Gatekeeper Already Present in OS X 10.7.3, Available for Developer Testing

[milo]

Not on the strictest setting, and do we know what it will take for this stuff to get signed? I get the feeling it means money, something small-time/open source guys probably won't want to spend.

It was announced earlier today, getting a security certificate is FREE.

Yeah, because nobody ever uses Firefox, right? Chrome isn't built on open source either, is it?

And what makes you think the guys releasing those wouldn't get the free signature?

Some how I could see Apple making it rather difficult to turn it off or blocking to do it.

It's not difficult at all, the screen shot showing it is on Apple's website. Just change one pref to "allow everything".

 

[Amazing Iceman]

No clue, this was essentially exactly what OS X devs were asking for. Heck, this would be great if iOS gained the middle ground option (I'm not holding my breath for that one, though).

Probably not, as Apple wants to keep iOS running with optimal performance. Having lots of apps floating around would still be a problem. Hackers could still do the impossible to obtain Developer IDs just to gain access to your system and plant a trojan they can use later to control your computer, even after their Developer ID gets revoked by Apple.
This may be another reason why Apple want developers to start Sandboxing their Mac apps.

 

[stanton]

My question is: Why are there so many people seeing this as a something negative?

Let's take some simple examples of the pitfalls that have yet to be answered.

1. Take Steam for example.
The application in and of itself is just a gateway to purchase other applications, so if someone slips Malware into an application does Steam now go out of business on the Apple platform?

2. Firefox
Firefox is a web browser that enables plugin support. Will Mozilla be banned from having someone develop a plugin that is Malware? Does each plugin have to be signed? How will Mozilla authenticate each plugin?

3. Third party applications, such as twitter feed readers
Not so long ago, Anonymous used a twitter link to DDoS several sites, will an App now be banned for simply displaying web content generated on a third parties server?

These are just some simple examples off the top of my head, and I'm sure there are allot of other examples of software that could be put on chopping block simply for using third party content within the application.

 

[milo]

as an dev id be pretty pissed at apple calling my legit application a risk and danger just because you dont participate in their mac store stuff

For fark's sake, is it so hard for people to read. Signing does NOT have anything to do with the app store. If you're a dev you have several months to do an update that includes the secure signing.

The only issue I see is that many people don't update their software often, it would be nice if Apple could figure out a way to let people check for an update to the app they're trying to run.

But that's the question. Apple can't possibly authorize and filter every single application made by every developer who gets a certificate.

Seriously, read the actual info about the feature. Apple doesn't filter or authorize anything, the way it works is Apple has a killswitch and can disable all apps from a dev after the fact if malware is discovered.

There are people who don't like to pay for software.

And the App store includes free apps. What's your point?

 

[babyj]

1. Take Steam for example.
The application in and of itself is just a gateway to purchase other applications, so if someone slips Malware into an application does Steam now go out of business on the Apple platform?

2. Firefox
Firefox is a web browser that enables plugin support. Will Mozilla be banned from having someone develop a plugin that is Malware? Does each plugin have to be signed? How will Mozilla authenticate each plugin?

3. Third party applications, such as twitter feed readers
Not so long ago, Anonymous used a twitter link to DDoS several sites, will an App now be banned for simply displaying web content generated on a third parties server?

1. If Steam allow malware to be introduced via their platform then yes.
2. If Mozilla allow malware to be introduced via their software then yes.
3. Not sure how this is relevant.

 

[Lennholm]

This is not the message that 10.8 users will see. This is the message that developers see who use an obscure tool to turn GateKeeper on on a 10.7 machine, for testing purposes.

And your comment about worthless "anti-virus" messages is missing the point, because GateKeeper doesn't ask you for money.

Ok then.
The scam would be against the developers when Apple is leveraging their confused and scared customers to force the developers to use Apple's own channels where Apple charges a fee.

 

[stanton]

1. If Steam allow malware to be introduced via their platform then yes.
2. If Mozilla allow malware to be introduced via their software then yes.
3. Not sure how this is relevant.

Laughs, I guess the App Store on the iOS platform should be banned for allowing the Path on the App Store.

Think before you post:
http://www.huffingtonpost.com/2012/...ss-book-privacy_n_1262390.html?ref=technology

 

[runeapple]

Is it just me or does gatekeeper only work with the app is in a DMG, if the developer distributes using a zip folder it doesn't complain prevent it from opening?

 

[babyj]

Ok then.
The scam would be against the developers when Apple is leveraging their confused and scared customers to force the developers to use Apple's own channels where Apple charges a fee.

All distribution channels have a cost and the 30% cut that Apple take isn't unreasonable. Or did you think that retailers don't take a cut, or that a developer selling direct doesn't have to pay for card processing fees, hosting charges, bandwidth, advertising and so on?

 

[Four oF NINE]

How easy is this supposed to be? Is this a simplistic feature?

 

[pubwvj]

Looks like Apple is out to kill the small developers, the home programmers, the students learning. Too bad. They've forgotten their roots.

 

[babyj]

Laughs, I guess the App Store on the iOS platform should be banned for allowing the Path on the App Store.

Think before you post:
http://www.huffingtonpost.com/2012/...ss-book-privacy_n_1262390.html?ref=technology

Think you missed the point. There should be responsibility on the part of Steam and Mozilla, the same as there is on Apple, to prevent malware and anything else dodgy hitting the end user. If they don't then they should be held accountable, simply saying it's not our fault isn't good enough.

Apple didn't get away with letting the Path app through, plenty of bad press along with a grilling from Congress, with the result of changes being made to prevent the same thing happening.

----------

Looks like Apple is out to kill the small developers, the home programmers, the students learning. Too bad. They've forgotten their roots.

How exactly is it going to do any of that?

 

[runeapple]

Never mind it only counts if you download via Safari - if you download with Roccat or Chrome for example it still opens hahaha

 

[dashiel]

Let's take some simple examples of the pitfalls that have yet to be answered.

1. Take Steam for example.
The application in and of itself is just a gateway to purchase other applications, so if someone slips Malware into an application does Steam now go out of business on the Apple platform?

No because Steam isn’t the offending app. I don't see any reason why Steam distributed apps can't also have Apple digital signatures either. Pretty soon not being digitally signed will have a major impact on revenue for App developers r

2. Firefox
Firefox is a web browser that enables plugin support. Will Mozilla be banned from having someone develop a plugin that is Malware? Does each plugin have to be signed? How will Mozilla authenticate each plugin?

This example is really stretching credulity. How many Firefox malware plug-ins are there today that target OS X?

3. Third party applications, such as twitter feed readers
Not so long ago, Anonymous used a twitter link to DDoS several sites, will an App now be banned for simply displaying web content generated on a third parties server?.

No. Apple has had this exact same ability on iOS since the first third-party app was released and they haven't used it once. Amazon and Android have this same ability both have used it and both experienced a great deal of backlash for it. Companies don't toy with these kinds of powers.

Gatekeeper isn’t a panacea anymore than seatbelts guarantee you will survive a car accident, this is a safety measure designed to reduce the possibility of malware infecting your computer. It's creating a way for indeoendent developers to benefit from the trust consumers have in Apple. It's basically Apple saying to the user "I vouch for this app, and hey if I'm wrong I'll kick it off your computer" compared to the situation now Apple is saying "I don't know this app, if it messes up your stuff it's not my fault, I wouldn't let an app from the internet in the door"

----------

Wil Shipley’s response

To summarize: What Apple has announced today is a very clear, “We support developers creating whatever they want to create.” I salute them.

YAY GATEKEEPER! This is exactly what Apple, developers, and customers need.

To eliminate a real virus, you don’t need to cure people of the virus – you just need to stop its spread. GateKeeper does that, awesomely.

GateKeeper is simpler (in a good way) than my http://blog.wilshipley.com/2011/11/real-security-in-mac-os-x-requires.html Key difference: GateKeeper only blocks install. No kill switch.

And from the Panic blog

But instead, Apple went to considerable effort and expense to find a middle ground

Other than that though*, we think Gatekeeper is a bold new feature that should do wonders for the security of your Mac for years to come. Even though their rapid pace of development is at times difficult for us to keep up with, we are excited that Apple continues to aggressively push the envelope when it comes to keeping Mac OS X safe and secure.

http://www.panic.com/blog/2012/02/about-gatekeeper/

Now at the risk of running foul of an appeal to authority fallacy, I will gladly listen to counter arguments from anyone here who actually develops software for the Mac. Otherwise kindly take your alarmist nonsense elsewhere.

*referring to App Store only features like iCloud and Notification Center

 

[gkpm]

For the paranoid

I've compiled a number of ways you can skip over Gatekeeper
(from easy to more complex):

1. Right click open the file
2. Turn Gatekeeper off in Settings
3. Use a download tool/browser that doesn't set a quarantine bit, torrent clients usually don't.
4. Get the file in any way other than from the Internet (e.g. USB key)
5. Use Terminal.app to disable the quarantine bit: xattr -d com.apple.quarantine <file>
6. Certify the app - using a free Developer ID

I hope you find one of this methods to your satisfaction. Just one is needed.

 

[valkata]

UNIX is designed so that you can't have viruses, only malware that relies on the user entering his/her password and allowing it to install. They just need to have it warn you once WITHOUT A POPUP that it is unsigned (instead of a dialog box every single time like in Windows).

Could you stop to spread your desinformation?

1) The first computer virus (yes, virus, not malware) was created for UNIX.
2) Also I can't remember Windows asking me for permission to run unsigned application every time I run it. It happens only once, during install.

 

[dashiel]

I've compiled a number of ways you can skip over Gatekeeper
(from easy to more complex):

1. Right click open the file
2. Turn Gatekeeper off in Settings
3. Use a download tool/browser that doesn't set a quarantine bit, torrent clients usually don't.
4. Get the file in any way other than from the Internet (e.g. USB key)
5. Use Terminal.app to disable the quarantine bit: xattr -d com.apple.quarantine <file>
6. Certify the app - using a free Developer ID

I hope you find one of this methods to your satisfaction. Just one is needed.

I’m not sure I see your point.

 

[VenusianSky]

I would say the opposite, that it becomes great for businesses, as these can enforce rules of running only certified apps, and having available a free Developer ID simplifies the process.

Some businesses have their own Certficate Authority and sign their code with that. I can't speak for businesses that run OS X primarily, but there are Windows shops that do so. Microsoft includes Certificate Services with Windows Server for those that wish to sign their own certificates, rather than relying on third parties. If Apple will sign in-house applications without any validation process of code, then it won't make any difference for those customers. From what I understand about iOS apps though is that the software goes under some evaluation process, to ensure it is safe and whatnot, before it certified. You can't really expect to do business with private corporations that write their own in-house software if it is to go under evaluation by a third party. A third party really has no business in telling companies how their in-house software should function or be secured. I can understand the need for commercial apps, but not private apps. Regardless, we don't know at this point if the software must be signed by Apple or only by any trusted certificate authority. Windows has the same builtin security (only enabled for hardware drivers by default), but it only requires code to be signed by any trusted authority, not just by Microsoft. I believe non-driver apps unsigned or signed by an untrusted authority will prompt the user to verify that it is "safe".

 

[Stella]

So, has this Developer Certificate going to replace the sand boxing requirements?

 

[dashiel]

Looks like Apple is out to kill the small developers, the home programmers, the students learning. Too bad. They've forgotten their roots.

Of really?
http://www.panic.com/blog/2012/02/about-gatekeeper/

 

[gkpm]

I’m not sure I see your point.

Just pointing out that if you don't like gatekeeper there are various ways to avoid it, some quite easy too.

No need for anyone to feel limited in any way by it - except if you were hoping for a career in malware development.

Sorry if it wasn't clear. I'm just shocked at the level of paranoid drivel and FUD around here.

----------

So, has this Developer Certificate going to replace the sand boxing requirements?

Probably not, since the only change is for apps outside of the App Store. Those don't have sandboxing requirements.

MAS apps should still require sandboxing (with exceptions)

 

[faroZ06]

Of really?
http://www.panic.com/blog/2012/02/about-gatekeeper/

"3. You can allow only Mac App Store apps or apps signed by a developer. This is the new default.
It’s this third option that is critical. As a developer, I can register for a unique ID which allows me to sign my app but does not require it be sold through the App Store. Users get the benefit of knowing the app came from a trusted source. But I retain the ability to sell my app directly to end users."

That's useful to know. I guess the Mac App Store won't be the only way to have a signed app.

 

[dashiel]

Sorry if it wasn't clear. I'm just shocked at the level of paranoid drivel and FUD around here.

Gotcha, and totally agree based on the attitude here I need to invest in Reynold’s Wrap

 

[VenusianSky]

Of really?
http://www.panic.com/blog/2012/02/about-gatekeeper/

One thing this article is not clear on is the purpose of code signing. Signing code has nothing to do with encrypting data. A keypair consists of a public key and a private key. To validate the certificate that signed the code, you need the public key, which will decrypt the signature. The code itself is not necessarily encrypted. You can sign clear-text scripts with a code signing certificate and the code itself will not be encrypted. The purpose of code signing is to ensure the identity of the author and that the code has not been altered. Data can be encrypted with a certificate, but that is not the purpose of a code signing certificate. A web server certificate, for example, is used to create an encrypted data stream over SSL/TLS. The encryption is based on the keypair which verifies the identity. The user trusts Verisign, in the case that the web server certificate is signed by Verisign, so they also trust a certificate signed by Verisign. SSL/TLS is what actually does the encryption of the data. You can visit an SSL/TLS web site that which you do not trust the certificate authority and the data stream will still be encrypted. PKI/certificates is all about trust. It is easy to confuse it with encryption because PKI is commonly used to encrypt data. In the case of Code Signing, the data is not encrypted.

I believe the author of that blog understands the purpose of code signing, but typically when people start talking about encryption, things can get confusing or misunderstood.

 

[dashiel]

One thing this article is not clear on is the purpose of code signing. Signing code has nothing to do with encrypting data. A keypair consists of a public key and a private key. To validate the certificate that signed the code, you need the public key, which will decrypt the signature. The code itself is not necessarily encrypted. You can sign clear-text scripts with a code signing certificate and the code itself will not be encrypted. The purpose of code signing is to ensure the identity of the author and that the code has not been altered.

That’s almost exactly what Steve said

What is code-signing? Let’s start with a slightly higher-level question: what is signing? Signing is based on technology similar to encryption, so let’s discuss them both broadly.

…

So, why two keys? In key-pair encryption, one key is called the “private key” and the other is called the “public key”.

The person who encrypts the data is the exclusive keeper of the private key. They must guard it very carefully, for reasons that will hopefully become clear soon.

–

Anyone with that signature and my public key can then be almost 100% sure that data came from me, and that it was not modified by any third-party along the way. The data could’t have any virus or vulnerability injected into it, because then the signature would no longer match the data.