The first part is important because, Apple says, if a particular developer is discovered to be distributing malware, Apple has the ability to revoke that developer's license and add it to a blacklist. Mountain Lion checks once a day to see if there's been an update to the blacklist. If a developer is on the blacklist, Mountain Lion won't allow apps signed by that developer to run.
When you try to launch an app using this system, your Mac will check with Apple's servers to see if the developer's signature is current. But what it doesn't seem to mean is that previously-installed malware will be wiped clean, because once an app passes File Quarantine and launches for successfully the first time, it's basically escaped Apple's screening system.
The fact that Mountain Lion can detect apps that have been modified since they were signed is relevant because while there's not a lot of Mac malware out there, what does exist is largely based on legitimate apps that have been modified to include malware and then redistributed on piracy sites. With this new model, any tampering with an app would render it unlaunchable.
Given the scrutiny that Apple puts apps through as a part of the App Store screening process, it's important to note what the "identified developer" program doesn't do.
It's not a background check for developers. Getting a developer certificate isn't like getting a passport or a driver's license. A developer signs up for an account and gets a certificate. That's it. What's more, these apps have no seal of approval from Apple. Apple never sees them. Developers don't need to check with Apple before signing apps. Apple's not involved other than providing them with a certificate that Apple can revoke later if it feels the developer is distributing malware.
Gatekeeper's limitations
If you want Mountain Lion to run every app under the sun, you can just change the setting to Anywhere. (Changing this setting requires that you enter an administrator's user name and password.)
Gatekeeper is also really easy to override. If you right-click on an app in the Finder and then choose Open, you're prompted with a different dialog box--one that also offers to open the offending app. If you choose Open, the app launches normally, and that's it.
Finally, it's important to note that because Gatekeeper uses the File Quarantine system, it only works the very first time you try to launch an app, and even then only when it's been downloaded from an app on your Mac like a web browser or email program. And once an app has been launched once, it's beyond the reach of Gatekeeper.
Combine this with the ease of overriding Gatekeeper by using the Open command and it's clear that Gatekeeper in Mountain Lion isn't intended to be some sort of high-security app lockdown. It's just a tool to encourage people not to run software they don't trust. If they really, truly want to run an app, Mountain Lion won't stop them.
Jason Snell is Macworld's editorial director.
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
