Is it not using the same code signing code? Is it not using the same monolithic single source online store?
Sure you can install any app from any source now but with code signing in place you are one OS patch away from NOT doing that.
I would say this is more of a logical conclusion then a absurd conclusion.
Ok, we get that you're worried about your Mac becoming 'restricted' like iOS devices are, but Gatekeeper actually moves the Mac a step *farther* from that scenario, not a step closer.
Prior to Gatekeeper, signed OS X apps could only be had from the Mac AppStore. At that point, a single OS patch could prevent you from installing anything that wasn't available in the AppStore.
Now, with Gatekeeper, signed apps can be had from *anyone* who bothers to get a key and sign their app. If Apple wanted to restrict everyone to AppStore apps only, they now need to require signed-only apps, *and* revoke every key that was used outside the AppStore. This would also catch in-AppStore apps written by developers who have also released software *outside* the AppStore, so it would also require splitting the keys, and getting all those developers to start using their new keys in the AppStore before Apple could go this route.
So, as you can see, Gatekeeper is evidence that Apple *isn't* going to do what you're so worried about.
On the other hand, Gatekeeper *does* allow a *user* (or administrator) to configure a system such that only signed apps will run. But that's a small step forward from a security stand-point, so nobody seems to be complaining about that aspect.
----------
Can you explain why, it in theory would not. A security hole typically get's the bad guy in, that is the first step. The second step is to execute code that is downloaded to the machine once the first step is accomplished. This code would not run how ever, since it would not be signed.
Or, if it *were* signed, it could be stopped dead by revoking the signing key as soon as the payload is discovered.
If getting the signing key requires a paid developer account, then the cat & mouse game of constantly updating the payload to evade the anti-malware code becomes *quite* expensive for the malware developers, and the whole platform loses quite a bit of it's 'charm' for them.
If not, the constant spamming for new keys provides more clues about the location and *real* identity of those malware developers, improving the chances that they'll be caught and/or stopped. Again, this reduces the 'charm' of OS X for malware developers (though not by as much as the prior scenario).
----------
I'm not a developer by any stretch of the imagination.
But... there is just something about this I don't like. I do not want to be told what I can and cannot install by Apple.
As long as Mac users will still be able to install apps from developers which choose not to distribute through the App store (And are presumably therefore going to be 'unsigned'?), then I can live with it. But it seems like a step in the direction of total control, and thats what I don't like.
It does work for the iPhone, and thats great - but my Mac is not a phone and I expect more from it.
Well, the publicly available info shows you'll be just fine, because the Gatekeeper options from a user standpoint are:
- Signed code only!
- Ask before allowing unsigned code.
- Allow any signed or unsigned code without asking.
Note: Signed code can be had from the AppStore *or* from any other location if the developer has a signing key. That's the new change with the Gatekeeper addition. Before, you could only get signed apps from the AppStore.
----------
And that's fine. They can still get their stuff out there, but it's on them to prove they aren't sketchy, and honestly, that's how it should be. There are far too many people out there trying to mess with people to just pretend it doesn't happen anymore.
And with Gatekeeper, you can at least know that the copy you have is the genuine article, and not some hacked-up, malware-ridden version. That goes a long way toward being *able* to prove that your apps aren't 'sketchy'.
----------
Maybe again, that's because you weren't supposed to use it in Lion ?
Yep. It only existed in Lion to allow *developers* to test their signed apps to make sure everything behaved as expected on a system where Gatekeeper was set up more/less restrictive than the default of "ask before running unsigned code". Why someone would complain about the end-user-friendliness of an intended-for-developers-only-at-this-stage system is beyond me.
