Apple’s new OS X 10.8 (Mountain Lion) operating system for the Mac offers a range of new features, and more parity with iOS, meaning that those of us who switch between iPhones, iPads, and Macs all day long will find fewer differences. This will not be a review of all thats new in Mountain Lion, but instead will focus on one if its larger features, called GateKeeper, and specifically what Gatekeeper means to photographers.
You’ve probably noticed all desktop/laptop operating systems ratcheting up security in recent versions. This is a good thing, except where its a bad thing; and bad usually means inconvenient or different. OS X 10.7, for instance, made the User Library invisible, which might keep your parents or your children from doing damage to important files in that location, but it also means you can’t directly access important files stored there, such as ICC profiles. Pasting a line of code into the Console solves that issue, but one still gets the feeling that the playpen is closing in around end users, and we will be allowed to do less and less “under the hood” over time.
Mobile Security versus Desktop Security
iOS is based on the theory that there isn’t really much that should be done under the hood, and the result is an OS that virtually anyone can use, and which seldom needs service or even expert advice when using iOS phones or tablets. But thats not exactly what we’re used to on the Mac. So with each new Mac OS, we will gain more parity with iOS, but with new restrictions in the process.
Gatekeeper is exactly this type of balancing act. It restricts the types of applications you can load onto your Mac, and where those apps come from. But in order to avoid causing too much backlash from longtime Mac users, Gatekeeper offers three settings. At its highest setting, applications can only be downloaded from the Mac App Store. This offers maximum reassurance to users that they are not loading spyware, malware, or other dangerous stuff onto their computers unintentionally. But there are many excellent pieces of software not available from the Mac App Store, and software which drives hardware devices is noticeably absent from the Mac App Store as well. So changing the Gatekeeper setting to “high” might be advisable for computers owned by your young children, but it has limitations for those doing advanced graphics and photographic work.
The default setting for Gatekeeper is “medium”. At this setting, Apps can be downloaded from the Mac App Store, and from other locations as well. But only Apps from Apple Certified Developers can be installed without warning bells going off. This means that there is at least reasonable assurance that the App you are installing is not malicious, and offers reasonable peace of mind.
Gatekeeper Settings to Avoid
Setting Gatekeeper to its lowest setting allows apps to be installed even if they are not from a certified developer, and do not include a Digital Certificate. Since there are ways to allow such installations even at the default “medium” setting, there is not much reason to set Gatekeeper to “low”.
What Gatekeeper Doesn’t Do
Gatekeeper does not affect applications you have already installed. So all your existing apps, (even potentially malicious ones) will continue functioning as they always have. And Gatekeeper does not stop you from installing software from an Optical Disc (CD/DVD), since its a download-related tool.
Where Gatekeeper Puts Up Warnings
If you have downloaded an installer for one of your favorite apps previously, and try to install it now that you are running Mountain Lion (and thus have Gatekeeper running) that older installer will not include a digital certificate, and will trigger a warning from Gatekeeper. If your software developers have not kept up with Apple’s new protocols, even currently downloaded Apps may trigger this warning. If this happens, you should double check that the App and Installer in question is legitimate, before you bypass Gatekeeper and install.
How Its Supposed to Work
At the default “medium” setting, Gatekeeper should allow you to install new Mountain Lion-updated installers from all legitimate developers without warnings. Most users will run at this default (few will even know there are alternative settings), and most legitimate software will be digitally signed; so in most cases (or so Apple hopes), end users won’t even know this safety net is in place.
What This Means for Photographers and Designers
The software developers in these fields tend to be quite proactive and knowledgable, so most Mac Apps for graphics and photo uses should be fine. I have already installed Apps using updated Installers from Datacolor and NIK under Mountain Lion with no difficulties. Some of your smaller Apps from the fringe of the industry may be a bit slower to update their products. A note to them letting them know that you aren’t comfortable installing their products until this has been rectified may help speed the process.
The Overall Balance
Gatekeeper does raise the bar and keep malicious software from being installed thoughtlessly, or by accident. It won’t keep all such software off your computer, but given the excellent track-record of the Mac, it should make a safe system even safer. And the occasional inconveniences it may cause are not on the scale that some other Operating System safeguards have caused in the past (anyone remember the constant barrage of verification requests from Windows Vista?) So it seems well worth the effort, for the additional peace of mind.