Gatekeeper: Cancel or Allow?

The new OS X Gatekeeper encourages desktop apps to be registered with Apple, with users warned against installing unsigned software unless they disable the prompts.

The benefits—and the potential pitfalls—are obvious. It's intended as as an anti-malware system (with a whitelist rather than a blacklist), and the registration process will be simple and inexpensive. It'll destroy the nascent market for sleazy Windows-style antivirus subscriptions.

On the other hand, it's under the OS vendor's control, and once established, offers it certain temptations. Will Apple use it to anti-competitively influence the desktop software market? Will OS X end up as closed to unapproved developers as iOS? Will the controls end up co-opted by governments?

Jason Snell wrote a detailed explanation of Gatekeeper and the issues, pointing out how easy it will be to override.

Dustin Curtis, however, cites the following warning message (Briefly present in an early dev build of OS X Mountain Lion) as evidence that Apple's up to no good.

This is a fear mongering dialog. The vast majority of apps people download will not damage their computer, and mere mortals have no idea what "signed by a recognized distributor" means. The word "signed" in relation to security certificates is a very technical term and no one ever calls developers "distributors." Also, saying "You should move it to the Trash" is weirdly strong wording.

Maybe it could say: "The app Adium hasn't been checked by Apple. It can't be trusted. Use the App Store to find trusted apps."

At first blush, this looks like a red flag of Apple's intentions. But it struck me that this sort of messaging is consistent with Apple's claim that Gatekeeper's purpose is only to stop harmful code. It's an appropriate warning given the presumption of malware by whoever wrote it.

(Update: The harshly-worded dialogue has already been removed from developer builds. Let me make doubly clear that this dialogue is evidence that Apple's concern is malware, not bullying devs. Everyone is obsessing over its superficially hostile tone, rather than what it says about the company's thinking regarding Gatekeeper.)

If the message had been as Curtis suggests it should be, however, it would prove that Apple was already thinking about Gatekeeper as an iOS-style imprimatur, rather than as a safety warning. Implicitly addressing critics would be a sign of the devil at such an early stage of development.

At this point, the thing that unnerves me is not the prospect of Gatekeeper as a crude tool to herd OS X developers into a walled garden and crush freedom. It's the fact that code-controlling technologies tend to have unintended consequences that harm, rather than guarantee, the quality of user experiences.

The prospect of Apple becoming a desktop control freak, going full Sony on its own community to stop it using software the way it has for thirty years? Fun, but let's wait until it actually happens.

The truth is that Macs don't currently suffer much from malicious software, and DRM-esque lockouts are always circumvented. So what's the point of a DRM-esque system for malware prevention? A more pleasingly cynical answer is that it's a marketing move, aimed as much at analyst-fed Mac malware hysterics in the tech press as it is at real threats. For everyday users, Gatekeeper's more likely to echo the good old days of Vista's "Cancel or Allow" than to save them from themselves.

Update: Cory points out that DRM-esque mechanisms' real value to technology companies is legal, not technical. Circumventing them is illegal, giving the company control over interoperability, market access and competition.


  1. “The prospect of Apple becoming a desktop control freak”

    The prospect? Isn’t “control freak” a pretty central part of their design philosophy?

    1. Yes. And the answer to “Will Apple use it to anti-competitively influence the desktop software market?” is “When has it not?”

        1. Seriously, you ask that? Try Amazon and Sony, both of whom sell physical e-book readers and give away e-book reading software, including for iOS, and were forced by changes to iOS rules to disable links from that software to their online e-book stores.

    2. Its anti-competitive but it not as if they had such a large share of the market. (Except the iPad which they dominate, but that is mostly due to the fact that any competition was bungled by the players themselves, not through any machinations of Apple [witness the lawyers waging IP battles right now.])

      The problem is that Apple is a consumer product company and if you don’t like it, dont consume. Apple really doesn’t care…

      That puts it beyond the reach of the accountants who wouldn’t want anything coming from a single hardware vendor anyway. Apple is not going to compete in the corporate arena because that leads to razor thin margins and leaves nothing to innovate with or on. (The corporate market place hasn’t innovated squat in decades.)

      Apple has said for years now that they aren’t competing with anybody but themselves, and they mean it.

      That’s why there were iMacs in different form factors and colors over the years.

      That’s why they have migrated their hardware from Motorola 6502, 680×0, IBM Power 60x, Intel x86 and their own A x platform.

      That’s why they have migrated their software from AOS, to OS x to OS X 10.x to iOS.

      That’s why Apple adopted USB when PCs are still made to this day with AT style keyboard and mouse connectors.

      I really don’t think that the government is going to step in at any point, any more than it stepped in when Detroit was making the Hummer. (It stepped in after, with a bailout.)

      Apple neither asked for nor did it get any sort of a bail out, and neither did Ford.

      Remember, Apple is not a computer maker, Apple is consumer product maker that just happens to use computers in their products.

        1. I am definitely NOT an Apple apologist.

          I am definitely NOT clueless.

          It also means that I’m am NOT dumbfounded by their behavior.

          If you can refute what I say, please do so, otherwise, keep your pithy aphorisms to your ignorant self.

          1. Your fanboy status is directly proportional to the length of your defensive reply. Long reply – rabid fanboy.
             any competition was bungled by the players themselves
            …Like when Apple sued Samsung (and lost) – meaning Samsung didn’t have enough time to effectively promote their new Galaxy Tab to increase sales for Christmas?

            That’s why they have migrated their hardware from Motorola 6502, 680×0, IBM Power 60x, Intel x86 and their own A x platform ….and back to intel. Whoa! evolution, man.

            That’s why they have migrated their software from AOS, to OS x to OS X 10.x to iOS.
            Apparently now Apple invented the software update, too.

            That’s why Apple adopted USB when PCs are still made to this day with AT style keyboard and mouse connectors.
            ^Way to talk out your arse. This goes to show how long you haven’t bought a non-mac product for. Please back up your ridiculous claim with a link.

            I really don’t think that the government is going to step in
            “the accountants” – “corporate arena”…WTF are you on about?

            Apple neither asked for nor did it get any sort of a bail out, and neither did Ford.
            Try to stay on topic if you don’t want people to laugh you out of the thread.

            Your rambling, omnidirectional rant is what puts you clearly and undeniably in the fanboy category and if it hadn’t been for your request for specific rebuttal of your points then I wouldn’t have wasted my time. Work on your argument a bit before trying it outside of apple discussion forums again.

            (Just so you know I don’t have a dog in the fight – I use the largest, most tricked-out 2011 imac at work and I gifted a 4th gen ipod touch I won to my other half because I don’t want to have to deal with itunes. These things are all tools, try to use them as such – which means objectively choosing which tool is best for which job)

            (Sorry Felton: had to happen)

        2.  Fanboys wouldn’t call Macs consumer products that just happen to use computers in them. 
          They would know better. 

        1. I honestly believe that Apple makes computers for the purpose of control. Their end goal is to be a content, well, not provider, but supplier – skimming off the top for every song, movie, app, whatever supplied to the hardware users via their own store.

          They’ve learned that you need to make a hardware product people want and like in order to get them to buy it, but the end goal is, once they have that hardware, they buy only from you.

    3. What bugs me is the author of the article asking whether the signals a shift towards a more iOS-like philosophy, then giving Apple the benefit of the doubt when they don’t deserve it.

  2. That’s a terrible dialog. It’s only through context and knowing what “Eject Disk Image” means from a systems perspective do I realize that clicking “Cancel” is the GO button.

    1. It’s a developer dialogue. I’ll take ANY bets for ANY sum* it won’t look like that in the final version. I bet Dustin knows that too

      *not actually licenced as a bookie

      1.  I’m-a have to agree with Gavin here. Developers are not necessarily the same people as UI writers, and this is an early beta.

        I’ll be concerned if it still looks like that in the final version.

      2.  I hope you’re right – and if they think about it for 2 seconds, you will be right.

        However the dialogue you get when launching a DMG that you’ve downloaded isn’t too dissimilar.  It’s just another dialogue you’ll get used to clicking – it won’t make anything more secure as it’ll become part of the routine.

        It’ll be a click first think later mechanic – so, pointless and hindering.  Normally Apple is a little better with handling user psychology, but this is farts-in-the-face of good design.

    2. Yes and no–who’s to say that the software will cancel opening the DMG when “Cancel” is clicked?  And isn’t this redundant software?  There’s already a system in place to ask the user about opening DMGs–what’s the purpose of Gatekeeper?  Did I miss something here (again)?

  3. I think there are two reasons behind this:

    1. To protect beginners and enthusiasts and push devs towards the Mac App Store and iCloud.

    2. Apple considers iOS for ‘mere mortals’ now or, at the very least, that is what they’re planning to accomplish very soon. OS X is now meant for professionals who know what they’re doing on a PC and have knowledge of what they’re downloading.

    This isn’t the same situation as Vista. Apple no longer views the Mac as the computer for everyone. Unlike what Gruber wished for today, there will never be an option for unsigned apps on iOS just because Apple will not give up that 30% cut on the App Store when tablet market profits could collapse much like it has in the PC industry.

    1. It’s not pushing devs towards the Mac App Store.  Gatekeeper exists solely as a means for securely distributing software *outside* of the App Store.  And it’s free.

      It’s actually an extremely simple solution and I think Apple did a great job with it.  All this fear mongering comes across as silly and foolish once you learn how Gatekeeper actually works.

      As for that message box, it’s something that users will rarely if ever see unless they’ve actually downloaded malware, and it should be strongly worded.  

      1. And you know this how? Unsigned binaries are unsigned binaries. Apps that have not been recompiled with the Developer ID of the publisher, open-source code built from a makefile instead of the shiny XCode ui, those are two completely legitimate issues that could generate unsigned binaries.

        And if they make the signing process as arcane as the one for pushing iOS apps, that’s going to be no fun, either.

        After all, if you’ve jumped through all the hoops to get it all signed and everything, it’ll only be one more click to send it to the App Store, amirite?

        1.  somehow I think that anyone compiling their own software can handle clicking through a pop-up without too much stress and worry. For that matter, they can turn off the alerts all together.

          And if they are compiling software for distribution for other people and are not a fly-by-night operation then they can sign up for a free signature like everyone else.

      2. All this fear mongering comes across as silly and foolish once you learn how Gatekeeper actually works…. As for that message box, it’s something that users will rarely if ever see unless they’ve actually downloaded malware, and it should be strongly worded.

        LOL.  You do know unsigned code != malware, right?

        So much for knowing how gatekeeper actually works…

  4. I know you’re all waiting for a Big Fail from Apple, but this isn’t really it.  The app store sandbox model is currently (and may always be) too restrictive for some classes of applications, partly because Apple doesn’t want to let apps issue a bunch of “Cancel or Allow” prompts.  I confidently predict that the Adium developers will either make an app store version, or obtain a developer’s certificate before the public release of mountain lion, and users of Adium will never see this prompt either way.  For unsigned code, you’ll see the prompt exactly once.
    The code signing doesn’t really add much security, except that it allows Apple to revoke the developer’s cert fairly quickly.  Another direction Apple could go is to force unsigned code to run in a sandbox.

      1. Yeah, I see your point.  Apple should add more options to it.  For instance, maybe one that says “Anywhere” but also can warn/remind you when you’re about to launch an app outside of the walled garden.

        But, it’s not terribly ironic when you consider Mac OS X silently also checks apps you first-run for common malware, so you’re still not completely a “babe lost in the woods” when you shut it off.

        Plus, Mac OS X already does this as well in 10.6.x and 10.7.x for first-run apps and continues to do so in 10.8:

  5. When I wrote plugins for Firefox a few years back, I had to sign the plugin packages and sign the JavaScript code that was used by the HTML to interact with the plugins. The main reason, of course, was that the plugins had full access to the OS’s APIs, etc, like any windowless service would.

    It seems like the key difference here is that these are windowed apps, and that Apple still lets you run them even if they’re unsigned. Yes it could be annoying, but I don’t think that it’s fascist. It reminds me of the old MSIE browsers that allowed one to download and run unsigned ActiveX controls, which we all know was just outright dangerous.

    1. IIRC, the only reason I actually signed the ActiveX versions of the plugins was because it simply made the installation process messages “less scary” looking for the user.

      And yes, I do realize that the installation of an ActiveX control / Firefox plugin is a lot more automatic than downloading an app installer, saving it to your hard drive, running the installer, etc., so the analogy is not perfect.

      And yes, I do realize that Verisign and their colleagues have had code signing keys stolen plenty of times, so the whole code signing thing isn’t foolproof.

      Is something not better than nothing in this case?

      1. Ok, doing a little more digging, and I see that some people are saying that unsigned apps (or signed apps with keys that were revoked due to theft or malice on the part of the developer) distributed outside of the App Store will not run at all. Apparently no option to disable this. They clearly did not read that link you posted by Jason Snell. Jebus!

        I agree though that it’s kind of annoying and superscary how Apple is prompting the user. On Windows it’s a yellow warning with an immediately available “Allow” option.

        Seems like you’re right on the money with this.

        1.  There’s a certain amount of irony having this FUD post right below the one with a screenshot showing the dialog where you can set your  level of permissions.

  6. Yes, it will flash a warning for unsigned software.

    On the other hand, Apple has already said that anyone can sign up for free and get a valid signature. Independent of the App Store and without any cost. So basically anyone with the ability to develop an application in the first place has nothing to worry about. And anyone incapable of completing a free signup and then signing their programs probably shouldn’t be releasing software into the wild in the first place.

    Besides I’d think most people who follow computer security, and the user problems inherent to it, would agree that anyone who is scared off by a pop-up warning is not the kind of user who should be downloading random crap off the internet in the first place.

    This decision by Apple? This just made Grandma’s computer maintenance free. Forever. I expect more than a few corporate admins are opening a bottle of the good stuff and making a toast too.

    1.  “I expect more than a few corporate admins are opening a bottle of the good stuff and making a toast too.”

      This kind of ‘I know best’ behaviour is exactly what makes Macs the last choice for business. I decide what happens on my machines, on my network, behind my firewall – not Apple.

      Anyone who understands security can recognise a lock when they see one. If I want to get past that lock (as a developer) without breaking it, I must identify myself and my intentions to Apple. That’s an unreasonable imposition on my use of my own machine.

      And if you think Apple won’t revoke signatures or ban apps, then you haven’t thought about coding a signed launcher for unsigned code, have you? And what about when third parties get subpoenas and injunctions to kill applications (“Due to a claim from the MPAA/RIAA bittorrent cannot be launched” or “VLC cannot be launched due to a DMCA injuction”)? It will happen and Apple will have the infrastructure to do it. Maybe that’s the whole point.

        1. Well, yes.  But I think the ideal for corporate admins is that they decide your settings when they install your machine and then lock it down.  This helps with that part.  But they may also want to allow exceptions for some apps.  Since gatekeeper is kind of all or nothing, it’s not what corporate admins want.  For iOS stuff, you can set up your own little App Store but I don’t think there’s an equivalent for the Mac yet.  What is wanted, I think, is an option like “run only apps signed with Apple’s key or your IT department’s key”.

        2. If you want to develop applications, then the answer is no. You cannot control other people, and if signing ships enabled by default in the OS (which it will) then the first (and last) interaction most people will have with your unsigned app is a warning message telling them that it is going to wreck their machine and that they should delete it.

          Unless you are prepared to live with that, or to break their lock (hello DMCA violation), then you have to get a key, and you have to agree to whatever conditions Apple sets for that. And they will set conditions, one of which will be a revocation clause – so they can kill your app at any point in time, or for any reason.

          Apple as the sole arbiter of what should and shouldn’t run is not ok by me.

  7. My first impression of Gatekeeper was that it gives Apple a way to avoid going the AppStore-only route over the long term, while still getting most of the safety/security benefit. And notice who the gatekeeper is in this relationship: the user, not Apple.

  8. The benefit Apple see with Gatekeeper may not be to prevent threats all threats now – though users will get that benefit – but to make sure users are thinking about what they are being offered. 

    You ask some great questions, Rob, but the point I think you missed (it was touched on  by quietstorms above) is the idea of conditioning the user behaviour.

    The growth of OS X will attract a lot more non-tech savvy users, the types of users who were compromised all too easily while using Windows. I think Apple are trying to create a situation under OS X where they will *never* have the same number of problems as have been seen on Windows.

    If they do, that’s a Marketing and PR problem. And we know what Apple think about those items.

  9. User Access Control in Windows is not “good”, “old”, or tied just to Vista. It is a standard mode of operation for Windows since 2006, period. To this day you are either presented with warning windows on a regular basis or opt to turn the service off completely.

    User Access Control doesn’t care who makes what. If you try to modify Windows at the system level for any reason what-so-ever (Like installing Microsoft Office) you will have to allow the action to continue. What Gatekeeper is doing is creating a whitelist of developers that are obviously not making malware (or a bigger issue with downloadable applications, making everything seem alright but still doing something gray or simply annoying (list far too long)).

    At first that list will suck, like the content selection of every Apple service… at launch. Fast forward to next year when everyone from Microsoft to Mojang gets red carpet access to someone’s system without any hassle while those Chinese and Russian apps that promise free iPads make ignorant users think a little bit before making a mistake.

    1. I agree with you on some level… User Access Control is great. However, while User Access Control brings up a message EVERY TIME (for everything, Period) this system will not. It will check if the user is installing a product from an apple verified source, and if they are… Ignore it.

      While this will cut down on the shear amounts of Annoyance UAC had, it will be in a sense less secure. When Dealing with Viruses and Malware, You have got to assume that they MIGHT have legitimate credentials, or forged ones. and if you assume that the credentials are all safe, even for an app sporting a “Developers License” it could end up being Malware. Not only that, but there is also the chance that they may have a bug in their wall garden that Allows something like this:,news-13122.html to happen again.

  10. I am pretty sure that the appropriate people at Apple will be made aware of your criticism. (There’s a lot of BoingBoing fans at Apple.) And it certainly seems to me like it could be better worded. Should Apple increase protection against malware? Absolutely! Customers, and US Congresspeople, are asking for it.So Apple is providing three choices to developers:

    1) Do nothing. Obviously, this is no more secure than before.

    2) Sell through the Mac App Store — which provides a very secure product, reviewed by Apple. Most customers love this idea, but some products can’t be sold through the store, and some developers will not use the store for whatever political or economic reasons.

    3) Provide a digital signature to Apple.People are pretty familiar with the Mac App Store, so let’s explain this “signature” approach. 

    What the developer would have to do is:

    1) Create a public and private encryption key. (Takes 5 minutes)

    2) Send Apple the public key.

    3) Whenever Adium is released, they’d calculate a checksum of the Adium app, using a utility like MD5. (Xcode will probably do this automatically)

    4) Create a “signature file”, encrypted with the private key, containing the checksum, and place it inside the Adium
    app. (Xcode will probably do this automatically)

    5) Ship the app in whatever way they wish.That’s all the developer has to do. Note that Apple does not SEE the app, never mind approve it, before it ships.

    Now here’s what the customer’s Mac does:

    1) Apple will securely send the developer’s public key to your Mac.

    2) Whenever the user launches the app, the Mac calculates the checksum, decrypts the signature file, and compares the two.

    3) If they match, all is well. No dialog box, just launch!

    4) If they don’t match, something has tampered with the app (maybe “bit rot,” maybe user error, maybe a virus). User is told to get a fresh copy, and when they do so, presumably the checksum matches, and all is well.Suppose Apple decides that the app includes malicious code. Then what?Apple reserves the option to revoke Adium’s signature key, which they do by sending (securely) a notice to all the Mac users. Now when users launch the app, they get a warning rather like the one above, only well-written.

    Note that this model is also modified by the user’s security setting. 

    1) The user can decide to turn off this security, run anything. Have fun, try not to get fooled by a Trojan!

    2) The user can set the Mac only to allow Mac App Store apps

    3) The user can set the Mac to allow only apps from the Mac App Store, and apps that have a known signature.

    If the app does not pass the security muster, the user sees a dialog, and then the user then has three options:

    1) Disable the security for everything, and run the app.

    2) Disable the security for just this one app, and run the app.

    3) Not run the app.What happens if Apple decides to “disable” an app, or, say, Big Brother orders Apple to do so? Short answer: Apple cannot disable the app. Sure, Apple can make the Mac show a warning, but it’s still up to the user to decide whether to launch the app or delete it.

    So, IF the developer opts in, AND the user turns on the feature, the user gets several benefits:

    1) Users are very sure that the app has not “rotted” on disk, or been infected with a virus. 

    2) Whatever app they download, from wherever, is signed with a known good key, and therefore it is highly likely to be what it says it is on the outside.

        1. I used enter, return, etc, and Disqus removed the returns. Obviously because I am using an APPLE MACINTOSH (kidding).

    1. Agreed.  Those that claim it will help novice users haven’t sat with novice users while they use technology.

      I can imagine a few novice users I know personally that would click the ‘OK’ button as quickly as the pop-up appears.  That’s if they don’t head straight for the little red x. I’ve even seen users get frustrated when trying to complete a task because a popup like this keeps appearing and they keep closing it, and then attempting the task again. If you try and reason with them that if they actually read the popup and answer appropriately then it’ll do what they want; but they just perceive it as something getting in the way; not too dissimilar to an advert or an error; ‘GO AWAY’ is the default reaction.

      This shit just doesn’t work – it disappoints me that Apple thinks it will; even if the intentions are perfectly honest.

      1.  Dialogs are bad tools for communicating with users.  I think we can blame Microsoft for this, spamming their users with pointless dialogs every time you want to install unsigned software (all the time, especially if you’re a developer), every time something crashes (all the time, we’re talking about Windows here), when your mailbox gets too full, when you have “unused icons on your desktop”, etc.

        It would be the perfect format to get the user’s attention and force him/her to make a binary decision if it weren’t for Windows crying “wolf” every forty seconds in normal operation. 

  11. Apple is easily the most fascist company today, in terms of their design philosophy, so I’m voting for it being a step towards walled garden of doom. I’m sure they ALSO want it to help stop malware… Apple is a benign dictator that wants it’s users to be happy… it just wants them to be happy doing everything it’s way, and doesn’t give a damn about anyone who wants something different.

    1.  Except it offers the choice to the user, and replicates functionality and policy that already exists in the other two leading operating systems?

      I’m not a fan of the system, but your comment has got hyperbole dripping out of its ears.

  12. Seems like a pretty good idea to me. Would be even better if there were multiple trust authorities, like with SSL. That way, I get to decide whether I install an app “trusted” by Apple, or “trusted” by someone else, or else I can take a risk and install something trusted by nobody. Where it would go wrong is if there was only one gatekeeper, and that gatekeeper was Apple.

    1. This is exactly right — the situation I have with my Android phone is that I have 2 ridiculous choices — The default is that I accept Google as my personal lord and savior, forsaking all others, and I will fear no evil. The other alternative is that I let Amazon lead me into temptation with their free apps of the day, and I can allow ANY CODE WHATSOVER run on my device. What I need is the ability to load an Amazon application root certificate to allow my device to run code signed by either Google or Amazon (or whatever application authority I trust to have my back against the virus and malware writers).

  13. > Will the controls end up co-opted by governments?
    uh, whut? Yes, this may be a possible (though far-fetched) outcome – but more disturbing will be Apple’s PC-/family-“friendly” policies.

    > This is a fear mongering dialog. The vast majority of apps people download will not
    > damage their computer, and mere mortals have no idea what “signed by a recognized
    > distributor” means.reminds me of Firefox’s self-signed certificate warning. another example for an unnecessary FUD-spreading software dialog.

  14. I’m usually a fairly mild mannered person, but whenever I see those ‘I’m a Mac’ ads I want to throw Starbuck’s coffee in the Mac guy’s smug little face. In fact, I can remember one of the first times I saw that ad series thinking ‘now I’m never going to buy an Apple product’ and feeling a bit disappointed, because I actually do think the quality is better (just overpriced).

    1.  Hear, hear.  I read some columnist or other talking about how the ads may have actually hurt Apple after a while because ultimately John Hodgman, despite being portrayed as a nihilistic dork, was a much more sympathetic character.  I’m no fighter but I’ve always wanted to punch Justin Long in the face for some reason.

      1.  Actually, I’ve heard that was one reason the ads worked — they intended for John Hodgman’s PC character to be likable and sympathetic, just ultimately hapless. They wanted to avoid making negative attack ads, which would just make Apple look mean and petty — but still portray Windows as clumsy, ineffective, and kinda doofy. So they hired Hodgman to play the PC as kind of a schlimazel — someone you like but ultimately just feel kinda bad for.

      2. It is kind of weird, it definitely has something to do with how easy it is to relate to the two characters (and maybe the fact that even if we do have a suspicion that we are wrong, we hate being portrayed as that ‘nihilistic dork’). There’s got to be a good reason why JL has such a Backpfeifengesicht to otherwise peaceful people.

  15. You say this is whitelist-based, not blacklist-based, but it sounds like the criterion for being on the whitelist is simply “having registered as a developer with Apple,” which is a pretty low bar to clear.

    The Macworld article mentioned in the post says that, with Gatekeeper, blacklisted apps are not allowed to run.

    The situation with App Store apps (Mac and iOS) strikes me more as whitelisting in the sense that I’d use the word: the app has been reviewed and found to be harmless. Gatekeeper seems more like a mechanism to allow blacklisting after distribution: not so much proof that the app has been a good little boy, but a promise to behave.

    This is interesting because, for better or worse, it could plug some holes in the App Store model: every once in a while, we read about apps getting listed that have sneakily contained some feature that Apple doesn’t really approve of. The app is pulled, but the ones that have been distributed will still run. If App Store apps run under the Gatekeeper model, Apple will be able to disable those after distribution for the first time.

  16. Yet another hysterical, click-whoring, ready-fire-aim article. Did the author actually test Gatekeeper extensively himself? Or is this yet another knee-jerk, poorly researched rant article that I see far too often in blogs and tech media? It’s been barely 24 hours since the developer beta has been selectively released. But that never stopped the pundits from weighing in.

    I don’t give a rat’s about Apple. What I do care about are truth and facts, not ill-informed bloggers ranting from the basement of their parents house. That’s what I feel I read here. I have taken time to read other articles about Gatekeeper written by security experts who have actually examined it, and their opinions are far more benign. I will side with people whose profession it is to examine computers for security flaws.

    One feature the author appears to have overlooked in his rush to judgment: you can turn Gatekeeper OFF. Apple will not force this on you. But this of course was never mentioned in the article.

    Look, I’m all for freedom of choice. The author obviously wants that. But freedom of choice also allows for a landscape of malware, and if you haven’t noticed lately, the world of software has become a bit more dangerous. Gatekeeper, and other security methodologies to come from other companies (something that Microsoft pioneered in this case) are an attempt to protect ordinary computer users from forces of ill intent.

    Reading the comments above, including some from Apple employees (you know who you are), it is obvious that many of you have a lot of computing expertise. Count yourselves as the one percent in this case. But consider your parents. And your grandparents. Or your girlfriend. Or people you don’t associate with, because they aren’t dweebs like most of us reading BoingBoing, if they have even heard of BoingBoing, which I doubt. Gatekeeper, and other security methodologies are designed for the 99 percent, the non-geeks.

    But that never occurred to you.

    That is because you are too busy wanting to be, even having to be, right. Too busy wanting to hate Apple or any other company that wants to protect users from themselves. You want full control. You want to tweak, jailbreak, fiddle around, geek out to the point of climax. But the 99 percent don’t care about that. They want unfettered lives. And that is who Gatekeeper is designed to protect. As for the rest of you, trust that you will disable Gatekeeper anyway, if you use a Mac. Because damnit, you know better. You are impervious to fault. You could never be compromised, because you are smarter than a gang of Russian hackers, or a division of Chinese military hacking experts working in unison.

    If you hear me screaming, you are right. It matters not if the subject of this article were about Apple, Microsoft, Google or Brand X. What angers me is that BoingBoing made a mistake in even letting this article run. It is a rush to judgment without proper due diligence. And a reminder as to why there is beta software: it’s not only to check for the usual bugs, but to evaluate whether a feature should be included at all, or in its original form. Often, after a beta evaluation, the feature is withdrawn from the final release, or modified altogether. But you are too busy ranting without first evaluating it for your selves.

    So yeah, color me upset with the author and many of you. Stop. Think. Don’t just form a knee-jerk reaction, but evaluate something first before you rush to judge. Let reason, not anger rule the day. Please.

    You people make my head hurt.

    1. This was a defense of Gatekeeper, you moron. You didn’t even read it!

      One feature the author appears to have overlooked in his rush to judgment: you can turn Gatekeeper OFF. Apple will not force this on you. But this of course was never mentioned in the article.

      The very first sentence says this.

  17. What we are seeing here is the gradual transformation of the “computer” (in whatever form) into a consumption device.   Note the conspicuous lack of apps on mobile devices that allow users to create.  They are all designed to either entertain or distract.

    Mobile devices are locked down by approval processes and bereft of what made computers so popular:  the ability to do instead of watch.  They are televisions with exorbitant remotes.

    The PC will be gone soon, and all that it can create will go with it if we don’t pay attention.

    1. That’s right – after all there are no iPad apps at all that allow creating content, everybody knows that. If only someone could have produced a program like Pages, or Keynote, or Evernote, or something to paint with. Oh, wait….

      Fortunately I have an app that says you are being what is technically known as “wrong”.

      1. Creating content yes.  As long as Apple approves of the app to create said content.  You don’t see a problem with this?

  18. Apple heralds the death of general computing. No longer will the programming savvy geek be able to write his own code and run it at home; submit it to an open source/GNU project. Nope, instead it’s got to go through a series of hoops and red tape, official approval from an institution that only cares about making money. The big paradigm shift promised by the digital age goes to an early grave while taking humanity along with it.  

Comments are closed.