Tag: apple

Gatekeeper on OS X Mountain Lion

Apple recently unveiled its upcoming version of OS X, Mountain Lion. This announcement was quite surprising, as OS X Lion was released just 8 months ago, and only 3 updates have been published so far (current version is 10.7.3). However, the name Apple chose seems to indicate an improved version of 10.7 and not a major release. And the funniest part is that a Mountain Lion is also known as Cougar or… Panther ! For our earlier-switchers, Panther was the name of Mac OS X 10.3.

Among new features in Mountain Lion, we find “GateKeeper”, which is presented by Apple as an improved security for end-user:

Gatekeeper in OS X Mountain Lion makes the Mac safer than ever. It helps protect you from downloading and running malicious software. It brings you new levels of security. And it puts you in control.

To be more precise, you’ll have three choices:

  • Allow software downloaded from anywhere
  • Allow software downloaded only from Mac App Store
  • Allow software downloaded only from Mac App Store and identified developers

The last option should be selected by default (at least in current Developper Release of 10.8). This is a pretty good choice for most users, as Apple will disable a Developper ID when a software is known as malicious. Some people may find it’s a bit strict, but you’ll be able to select another option, especially “Allow software downloaded from anywhere”.

Here, at Jibapps, we find that it’s a fair solution, much more efficient than requesting sandboxing for every application. We regret that in a near future, some applications will be forced to quit the Mac App Store (because not compatible with Sandboxing) and we hope that Apple will change its mind (after all, they decided to delay Sandboxing a little bit, until June 2012). And don’t forget: sandboxed app doesn’t mean better-coded app!

Apple and application sandboxing

The biggest revolution for Mac applications is coming soon. Apple is going to force developers to implement sandboxing in their applications, before the end of March 2012. At least for applications available on the Mac App Store.

Sandboxing is a great concept for end-user, as it improves security: a sandboxed application does not have any access to your system, except for some particular and limited tasks. Thus, the application don’t see your filesystem, but only its “sandbox” (also called “container”). iOS already implements this concept, which main limitation is the impossibility for an application to read or write file in another application container.

However, what is good for a mobile phone is not always good for a computer! On Mac OS X, many applications need a wide access to your system, such as our application TrashMe (we’re looking and deleting files in you Library folder, which is forbidden for a sandboxed app). We don’t have any guarantee that our app will be compatible with future Mac App Store rules. Previous deadline was November 2011, but there were too many bugs with sandboxing and Apple decided to define a new deadline.

We’re working hard on improving our applications and testing sandboxing (and a new project is coming soon). We’ll keep you informed.