won't be installing anything from outside the App store, and if they do, I'll explain how to temporarily turn Gatekeeper off.

It means everyone is secure in the knowledge that no malware will make it onto their computer.

Puevlo
Jul 20, 2012, 05:34 AM
I wish they'd make it so you could leave Gatekeeper on but disable it for certain apps. Pretty lame this isn't included.

maflynn
Jul 20, 2012, 05:35 AM
I have a number of apps from major makers that won't work with gatekeeper. Perhaps that will change but it will mean that I'll have to disable it.

Phil A.
Jul 20, 2012, 05:38 AM
I wish they'd make it so you could leave Gatekeeper on but disable it for certain apps. Pretty lame this isn't included.

I don't know how many times the following quote from lunarworks going to have to be said before people read it ;)

Right-click on the app, choose "Open", it will ask you if you really wanna do that, allow, and for that app it will never ask you again.

Plus, pretty much every dev that hasn't abandoned their software is going to sign sooner or later.

Winter Charm
Jul 26, 2012, 08:46 AM
They are creating an artificial "need" for this Gatekeeper "protection". You did not need it before, you do not need it now. Not having it before didn't allow any major attacks in particular, and having it won't likely prevent any either. They are making people think they need things they don't need. Truth is, Apple has an ulterior motive. They want to push all software distribution to the Mac App Store so as to generate more profit for themselves. So they can grab that 30% cut of every paid app downloaded. This Gatekeeper thing is only the first step. Just watch. In future releases, it will get harder or even impossible to turn it off. In the future, OS X may require a "jailbreak" to run 3rd party software, but it would be pretty useless since any developer would rather distribute on the MAS. And the MAS's restrictions don't allow for freedom of software.

If things continue going in this direction, to the point I predicted, and I sure hope they don't, but if they do, I'll have to switch to a GNU/Linux OS that does respect my freedom.

As I said, it is a useless feature. It will not protect against any professional form of attack, and it will only hamper development of freeware. Bad idea, Apple.

I think I'd have to disagree. GK isn't useless, and they aren't forcing anyone to the app store. By default GK is set to allow ALL SIGNED APPS. Even ones from outside the app store!

Now, yes, it's detrimental to developers who want to make free utilities and some really nice tools.

However, it does give apple a way to keep tabs on developers and shut down apps that are trying to take and sell your personal info.

GateKeeper isn't some crazy form of anti malware that will stop a determined hacker, but this will discourage developers from trying funny stuff - something they seem all too willing to do on iOS

The one thing I worry about is GK lulling mac users into a false sense of security... :(



----------

I wish they'd make it so you could leave Gatekeeper on but disable it for certain apps. Pretty lame this isn't included.

Actually IT IS.

Right click on any app that's an exception, and click OPEN.

You'll get a confirmation asking you if you want to do this. That app will never bother you again, whether you have gatekeeper on its highest setting or not.