Thoughts on the Mac OS X Mountain Lion Developer Preview
by Andrew Cunningham & Anand Lal Shimpi on February 19, 2012 7:40 PM EST- Posted in
- Mountain Lion
- Mac
- macOS
Gatekeeper
Of the Mountain Lion announcements, Gatekeeper has been one of the most discussed. Apple has touted OS X as being a safer, more secure environment than Windows, offering its customers a relatively malware-free experience. In the early days this was often discounted by saying that OS X wasn't a likely target for malware simply because no one used it. Today Apple claims to have a Mac installed base of 63 million users. While there are far more Windows users, that's not an insignificant number. And it's growing.
As the likelihood for significant malware targeting OS X increases, Apple must do whatever it can to maintain its pristine image. In a sense, Apple made its bed by promising a more secure, virus/malware-free experience, and now it has to sleep in it. It's not a bad thing, but it's something that is going to require a lot of work.
The easiest and most obvious solution to the problem is the Mac App Store. Every app distributed through the Mac App Store is certified by Apple and thus no malware/viruses should ever make their way to a customer's Mac if they only run apps from the Store. That's a step in the wrong direction unfortunately. Companies like Adobe and Microsoft don't make their applications available in the Mac App Store (paying Apple 30% for every copy of Photoshop sold seems unlikely to happen), not to mention the tons of useful open source or other programs that aren't distributed through the MAS. While the iPhone can sell just fine as a platform that's more of an appliance, Macs (at least today) cannot.
The alternative is to heavily warn users that what they're running isn't exactly safe but allow applications, regardless of origin, to be run. This is what's done today in Lion. The first time you run an application that you downloaded you'll get a message that looks like this:
It's the everlasting debate between freedom and security. Give up one to get the other, but what's the right balance?
The compromise in Mountain Lion comes in the form of a tool called Gatekeeper. An innocuous little radio selection in the Security preference pane, Gatekeeper lets you choose what applications can be run on your Mac.
You can choose to only allow applications from the Mac App Store, allow all (the two extremes we discussed above) or pick an in-between option: allow anything downloaded from the MAS or anything by an identified developer.
This in-between setting is the compromise.
If a developer joins the Mac developer program ($99/year) it can become an officially identified developer with Apple. The developer can then sign its applications with a unique cryptographic key that Apple recognizes, without requiring that the apps be distributed through the Mac App Store. Unlike the Mac App Store, there's no approval process that the developer's signed apps need to go through. There's only one stipulation that goes along with the identified developer label: the apps distributed with that key cannot be malware.
Apps from identified developers will communicate with Apple's servers to verify the digital signature is intact and correct only upon install or the first run of the application. Subsequent runs do not phone home and there's no remote kill switch for these applications. Should Apple find out that a developer has been distributing malware Apple can revoke the developer's key, but that would only render those apps that have yet to be installed/run from working. Without a certification process for non-MAS apps there's still a degree of risk associated with this compromise. I don't believe the ideal solution is to force everyone to buy through the MAS, but Gatekeeper's compromise isn't an impervious solution.
Apple tells us the default Gatekeeper setting in Mountain Lion will be to allow apps from the Mac App Store or from identified developers to run. Hopefully by the time Mountain Lion ships many third party developers will be on-board and identified making the transition mostly seamless. If you don't change the default Gatekeeper setting there's another way around the protection: simply control-click (or right click) on the app you're trying to run and select open. Doing so will override the Gatekeeper setting and let you run an unsigned app.
Facebook
Twitter
RSS
96 Comments
View All Comments
FWCorey - Tuesday, May 1, 2012 - link
And what makes games so much less relevant on a platform that has more consumer users than commercial users?Windows has given them a high priority for ages despite the fact that OS's demographic balance swings in the opposite direction.
marioyohanes - Monday, February 20, 2012 - link
Thanks for extensive review on the new upcoming OS X Mountain Lion.Since you guys are the most reliable sources for SSD, I was wondering whether OS X Mountain Lion has better support for SSD or not, specifically with 3rd party SSD?
I have 2 different SSDs, Intel 320 and Vertex 3 installed on both 2011 MBP and 2009 MBP, and it always gets corrupted right after OS X update or Safari update under Mac OS X Lion (never have this problem on SL).
I really hope Mountain Lion could brings better support for 3rd party SSD than it does on Lion. Because why bother buying new hardware if you'll get stuck with 5400 rpm hdd :)
vectorm12 - Monday, February 20, 2012 - link
Considering Apple would much rather charge you 500+ USD for a 256GB SSD that's a decent performer at best I'd say we're out of luck on any kind of support on 3:rd party SSDs. In fact I wouldn't be the least bit surprised if Apple in fact chose to limit booting from 3:rd party storage in the near future.Interesting about your Vertex 3 being corrupted after OS X updates. I've been running Lion for the better part of a month on my early '11 13" macbook pro I have for work with a Vertex3 Max IOPS and haven't seen any real issues thus far.
I do however see intermittent slowdown at times which I've thus far figured to be TRIM related. Especially when waking the system from sleep/hibernation. Perhaps I've been to quick to jump to conclusions about those issues?
All in all I see where Apple wants to take OSX and their platforms in general, but I can't help but pray people won't keep accepting all the limitations since it's really bad for all consumers in the long run.
Otherwise we'll be running IOS 8 on mac hardware and being forced to jailbreak new mac pros as well.
KPOM - Monday, February 20, 2012 - link
From what I have seen on the developer preview, it does not. I'm assuming the hacks still work, but I haven't tried them. My guess is that we'll see the MacBook Pro line either merge with the Air or become less user-upgradable in the future (perhaps RAM will still be upgradable), at least in the 13" and 15" models, so I wouldn't bet on adding TRIM support for third party drives. I've heard that Apple makes as much or more money on NAND as the manufacturers of the NAND themselves.zdzichu - Monday, February 20, 2012 - link
First page discussing rapid release cycles fails to mention Linux distributions. Major distributions shifted to half-year release cycle few years ago (pioniereed by Fedora in 2003 and Ubuntu in 2004). This pace works very good for consumer software.damianrobertjones - Monday, February 20, 2012 - link
"Microsoft announced a planned shift to a 3-year OS release cadence."Didn't they previously have this 3 year release thing? Pretty sure that they did
cjs150 - Monday, February 20, 2012 - link
Actually I do not hate apple, it has a philosphy that does not work for me.Mountain Lion is clearly yet another step towards the walled garden approach that Apple wants. This approach will result in thinks that "just work", like any number of consumer electronic products. This is why many people at my work love Apple.
But this approach has its downside, if all you want is something that "just works" then you do not need to know how it works and you are stuck with Apple's design decisions (eg no true HD on Apple TV). I want to know how things work, I want to be able to fiddle with settings, add programs that genuinely extend or enhance my working experience.
A simple example. I have a young daughter (10) who is starting to ask for a computer in her bedroom. I have said that if she wants one and can explain why, she can have one but on the condition that it will arrive in bits and she will have to build it herself and install all the software. Admittedly this is a good parent trick to ensure the computer issue is deferred by at least 6 months, but assuming it happens it will teach my daughter very quickly how computers work, what bits are in a computer and how to install software and generally ticker with the computer. Apple take all that away - the computer should be simply a higher priced version of a washing machine - plug it in and away you go.
tim851 - Monday, February 20, 2012 - link
What if your daughter wants a laptop?I've been managing my parents' PC for a while now. I could be a dick like you and tell them they have to do build it themselves, but I realized that not everybody is a nerd or has the time to become one and ultimately a PC is just an appliance like a fridge or a tv. I didn't make my mom assemble her car either.
Next time you go into the supermarket to buy a steak, I hope they hand you a knife and point to a nearby cow.
bji - Monday, February 20, 2012 - link
The obvious difference between your hypotheticals and his real situation is that he is the parent and its his responsiblity to educate his children and guide their development. It is not your responsibility to educate or guide your parents nor is it the responsibility of the supermarket to educate its customers on how cows are turned into steaks. There's no need to call cjs150 a dick just because you couldn't formulate this simple concept yourself.vectorm12 - Monday, February 20, 2012 - link
While I do agree with you for the most part I see a problem with "our" view of how things are supposed to work.The big issue is a lot of people want the "washing machine"-experience with computing devices. Heck even at times I do and it's something that is required at this point in my mind simply because most people choose the simplest/easiest way to get things done whenever possible. Most people simply choose rather not to use a function than actually learn how to use it.
However I feel Apple as well as all others should provide a simple switch to disable to "walled garden" and expose the OS to people who choose to do so. In my mind that's the best of both worlds. Dumb it down for the people who couldn't care less, keep the techs happy who actually use and promote the devices.