OSX Mountain Lion Gatekeeper
Apple has announced today a new System Preference Pane and Core Service called Gatekeeper along with other features of OX Mountain Lion. Gatekeeper will allow the user or Mac Systems Administrator to control the installation of software allowing them to ensure that only software signed by an Apple developer from the Mac APP store can be installed. The iPhone ecosystem has been making it's way on to the desktop of Mac OSX users and developers for sometime. Mobile operating systems are influencing what we can expect in the coming years on our laptops, desk tops, servers, PaaS and computing devices. (For my PC friends, wait until you see Metro.) Gatekeeper will be a game changer because Apple has the capability to implement it effectively. It is my thinking that this adds a layer of protection and control that is long over due. Basically, this control will, at the user's/admin's discretion, result in the Mac OSX platform to truely mimic the iOS application code signing ecosystem. (Only code signed by a Mac developer can be installed with additional options.) Clearly as has been demonstrated by iOS sand-boxing approach, what once was thought of as restrictions now are considered an excellent balance of protection verse features. But why stop there? I have long been an avocate for administrators creating their own seat-belt profile files(.sb) to enhance the settings already used in MacOSX. I expect additional controls including seat-belt in a very user friendly control pane as well in the not to distant future. Many applications and users do not need access to the file system, particular frameworks or networking. (Yes, there are other way to control this and Apple has added these controls to XCode for developers to implement. Figure 1) Allowing users and administrators a simple manner in which to manage these very complicated controls over applications and their privileges seems a logical next step in porting some of the security features from iOS to the desktop. Currently XCode 4.2.1 build 4D502 allows developers various sandboxing controls as of Lion. Of course, Gatekeeper is not a perfect solution, nothing is, once you create a system there are flaws. Gatekeeper provides the user/administrator with an additional technical tool to enhance Mac OSX's security robustness. The technology is not new and various technical aspects have been discussed for some time by many researchers. Apple's controls at various levels including development, distribution, installation and administrator has lots of potential. However as with any security schema the devil is in the implementation. What makes this a game changer is that Apple, largely due to the success of the iOS ecosystem, is extremely capable of implementing Gatekeeper along with these other security controls in a way that will matter.