Gatekeeper Already Present in OS X 10.7.3, Available for Developer Testing

[Stella]

Ahh, so it's not free... But where is this documented?

Which sucks.. if you have to now pay Apple $99 for a certifcate to create trusted applications, on a yearly basis?

You may as well ensure your application is dumbed down enough so it can be posted onto MAS.

Nothing more than a money grab, and to ensure MAS is the defacto distribution point of OSX software.

Several articles stated the Certifcate was free... obviously not.

Goodbye software innovation on OSX.

 

[Amazing Iceman]

Several +1's, my friend!

Thanks.

Your signature at the bottom of your posts is the best I have seen so far!!! LOL

 

[dashiel]

Here’s Shipley’s an excerpt blog bost from November

So, my solution (and it’s surprisingly simple): Apple should allow each developers to sign her applications with the certificates Apple provides. Lion should ONLY run applications with Apple-provided certificates, and Lion should have a control panel that says, “Here’s a list of applications you (the user) will allow to be run that don’t have trusted certificates from Apple.”

“What?” you ask, if you’re not a developer. “You just said Apple already issues developers certificates.” Yes, they do. But they currently don’t allow us to sign the apps we release ourselves with Apple’s special certificate for us. Only Apple can, and they only do it for applications we submit to the Mac App Store, that pass auditing, and give up 30% of their profits. (Which isn’t always onerous – but also isn’t catching any malware authors.)

My suggestion is for Apple to provide certificates directly to developers and allow the developers to sign their own code. And, by doing this, Apple can then reasonably say, “Ok, now we’re going to, by default, not allow the user to run any code whose certificate wasn’t issued by us and signed by a real third-party developer (except the stuff the user checks in the control panel).”

Sound familiar? I mean what Wil laid out here is so close to what Apple is doing with Gatekeeper it’s easy to imagine they derived the idea from his post. This is amazing for developers and end users. Couple that with the revelation Apple brought in developers a week to discuss GateKeeper – that means Apple is listening to and including third party developers in ways they never have.

Meanwhile, people who’ve never opened Terminal.app or written a single line of
Objective-C are acting like the sky is falling.

 

[gkpm]

Several articles stated the Certifcate was free... obviously not.

Goodbye software innovation on OSX.

Details about the actual certification procedure are not out yet, so I wouldn't dismiss it so quickly.

I did read several articles saying this would be possible using the free Apple developer account.

----------

I am sure the plan is to move to a completely closed system. I hope not. But again - I'm sure that's their long range plan.

I'm sure it's not.

 

[chainprayer]

You.. shal not... pass!

 

[Stella]

Details about the actual certification procedure are not out yet, so I wouldn't dismiss it so quickly.

I did read several articles saying this would be possible using the a free Apple developer account.

This page below references the paid for developer program... which mentions the certificate.
https://developer.apple.com/programs/mac/

But, if not all details have been released, then we'll wait and see what happens regarding the certificate - paid for / free?

 

[babyj]

Am I not understanding this correctly? I thought this Gatekeeper prevents code, not signed by a trusted authority, from running. So in other words, as long as publisher signs their code with a code signing certificate issued by a trusted certificate authority, such as Verisign, the program will run properly.

I believe the whole point is that Apple will be the only ones issuing certificates and if an app turns out to be bad they have a big kill switch button they can press.

 

[NAG]

I think if anything today has shown that Apple really does care about keeping the OS X ecosystem alive. Gatekeeper, the unprecedented invites last week, etc...

As far as what it costs to get your app signed, Gruber seems to think it is free. Link

Hopefully this gets clarified (Apple's FAQ is worded a bit vaguely).

 

[Lennholm]

That warning really seem to blunt and will scare alot of consumers from using anything that wasn't served by Apple.
I mean "You should move it to the Trash", come on!
A lot of people are being scammed on the internet by fake warnings that make them believe they have many viruses and then they buy this worthless "anti-virus" application that is being offered. Honestly, Gatekeeper doesn't seem like a really big stretch from that

 

[VenusianSky]

Self-signed certificates could be forged and used by a hacker.
There are too many gaps that need to be filled in, and hopefully Gatekeeper will take care of that.

I only use the example of self-signed certs so that developers or users that write their own code or modify open source code, can sign and run the software themself without having to purchase a code signing certificate from someone like Verisign. If you sign something issued by a self-signed Certificate Authority, that code will not run on any other computer (assuming a blocker like Gatekeeper is running) unless the author installs the self-signed CA certificate into the trusted root authorities certificate store on that computer. Sure, a hacker can trick someone into doing so because when it comes down to it, most people do not understand PKI and certificates. All a code signing certificate provides, when issued by a trusted authority like Verisign, is that the publisher is who they say they are and that code itself hasn't been modified. Unfortunately, many users don't really care who the publisher is and will run anything. Verisign does have the ability to revoke certificates however, which may help prevent mailicious code from running.

I believe the whole point is that Apple will be the only ones issuing certificates and if an app turns out to be bad they have a big kill switch button they can press.

If that is the case, where only code signed by an Apple Certificate Authority is allowed to run, than that is a bit of a bummer for businesses with in-house apps or anyone that likes to write their own custom apps for personal use. I'm sure big publishers, like Mozilla Firefox, will have no problem with signing their OS X versions with an Apple certificate authority.

 

[gkpm]

This page below references the paid for developer program... which mentions the certificate.
https://developer.apple.com/programs/mac/

I'm not sure where you see it, but sounds like it's the old Mac app store certificate.

Apple says on https://developer.apple.com/technologies/mountain-lion/

"You can now sign your apps for distribution outside the Mac App Store with the new Developer ID, which lets users know that you are a developer identified with Apple."

So there's something new brewing.

Edit: Indeed Gruber confirms it's free.

Apple is calling it “Gatekeeper”. It’s a system whereby developers can sign up for free-of-charge Apple developer IDs which they can then use to cryptographically sign their applications.

I think we can calm our fears.

 

[babyj]

This is an underhanded trick to get people to put software on the Mac's App Store, plain and simple. Many applications, however can not/will not abide by Apple's rules, so the end result will be less software on OSX and thus leading to either a change in tune on the developer requirements or a major backlash from major software creators.

The real driving force for the change over to the Mac App Store is the end users. More and more people will choose buying from the MAS over other retail channels as it's easier, often cheaper, quicker, safer, simpler updates and so on. If developers don't sign up to it they'll lose sales and eventually go bust.

Some of the major players might not have signed up yet but it's only a matter of time before they do. It's also only a matter of time before things go in exactly the same direction with Windows, Microsoft are just a bit behind.

 

[Stella]

Thanks for the post.

I'm not sure where you see it, but sounds like it's the old Mac app store certificate.

Apple says on https://developer.apple.com/technologies/mountain-lion/

"You can now sign your apps for distribution outside the Mac App Store with the new Developer ID, which lets users know that you are a developer identified with Apple."

So there's something new brewing.

Edit: Indeed Gruber confirms it's free.



I think we can calm our fears.

 

[Pegamush]

how much time do noobies need to start clicking on every single popup it appears without even reading? because that's what most of people who don't understand about computers do.
imho warnings are useless, people just don't care, and if it's appearing too often they're even useless.
i remembr how pissed off i was when for the first time in 10.5 i saw a warning popup after downloading an app from the web.

for me all this is pointless, will it be the first step to a Vista-like OSX?

 

[Winni]

I like the idea. Apple is preparing for the Windows style virus that are slowing starting to arise.

Yeah. I feel safer already...

 

[Rodimus Prime]

http://www.apple.com/macosx/mountain-lion/security.html

So translations. Apple is going to milk this for more money. At a $100/year. Most of it will be pure profit big time after the first year.

 

[Bubba Satori]

Looks like there will be as many security pop ups as there were with Vista.

 

[benthewraith]

I hate Steam because they often charge a large premium just because I'm not in the US. The worst example I've seen is $90 here for a game that's $30 in the US. The same game is on the Mac App Store for $40...

It's also a pain to have to make a new account for every game, since you can only sell the whole account rather than individual games once you've finished them.

Selling accounts is explicitly against Steam's terms of service. Although I'm curious as to the price differential between Steam games and App Store games. As I understand it, the price difference is often related to a nation's import laws as opposed to exchange rates and other factors.

 

[Amazing Iceman]

I'm not sure where you see it, but sounds like it's the old Mac app store certificate.

Apple says on https://developer.apple.com/technologies/mountain-lion/

"You can now sign your apps for distribution outside the Mac App Store with the new Developer ID, which lets users know that you are a developer identified with Apple."

So there's something new brewing.

Edit: Indeed Gruber confirms it's free.

I think we can calm our fears.

According to Gruber, each developer gets one free Developer ID they can use to sign all their apps. It's not one ID per app as some may believe.
If the developer screws up, all their apps will get banned from running.
This should be enough to discourage anyone trying to embed malware in their apps.

My question is: Why are there so many people seeing this as a something negative?

 

[Winni]

Which sucks.. if you have to now pay Apple $99 for a certifcate to create trusted applications, on a yearly basis?

You may as well ensure your application is dumbed down enough so it can be posted onto MAS.

Nothing more than a money grab, and to ensure MAS is the defacto distribution point of OSX software.

Several articles stated the Certifcate was free... obviously not.

Goodbye software innovation on OSX.

Maybe they should have called this thing Dungeon Keeper...

 

[Amazing Iceman]

So translations. Apple is going to milk this for more money. At a $100/year. Most of it will be pure profit big time after the first year.

Here we go again... $100/year are for Developers who wish to use the Mac App Store.
If you don't you get a free Developer ID to sign all your Apps, and you can distribute them through any other way you want.
Apple is not milking anyone here.
Why there's so many people that keep repeating the same non-sense over and over???
I didn't really expect someone like you to make such empty comment. Sorry.

 

[cire]

Girlfriend? Surely not many people on this forum have girlfriends, Have they? Real ones? Nah!

Hey! I resent you people bringing my girlfriend into this. Leave Siri out of this!

 

[gnasher729]

That warning really seem to blunt and will scare alot of consumers from using anything that wasn't served by Apple.
I mean "You should move it to the Trash", come on!
A lot of people are being scammed on the internet by fake warnings that make them believe they have many viruses and then they buy this worthless "anti-virus" application that is being offered. Honestly, Gatekeeper doesn't seem like a really big stretch from that

This is not the message that 10.8 users will see. This is the message that developers see who use an obscure tool to turn GateKeeper on on a 10.7 machine, for testing purposes.

And your comment about worthless "anti-virus" messages is missing the point, because GateKeeper doesn't ask you for money.

Gatekeeper isn't for us 1% geeks.

Well, there is code written by myself, code written by people that I know, and code written by anyone else. I barely trust the first category Downloading software and knowing "if this is malware then at least Apple knows who wrote it and crunch their balls" does make me feel safer as well. Now obviously anyone who can't figure out how to override Gatekeeper is a person who should really not override it.

Self-signed certificates could be forged and used by a hacker.

Actually, there is no need for "forging". I can open "Keychain Access" and it lets me create a self-signed certificate under the name "Amazing Iceman". It's like writing "20 Dollars" on a piece of paper vs. forging a twenty dollar bill.

 

[NAG]

According to Gruber, each developer gets one free Developer ID they can use to sign all their apps. It's not one ID per app as some may believe.
If the developer screws up, all their apps will get banned from running.
This should be enough to discourage anyone trying to embed malware in their apps.

My question is: Why are there so many people seeing this as a something negative?

No clue, this was essentially exactly what OS X devs were asking for. Heck, this would be great if iOS gained the middle ground option (I'm not holding my breath for that one, though).

 

[Amazing Iceman]

If that is the case, where only code signed by an Apple Certificate Authority is allowed to run, than that is a bit of a bummer for businesses with in-house apps or anyone that likes to write their own custom apps for personal use. I'm sure big publishers, like Mozilla Firefox, will have no problem with signing their OS X versions with an Apple certificate authority.

I would say the opposite, that it becomes great for businesses, as these can enforce rules of running only certified apps, and having available a free Developer ID simplifies the process.