Never thought I'd see the day when something akin to Windows "User Access Control" would be on a Mac. While there are parts of 10.8 I like this is one thing that they better do very well or it will just piss off long term Mac users like me. Long term = since System 0.9 on a Mac 128k.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
OS X Mountain Lion Limits Apps to Mac App Store, Signed Apps by Default
- Thread starter MacRumors
- Start date
- Sort by reaction score
This is great news. It shows Apple is committed to keeping the Mac unique from iOS. If they really wanted everything to be an iPad they wouldn't have spent so much developing a system that helps protect the unique 'Mac' parts of the Mac OS.
Seriously, this is a lot of wasted effort if they plan on 'locking down the Mac.' This would be downright stupid of them if that was their plan.
This is the first strong sign from Apple that they DON'T plan on merging iOS with the Mac and making everything the same.
Great, great news.
Seriously, this is a lot of wasted effort if they plan on 'locking down the Mac.' This would be downright stupid of them if that was their plan.
This is the first strong sign from Apple that they DON'T plan on merging iOS with the Mac and making everything the same.
Great, great news.
No option to prevent apps from the Mac App Store from launching then?
Surprisingly there is no option for switching off system services then?
If it's true that this restriction is in fact Finder based as AriX says, then it will provide no additional security at all, it'll just lock people who don't know how to turn it off into the App Store.
It makes sense judging by how Apple tends to work.
While I can understand Apple's motivations, this means that Apple now becomes the gatekeeper between developers and the vast majority of Mac users. As we've seen with the iOS App Store, Apple is not without its own controversies about removing apps it doesn't like (Phone Story, for example).
Do you have a reading comprehension disability or are you psychic?
I saw the signing of apps coming. You will still be able to bypass it but the "default" setting will be there for regular users.
In a nutshell, if you want to be a complete fool and install 0-day malware, you still can but you have to explicitly make that choice. Then it will be your own damn fault. This functionality will be there to protect the "average" user from accidentally downloading an altered version of an application instead of the genuine version.
Apps for Mountain Lion and beyond have to be signed whether they are distributed inside or outside of the app store unless if you are a power user.
One thing I'd like to see is the ability to have self-signing or enterprise signed apps for in-house applications distributed outside of the app store.
That way, you can still keep your security settings "high" while being able to compile your own apps and run them in your own account or get them from a company storage location.
@nwcs: This is nothing like User access control. This is about preventing things like trojans and drive by downloads. You will not have to deny/allow all the time, only when running non-signed apps which will not effect the majority of users.
And there it is. The writing's been on the wall since Snow Leopard.
Step 1: Put in an Apple vetted Mac app store - Lion
Step 2: Make the user jump through hoops to install apps outside of the Mac app store - Mountain Lion
Step 3: Make it so you can only install apps from the Mac app store - Whatever cat is next
Step 1: Put in an Apple vetted Mac app store - Lion
Step 2: Make the user jump through hoops to install apps outside of the Mac app store - Mountain Lion
Step 3: Make it so you can only install apps from the Mac app store - Whatever cat is next
Signing apps is fine with me. I don't yet have a problem with GateKeeper. Consider me having guarded optimism. No point fretting about "what ifs." When it becomes "guess what we're doing in the next OS," then I can voice concern.
This system is designed to avoid that problem. They're not approving apps up front, they're only killing harmful ones.
Big, BIG difference. No restrictions on nudity or gambling or 'taste.' Those are all iOS restrictions they COULD have added in here an yet aren't. That's a great sign.
Apple had the ability to kill harmful iOS apps after they're sold too, and I don't think they've done that a single time since the app store started. That's a pretty strong track record.
Not that it will happen, but it would be interesting if Gatekeeper works out well, they implement a similar system on iOS. Allowing you to restrict apps to only the app store, from signed developers or from "anywhere". Perhaps at least just on the iPads.
Why?
Why make that 3 steps? Why not 2?
Your plan makes no sense. Why are they wasting time and effort on step 2?
Break out the tinfoil hat.
The system sounds reasonable - it allows the user to determine the level of risk with which they are comfortable.
This is not at all like that. The Mac equivalent of UAC is the "please authenticate" dialog that makes you type in your password when you're installing something.
You are a power user and you will change the setting once and never worry about it again. And for developers, it's not a big deal; it's not a kernel level change, and is really just a superficial Finder feature. Unsigned code can still be run by the operating system (i.e. in Terminal), it just won't be run in Finder by default. And when you try to run an unsigned app, you will presumably get a dialog explaining that you can change the setting if you want to.
Break out the tinfoil hat.
The system sounds reasonable - it allows the user to determine the level of risk with which they are comfortable.
Wait and see. Apple always phases this stuff in slowly. Look at Lion vs. Mountain Lion in terms of iOS like features and you'll see this in action. The same will happen here.
And again, if this is a Finder level restriction, it will not help security at all.
I don't disagree with some of that, but what's weird to me is, I see tons of "experienced" Windows users come to Mac and act like customization is a new/confusing concept. Surely, these "experienced" users didn't use Windows "as is" out of the box. In fact, I've yet to meet a general Windows user use Windows "as is." My point is, advanced users will know (read: ought to know) there's a setting they can change. Newbies and the tech-confused won't care because it will hand hold them in the same way as iOS.
For me... I want the anywhere option to remain. I like that I can go the the App store, but surely don't want it as my only option on a laptop.
I think this is a great idea. However, I hope that it doesn't creep more towards Mac App Store items only or "Apple Signed Apps" only as that would be really sad to find ourselves in that kind of situation.
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; en-gb) AppleWebKit/533.17.9 (KHTML, like Gecko) Mobile/8C148)
No, it makes sense according to what you think Apple will do.
Of course no-one wants MacOS to become a desktop version of iOS but this new security feature is not evidence that MacOS is moving in that direction, no matter how many times you say it is.
0dev said:
No, it makes sense according to what you think Apple will do.
Of course no-one wants MacOS to become a desktop version of iOS but this new security feature is not evidence that MacOS is moving in that direction, no matter how many times you say it is.
While that option exists... And it wont be for long (my bet is 10.9).
I'm ok with a closed/protected smartphone OS. but I still want to decide what goes and doesn't go on my computers. And, on the mac, that is definitely going...
I think it's easy for us (Macrumors members) to forget that the vast majority of Mac users are already only using apps from the Mac App store.
If a developer is writing apps for the vast majority of Mac users, there is no reason that app shouldn't/couldn't be in the Mac App Store or at the very least officially signed by the developer.
If you really require an app that doesn't meet the guidelines of the Mac App Store or can't be signed by the developer than you are probably a user that knows how to easily disable Gatekeeper and install the app (or at the very least you know how to right click and choose "Open").
Correct.
BZZZT Wrong. This is about making developers obtain certificates so that the end user can be sure that their copy of the app whether it is free or not and whether it is downloaded from the appstore or not is a genuine copy and not a trojan. The devs will be jumping through hoops whereas the majority of end users will eventually upgrade all of their apps from outside of the appstore to signed versions. The typical user will not want to bother with apps from devs who are not willing to take ownership of their "work" and sign them for authenticity.
Hey, what are the lotto numbers for this Friday's draw? A user will always have the ability to bypass the system but they will have to make a conscious "choice" and it will be their fault if things get screwed up.
It will be a boon for Apple in that they will not have to support end user systems that were screwed up with unsigned counterfeit apps and can just offer to backup the data and do a restore of the OS.