dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
16
share rss forum feed


HiVolt
Premium
join:2000-12-28
Toronto, ON
kudos:21
Reviews:
·TekSavvy DSL
·TekSavvy Cable
reply to J E F F

Re: [OS X] Mountain Lion coming this summer

said by MacRumors :
One of the significant new features in OS X Mountain Lion is Gatekeeper, a new security system to help keep users from installing nefarious applications on their machines.

The new system relies not only on Mac App Store distribution as means of vetting apps, but also on a new "identified developer" program under which developers distributing their applications outside of the Mac App Store can register with Apple and receive a personalized certificate they can use to sign their applications. Apple can then use that system to track developers and disable their certificates if malicious activity is detected.

Located in the General tab of the Security & Privacy preference pane is a setting called “Allow applications downloaded from,” with three options:

Anywhere: This choice uses the same set of rules as every previous version of Mac OS X. If an app isn’t known malware and you approve it, it opens.

Mac App Store: When this choice is selected, any apps not downloaded from the Mac App Store will be rejected when you try to launch them.

Mac App Store and identified developers: This is the new default setting in Mountain Lion. In addition to Mac App Store apps, it also allows any third-party apps that have been signed by an identified developer to run.

If anyone didn't see this coming, they're deluded... Apple will eventually have sole control of your desktop as well.

They're just inching along, instead of just fully disallowing outside apps.
--
GO LEAFS GO!


J E F F
Whatta Ya Think About Dat?
Premium
join:2004-04-01
Kitchener, ON
kudos:1
Reviews:
·Rogers Portable ..

What determine whether or not Apple will accept an "identified developer"? If a piece of software, like one based on WINE, would Apple be eager? Likely not.
--
If you can't explain it simply, you don't understand it well enough. - Albert Einstein



lordpuffer
RIP lil
Premium
join:2004-09-19
Rio Rancho, NM
kudos:2
Reviews:
·CableOne
reply to HiVolt

Thank you for the excellent clarification! Looks like I may be able to roar like a Mountain Lion after all.
--
PR is back in town



HiVolt
Premium
join:2000-12-28
Toronto, ON
kudos:21
Reviews:
·TekSavvy DSL
·TekSavvy Cable

Looks like Software Update is moving to the Mac App Store as well. You'll need to create an Apple ID (or use an existing one) to keep your OS updated, even if you wish to stay clear of Apple's online ecosystem of apps.

Nice...
--
GO LEAFS GO!



lordpuffer
RIP lil
Premium
join:2004-09-19
Rio Rancho, NM
kudos:2
Reviews:
·CableOne

said by HiVolt:

Looks like Software Update is moving to the Mac App Store as well. You'll need to create an Apple ID (or use an existing one) to keep your OS updated, even if you wish to stay clear of Apple's online ecosystem of apps.

Nice...

I kinda like the way Software Update works now. However, I have an Apple ID, so that won't be a deal breaker.
--
PR is back in town


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
reply to J E F F

said by J E F F:

What determine whether or not Apple will accept an "identified developer"? If a piece of software, like one based on WINE, would Apple be eager? Likely not.

Any developer can sign up for the certificate without any approval. They just need to sign up for the Apple Developer Program and generate a certificate.
--
University of Southern California - Fight On!


HiVolt
Premium
join:2000-12-28
Toronto, ON
kudos:21
Reviews:
·TekSavvy DSL
·TekSavvy Cable

said by Thinkdiff:

Any developer can sign up for the certificate without any approval. They just need to sign up for the Apple Developer Program and generate a certificate.

Doesn't it cost $100?
--
GO LEAFS GO!


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

Yes. But I would think most developers are already part of that program. Obviously it hurts small developers that want to distribute a free app on their own (although they could just instruct their users to allow 10.8 to exempt their app from Gatekeeper). I wouldn't be surprised if the certificates were offered outside of the Developer Program in the future.
--
University of Southern California - Fight On!



haroldo

join:2004-01-16
united state
kudos:1

Not sure if it's a big deal.
For 95% of users (average folk), they'll go with the default (secure setting) and only get stuff via the app store. They'll not bother with downloading or installing programs from 'small developers' (most non-advanced users never install anything)

For the advanced users, they'll select

quote:
“Allow applications downloaded from,” with three options:

Anywhere: This choice uses the same set of rules as every previous version of Mac OS X. If an app isn’t known malware and you approve it, it opens.
and be able to get an app even if they're outside of the program (right?)
No one loses choice, since avenues still exist...it's just harder for average folk to damage their computer.


HiVolt
Premium
join:2000-12-28
Toronto, ON
kudos:21
Reviews:
·TekSavvy DSL
·TekSavvy Cable

The issue is not with this Mountain Lion... The issue is with future versions... 10.9 may be just App Store & Identified developers, and the next release, which will probably be OS 11, will be App Store only after everyone is slowly forced into this over time.
--
GO LEAFS GO!



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
reply to haroldo

said by haroldo:

Not sure if it's a big deal.
For 95% of users (average folk), they'll go with the default (secure setting) and only get stuff via the app store. They'll not bother with downloading or installing programs from 'small developers' (most non-advanced users never install anything)

For the advanced users, they'll select

quote:
“Allow applications downloaded from,” with three options:

Anywhere: This choice uses the same set of rules as every previous version of Mac OS X. If an app isn’t known malware and you approve it, it opens.
and be able to get an app even if they're outside of the program (right?)
No one loses choice, since avenues still exist...it's just harder for average folk to damage their computer.

I agree, which I don't think the sky is falling like HiVolt always does. But I guess we'll see who's right when 10.9 comes out next year.

I'd prefer the default to be install from Anywhere and then have the user pick their preference on first start up (explain all the pros/cons), but that would be confusing to many people. If most apps will install without even knowing Gatekeeper is active (which they will) and every now and then I have to manually approve an App, that seems like a good balance to me and not too much different than the current system (pop-up of "This app was downloaded from the internet...")
--
University of Southern California - Fight On!


haroldo

join:2004-01-16
united state
kudos:1

2 recommendations

reply to HiVolt

I'm not going to worry about what someone might do down the road. If this is a good product, I'll buy it. If the next one isn't, I wont.
Life's too short for me to worry about something that most likely wont occur, but could...assuming one's extrapolation holds true.



haroldo

join:2004-01-16
united state
kudos:1

1 recommendation

reply to Thinkdiff

said by Thinkdiff:

...
I'd prefer the default to be install from Anywhere and then have the user pick their preference on first start up (explain all the pros/cons),...

Not me. 95% of users wont understand (nor remember) the explanation. I'd set it secure and let the 5% EASILY figure out how to adjust it. We all know where System Preferences is found.
W*****s XP is a perfect example of a system that could have been set secure...but wasn't, with default settings set too liberally for the average user.
They should make it like they make cars...with idiot lights. Keep it simple. There's a lot of idiots out there

Last week I got this call...
"my printer isn't working"
"did you add paper?"
"yes. I put it in the top"
"the top is the document feeder, the bottom tray is the paper tray"

, etc.

yabos

join:2003-02-16
London, ON
reply to Thinkdiff

said by Thinkdiff:

Yes. But I would think most developers are already part of that program. Obviously it hurts small developers that want to distribute a free app on their own (although they could just instruct their users to allow 10.8 to exempt their app from Gatekeeper). I wouldn't be surprised if the certificates were offered outside of the Developer Program in the future.

From what I've read, if you want to distribute your app via the Mac App Store then you need to have a $99 paid Mac Developer account. If you want to distribute signed applications via your own website, you can get a free account that allows you to sign the applications in the same manner.


Ctrl Alt Del
Premium
join:2002-02-18
kudos:1
reply to HiVolt

said by HiVolt:

If anyone didn't see this coming, they're deluded... Apple will eventually have sole control of your desktop as well.

They're just inching along, instead of just fully disallowing outside apps.

Because we all know Apple makes transitions very slowly. They don't just switch an entire architecture in like 6 months or anything.

Apple is taking what I see as the most logical method to installing software. The default is the safest for "normal" people. But there's clear options for those who want to run whatever applications they want.
--
less talk, more music


Khaine

join:2003-03-03
Australia
reply to J E F F

said by J E F F:

What determine whether or not Apple will accept an "identified developer"? If a piece of software, like one based on WINE, would Apple be eager? Likely not.

From the macworld article

So what’s an “identified developer?” Basically, it’s any developer who registers as a developer with Apple and receives a personalized certificate. The developer can then use that certificate to cryptographically sign their apps. Any such app has two important characteristics: Apple can tell who developed it, and Mountain Lion can detect whether it’s been tampered with since it left the hands of the developer.

The first part is important because, Apple says, if a particular developer is discovered to be distributing malware, Apple has the ability to revoke that developer’s license and add it to a blacklist. Mountain Lion checks once a day to see if there’s been an update to the blacklist. If a developer is on the blacklist, Mountain Lion won’t allow apps signed by that developer to run.

When you try to launch an app using this system, your Mac will check with Apple’s servers to see if the developer’s signature is current. But what it doesn’t seem to mean is that previously-installed malware will be wiped clean, because once an app passes File Quarantine and launches successfully for the first time, it’s basically escaped Apple’s screening system.

»www.macworld.com/article/165408/···per.html

This information is really easy to find, I'm not sure why people are whipping themselves into a frenzy over nothing


J E F F
Whatta Ya Think About Dat?
Premium
join:2004-04-01
Kitchener, ON
kudos:1
Reviews:
·Rogers Portable ..

said by Khaine:

This information is really easy to find, I'm not sure why people are whipping themselves into a frenzy over nothing

Perhaps because it appears that Apple is headed for lock-down, maybe not in 10.9, but maybe 11.0. For example, would apps like Handbrake still be available? What about Transmission? I have a friend that created an app (WINE) for installing *some* windows programs, it was refused by the app store because it uses Windows files...

Of course, nothing might change, just permissions. Which, if that is the case, is great.
--
If you can't explain it simply, you don't understand it well enough. - Albert Einstein


Khaine

join:2003-03-03
Australia

said by J E F F:

said by Khaine:

This information is really easy to find, I'm not sure why people are whipping themselves into a frenzy over nothing

Perhaps because it appears that Apple is headed for lock-down, maybe not in 10.9, but maybe 11.0. For example, would apps like Handbrake still be available? What about Transmission? I have a friend that created an app (WINE) for installing *some* windows programs, it was refused by the app store because it uses Windows files...

Of course, nothing might change, just permissions. Which, if that is the case, is great.

Considering Apple have had private meetings with Developers over this »www.panic.com/blog/2012/02/about-gatekeeper/

quote:
But I can’t find it in me to disparage this goodwill effort that Apple has undertaken to not turn every third-party developer upside-down with regard to app distribution. To me it’s a great sign that they’re aware and at some level sympathetic to our concerns, while remaining committed to a high-security experience for users.

Further cementing this feeling is the fact that we were invited to a private briefing at Apple about Gatekeeper a week before today’s announcement. Cabel was told point-blank that Apple has great respect for the third-party app community, and wants to see it continue to grow — they do not want to poison the well. I think their actions here speak even louder than their words, though.



J E F F
Whatta Ya Think About Dat?
Premium
join:2004-04-01
Kitchener, ON
kudos:1
Reviews:
·Rogers Portable ..

said by Khaine:

said by J E F F:

said by Khaine:

This information is really easy to find, I'm not sure why people are whipping themselves into a frenzy over nothing

Perhaps because it appears that Apple is headed for lock-down, maybe not in 10.9, but maybe 11.0. For example, would apps like Handbrake still be available? What about Transmission? I have a friend that created an app (WINE) for installing *some* windows programs, it was refused by the app store because it uses Windows files...

Of course, nothing might change, just permissions. Which, if that is the case, is great.

Considering Apple have had private meetings with Developers over this »www.panic.com/blog/2012/02/about-gatekeeper/

quote:
But I can’t find it in me to disparage this goodwill effort that Apple has undertaken to not turn every third-party developer upside-down with regard to app distribution. To me it’s a great sign that they’re aware and at some level sympathetic to our concerns, while remaining committed to a high-security experience for users.

Further cementing this feeling is the fact that we were invited to a private briefing at Apple about Gatekeeper a week before today’s announcement. Cabel was told point-blank that Apple has great respect for the third-party app community, and wants to see it continue to grow — they do not want to poison the well. I think their actions here speak even louder than their words, though.

If that is the case, then I likely will purchase more Macs.

As I said, no issues about having a locked down phone...not too happy about a locked down iPad so my 11 year old has it now. But the Mac better never be in lock down.

Eventually I'll have to get another computer...just unsure if it will be the iMac or MBPro.
--
If you can't explain it simply, you don't understand it well enough. - Albert Einstein


Count Zero
Obama-Biden 2012
Premium
join:2007-01-18
Winston Salem, NC
reply to J E F F

There isn't a "acceptance" protocol. It's going to free for anyone to sign up for for an identity and then if their software is found to be malicious Apple will be able to kill the software remotely. That's the whole benefit.