Welcome, OSX 10.8 GateKeeper

Posted by

I upgraded my Queen’s 11″ MacBook Air to OSX 10.8 yesterday. It was thoroughly uneventful. 10.8’s new features are of little interest to me; I only upgraded to ensure that nothing important will break for other users.

I haven’t been following 10.8 development, so I was a bit taken aback when I attempted to upgrade VirtualBox to 4.1.18 and was prompted with the following:

OSX 10.8 GateKeeper warning

That’s right: By default you can only install apps in OSX 10.8 if the vendor is known and registered with Apple.  This is a “feature” known as GateKeeper that has been well-covered elsewhere.

Of course, as this is new in 10.8, you can easily turn this “feature” off in System Preferences under “Security and Privacy.”

First, click the lock icon, then select “Allow applications downloaded from: Anywhere”

OSX 10.8 Allow from all sources

I fear that this is the new not-so-thin edge of the wedge.  Yes, there are good arguments to be made for only allowing software from trusted sources.  This should knock out many trojans and other classes of malware.  (That said, if the bad guys somehow manage to spoof your certificates, you’re in trouble.  I’m looking at you, Microsoft.)  However, it also will make things more difficult for small, independent, and Open Source developers.

Even worse, what happens in OSX 10.9 or 10.10 if Apple decided that applications should only run if purchased through the App Store?  It would not be out of character to simply remove the ability to run apps from unknown sources.  This would be troubling indeed, and is one of the main reasons that I’m spending the rest of the summer back in Linux land.

Software freedom is very important.  The general purpose computer is also important.  I fear that OSX 10.8’s GateKeeper is leading computer users down the path to a completely closed computing environment.  Safer?  Perhaps.  Certainly less open.

GoSaBe Blog - Jul 26, 2012 | Linux, Security

2 Trackbacks