Cod Liver Oil: Like It Or Not, Apple’s Gatekeeper Makes Sense

Electronic Freedom Fighters and knee-jerk reactionaries: prepare your big drums because here comes the cause of the week. We learned about Gatekeeper, Apple’s app signing solution that ensures “rogue” apps can’t infect your computer, a few months ago when the company announced the coming of a new OS, Mountain Lion. Developers recently received a note reminding them to begin implementing Gatekeeper features or, well, nothing bad will happen:

“The Mac App Store is the safest place for users to get software for their Mac, but we also want to protect users when they get applications from other places. Gatekeeper is a new feature in OS X Mountain Lion that helps protect users from downloading and installing malicious software. Signing your applications, plug-ins, and installer packages with a Developer ID certificate lets Gatekeeper verify that they are not known malware and have not been tampered with.
Mac Developer Program members can sign applications with their Developer ID now to get ready for Gatekeeper. If you’re not already a member, join the Mac Developer Program today.”

There are two ways to think about this. As an IT guy, I see this as a golden ticket to malware-free machines. If my fleet of iMacs or Macbooks is protected – ostensibly – by Gatekeeper, I can rest easy knowing that no unsigned applications can run and ruin my machines. This obviously ignores the fact that there is very little malware for OSX anyway and that it’s trivial, provided you know the password, to bypass Gatekeeper. However, for the vast majority of my users it is a boon.

The “It’s My Machine” crowd will be up in arms because this now suggests there will be a time – maybe soon, maybe not so soon – that Apple will require everything to be signed. Imagine having to jailbreak your laptop and you get what they’re on about. It’s inconvenient, insulting, and patently silly.

Increased control over app installation is an acquired taste. If you weren’t actively using computers in the late 1990s and early aughts, you’d probably never see the horrors that much malware wreaked on Windows machines. The horrors of out-of-control DirectX extensions, nagging adware, and poorly-written spyware essentially forced programmers to ask permission for everything in later versions of Windows and OS X. And that’s fine. I’d rather be able to drop into the Terminal and futz around with my OSes core files while simultaneously being protected from junk apps that may try to steal or break my computer.

Computer users need to pick their battles wisely. It can be argued that Apple’s decision not to allow “homebrew” iOS apps has stifled innovation and you can also argue that the vast majority of iOS users neither care nor are aware of the homebrew scene. Like the dinosaurs in Jurassic Park, homebrew finds a way. If past experience is evidential, the possibility that Apple will be able to totally lock down what you can and can’t install on your Macs is scant at best.

Windows 8 also has controls in place to ostensibly improve the experience. Although they aren’t signing apps – yet – it’s bound to happen.

Gatekeeper, like cod liver oil and Brussels sprouts, may go down rough but, in the end, I think it’s good for us.