The first part is important because, Apple says, if a particular developer is discovered to be distributing malware, Apple has the ability to revoke that developer's license and add it to a blacklist. Mountain Lion checks once a day to see if there's been an update to the blacklist. If a developer is on the blacklist, Mountain Lion won't allow apps signed by that developer to run.
When you try to launch an app using this system, your Mac will check with Apple's servers to see if the developer's signature is current. But what it doesn't seem to mean is that previously-installed malware will be wiped clean, because once an app passes File Quarantine and launches for successfully the first time, it's basically escaped Apple's screening system.
The fact that Mountain Lion can detect apps that have been modified since they were signed is relevant because while there's not a lot of Mac malware out there, what does exist is largely based on legitimate apps that have been modified to include malware and then redistributed on piracy sites. With this new model, any tampering with an app would render it unlaunchable.
Given the scrutiny that Apple puts apps through as a part of the App Store screening process, it's important to note what the "identified developer" program doesn't do.
It's not a background check for developers. Getting a developer certificate isn't like getting a passport or a driver's license. A developer signs up for an account and gets a certificate. That's it. What's more, these apps have no seal of approval from Apple. Apple never sees them. Developers don't need to check with Apple before signing apps. Apple's not involved other than providing them with a certificate that Apple can revoke later if it feels the developer is distributing malware.
If you want Mountain Lion to run every app under the sun, you can just change the setting to Anywhere. (Changing this setting requires that you enter an administrator's user name and password.)
Gatekeeper is also really easy to override. If you right-click on an app in the Finder and then choose Open, you're prompted with a different dialog box--one that also offers to open the offending app. If you choose Open, the app launches normally, and that's it.
Finally, it's important to note that because Gatekeeper uses the File Quarantine system, it only works the very first time you try to launch an app, and even then only when it's been downloaded from an app on your Mac like a web browser or email program. And once an app has been launched once, it's beyond the reach of Gatekeeper.
Combine this with the ease of overriding Gatekeeper by using the Open command and it's clear that Gatekeeper in Mountain Lion isn't intended to be some sort of high-security app lockdown. It's just a tool to encourage people not to run software they don't trust. If they really, truly want to run an app, Mountain Lion won't stop them.
Jason Snell is Macworld's editorial director.
- Mountain Lion mauls other OS X editions for top spot
- Apple consistently convinces customers to upgrade OS X
- Apple to kill Messages beta for OS X Lion next month
- OS X Mountain Lion's torrid upgrade pace cools
- Apple rolls out iOS 6, upgrades Mountain Lion
- OS X Mountain Lion grabs 20% share of all Macs
- Apple's Mountain Lion clears 10% bar, now runs 1 in 10 Macs
- Macs at risk from 'super dangerous' Java zero-day
- Mac laptop owners report shortened battery life after Mountain Lion upgrade
- Mac users left wondering if OS X Snow Leopard's retired
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Accelerating Network Convergence in Virtualized and Cloud Data Centers Adopting a converged networking strategy enables organizations to traffic server and storage I/O workloads on consolidated data throughput channels. Intelligent software helps optimize...
- Omnichannel: From Buzzword to Strategy Customers demand a seamless experience across channels, especially mobile. Read this whitepaper for a research-based framework for using omnichannel for higher customer engagement.
- How 10GbE Network is the Backbone of the Virtual Data Center The shift to a virtual data center has put tremendous strain on legacy networks; driving the need for more speed, lower latency, more...
- 10GbE in the Data Center Improvements in 10GbE technology, lower pricing, and improved performance make 10GbE for the mid-market a viable and cost-effective strategy. This white paper discusses...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Mac OS X White Papers | Webcasts