Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Gatekeeper Already Present in OS X 10.7.3, Available for Developer Testing

faroZ06

faroZ06

macrumors 68040
Apr 3, 2009
3,387
1
Durendal said:
Oh baloney. This would only "prevent" install-and-authenticate malware, and if malware for OS X continues to evolve as it has on Windows, you may not need to actually run an installer. Anyone who turns it off won't get any kind of warning and malware continues. Those who leave it on probably won't get anything outside of the App Store, which is the real idea behind this: Scare the newbies into giving more money to Apple.
Click to expand...

UNIX is designed so that you can't have viruses, only malware that relies on the user entering his/her password and allowing it to install. They just need to have it warn you once WITHOUT A POPUP that it is unsigned (instead of a dialog box every single time like in Windows).

"App seems legit, and I don't need Gatekeeper? Hmmm, it warned me that it is unsigned. Now it's asking me for the password. Better check on this."
 
D

Durendal

macrumors 6502
Apr 12, 2003
287
1
faroZ06 said:
Consumers don't use open-source software...
Click to expand...
Yeah, because nobody ever uses Firefox, right? Chrome isn't built on open source either, is it? Hell, OS X doesn't have large chunks of open source software, oh no!

What utter crap. Consumers probably don't realize that they use open source software or know what it is, but they do use it. Consumers won't be compiling their own stuff, but they can download Firefox.
 
M

Molecule

macrumors regular
May 19, 2010
107
0
Makes you wonder just how much longer it wil be until you can only get your apps from the Mac App Store. We can only hope that Apple isn't that stupid.

On a side note, there's a beautiful irony in the screenshot being related to Adium...today Gizmodo asserted that Apple is trying to kill off Adium with Messages.
 
D

Durendal

macrumors 6502
Apr 12, 2003
287
1
faroZ06 said:
UNIX is designed so that you can't have viruses, only malware that relies on the user entering his/her password and allowing it to install. They just need to have it warn you once WITHOUT A POPUP that it is unsigned (instead of a dialog box every single time like in Windows).

"App seems legit, and I don't need Gatekeeper? Hmmm, it warned me that it is unsigned. Now it's asking me for the password. Better check on this."
Click to expand...
First point is utter crap. Privilege escalation exploits have been found for OS X in the past and will continue to be found. Nothing is perfectly secure.

And users will see the popup, get scared, and run away.
 
faroZ06

faroZ06

macrumors 68040
Apr 3, 2009
3,387
1
Durendal said:
Yeah, because nobody ever uses Firefox, right? Chrome isn't built on open source either, is it? ****, OS X doesn't have large chunks of open source software, oh no!

What utter crap. Consumers probably don't realize that they use open source software or know what it is, but they do use it. Consumers won't be compiling their own stuff, but they can download Firefox.
Click to expand...

Which will surely be signed and on the App Store. Those open-source things like FireFox are built to be native to Mac OS X, not generic builds that require X11 or whatever.
 
spazzcat

spazzcat

macrumors 68040
Jun 29, 2007
3,683
4,771
rnizlek said:
Do you know that, or are you just speculating? You'll need to get a certificate, but who's to say Apple will charge for certificates? And if they do charge, charge a lot? I think it's only in their interest to make development for the platform easy.

I think what makes sense is an option to keep gatekeeper on but allow exceptions on an individual app basis. That way you get the benefit of the protection even without all of your apps being signed.
Click to expand...

They already said they will be free
 
Rodimus Prime

Rodimus Prime

macrumors G4
Oct 9, 2006
10,136
4
Stella said:
You turn off Gate Keeper.

But, the software may not be safe. It may trash your hard disk and steal your girlfriend. :D
Click to expand...

Some how I could see Apple making it rather difficult to turn it off or blocking to do it.

I could see this as Apple next step in locking down OSX like they have iOS. Apple is setting up to lock it down. I could see them using this as the next step before forcing people to have to use signed software.
 
D

Durendal

macrumors 6502
Apr 12, 2003
287
1
faroZ06 said:
Which will surely be signed and on the App Store. Those open-source things like FireFox are built to be native to Mac OS X, not generic builds that require X11 or whatever.
Click to expand...
Gimp relies on X11 and gets plenty of use.
 
faroZ06

faroZ06

macrumors 68040
Apr 3, 2009
3,387
1
Durendal said:
First point is utter crap. Privilege escalation exploits have been found for OS X in the past and will continue to be found. Nothing is perfectly secure.

And users will see the popup, get scared, and run away.
Click to expand...

If you're advanced, you go into system prefs and disable Gatekeeper. It still warns you if something is unsigned but does not stop you from opening it. Nothing you open is going to somehow get sudo permissions and make a bunch of copies of itself all over the place and take over your launch daemons.

If you're a newbie, you don't download stuff unless it is well-known (and will therefore be signed).
 
D

Durendal

macrumors 6502
Apr 12, 2003
287
1
spazzcat said:
They already said they will be free
Click to expand...
I wonder how Apple is going to filter the list of people who get certificates. Some malware putz could get one, cleverly hide his malware in an otherwise-legit-looking application, and get wide distribution before it's found and his certificate is revoked...and then he just whips up a new company under a new name, gets a certificate...

I think more info is needed on this process.
 
VenusianSky

VenusianSky

macrumors 65816
Aug 28, 2008
1,290
47
faroZ06 said:
Wait, how is this going to work with open-source stuff that you compile yourself?
Click to expand...

If you sign it yourself with a self-issued Code Signing certificate and include the self-signed CA root certificate in the trusted store, you shouldn't receive any prompt. I have no clue how this is done on OS X, but I am familiar with the procedure in Windows. By default, Windows doesn't prevent execution of unsigned code, except hardware drivers.
 
R

rnizlek

macrumors 6502
Mar 31, 2004
335
176
Washington, DC
spazzcat said:
They already said they will be free
Click to expand...

So I guess I don't understand the furor about this then. The default setting will allow signed apps without issue, and basically everyone here acknowledges that inexperienced users are not going to mess with the default. The certs will be free, so anyone can get them. Other than a dev taking the time to get a cert, how will this impede anything?
 
Stella

Stella

macrumors G3
Apr 21, 2003
8,838
6,341
Canada
Rodimus Prime said:
Some how I could see Apple making it rather difficult to turn it off or blocking to do it.

I could see this as Apple next step in locking down OSX like they have iOS. Apple is setting up to lock it down. I could see them using this as the next step before forcing people to have to use signed software.
Click to expand...

Apple are taking a slowly slowly approach, if a locked down OSX is their aim. They couldn't lock down OSX now, there would be up roar.

Apple love and crave control ; The more control the better.
 
bushido

bushido

Suspended
Mar 26, 2008
8,070
2,755
Germany
as an dev id be pretty pissed at apple calling my legit application a risk and danger just because you dont participate in their mac store stuff

Talk about bad mouth and destroying ones reputation. noob going like "hey i tried to install adium last night and i got a warning u shouldnt install this app anymore, i think its a virus"
 
faroZ06

faroZ06

macrumors 68040
Apr 3, 2009
3,387
1
Durendal said:
I wonder how Apple is going to filter the list of people who get certificates. Some malware putz could get one, cleverly hide his malware in an otherwise-legit-looking application, and get wide distribution before it's found and his certificate is revoked...and then he just whips up a new company under a new name, gets a certificate...

I think more info is needed on this process.
Click to expand...

We'll have to wait and see. I don't think Apple is going to let illegit apps get through except for a few rare mistakes.

What Apple should have is a quality test too. Some apps may be perfectly legit but lower-quality (wasteful of RAM, clunky, etc). It should warn you of the quality level before you download it.
 
R

rmwebs

macrumors 68040
Apr 6, 2007
3,140
0
Note that command down just in case some clever git decides to lock os x down in the future ;)
 
D

Durendal

macrumors 6502
Apr 12, 2003
287
1
rnizlek said:
So I guess I don't understand the furor about this then. The default setting will allow signed apps without issue, and basically everyone here acknowledges that inexperienced users are not going to mess with the default. The certs will be free, so anyone can get them. Other than a dev taking the time to get a cert, how will this impede anything?
Click to expand...
I'm just wondering what would stop a malware author from also getting a cert, then getting another under a different name if the first gets revoked, and so on, and so on...

Either this is going to be a filtered process that is a pain for legit developers or it'll do jack squat to prevent malware.
 
ArtOfWarfare

ArtOfWarfare

macrumors G3
Nov 26, 2007
9,561
6,059
That error message is phrased horribly.

I think a better message would be "This app has not been verified as safe by Apple. If it asks for your password or personal information you don't think it needs, it may be malware and you should delete it."
 
Mr. Gates

Mr. Gates

macrumors 68020
Jun 17, 2009
2,217
15
--Redmond --------- ----------------Washington---
Gatekeeper ?

Ghostbusters-The-Keymaster.jpg



I'm the Keymaster


1287088568-dana.jpg



Hahaha .....I had to
 
D

Durendal

macrumors 6502
Apr 12, 2003
287
1
faroZ06 said:
We'll have to wait and see. I don't think Apple is going to let illegit apps get through except for a few rare mistakes.

What Apple should have is a quality test too. Some apps may be perfectly legit but lower-quality (wasteful of RAM, clunky, etc). It should warn you of the quality level before you download it.
Click to expand...
But that's the question. Apple can't possibly authorize and filter every single application made by every developer who gets a certificate.
 
faroZ06

faroZ06

macrumors 68040
Apr 3, 2009
3,387
1
bushido said:
as an dev id be pretty **** at apple calling my legit application a risk and danger just because you dont participate in their mac store stuff

Talk about bad mouth and destroying ones reputation. noob going like "hey i tried to install adium last night and i got a warning u shouldnt install this app anymore, i think its a virus"
Click to expand...

It certainly seems more legit if an app is on the App Store than if it's from some website, but it shouldn't scare the user so much and call it a threat. It is riskier, though.

Now, if you open an unsigned app by the same name as an app on the App Store, then the alarms should go off.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom