Apple wants Gatekeeper in macOS to guard the gate even more fervently

Apple will further lock down what apps can be run on Macs when it releases macOS Sierra this fall, reports Computerworld. The move is “likely a response” to revelations last year that Gatekeeper -could be easily bypassed by attackers to plant malware on machines.

Some apps downloaded and installed from the Internet could adversely affect your Mac. Gatekeeper is designed to help protect your Mac from such apps. Apple really wants you to download Mac apps from its Mac App Store.

For apps that are downloaded from places other than the Mac App Store, developers can get a unique Developer ID from Apple and use it to digitally sign their apps. The Developer ID allows Gatekeeper to block apps created by malware developers and verify that apps haven't been tampered with since they were signed. If an app was developed by an unknown developer—one with no Developer ID—or tampered with, Gatekeeper can block the app from being installed.

While Gatekeeper does a good job of stopping malware-infected apps that users have downloaded, it was reported earlier this year that there’s a problem: a signed app could, upon launch, initiate an unsigned program if it resided in the same directory and infect a Mac. Patrick Wardle of Synack informed informed Apple about the problem, and the company released a security update. 

In Sierra, Gatekeeper will offer users just two options: Macs will install software downloaded from the Mac App Store, or applications that have been signed with certificates Apple provides free-of-charge to registered developers. Previously, users could select an "Anywhere" option from the Preferences pane that let them install and run unsigned applications downloaded from outside the Mac App Store. That setting will disappear from macOS Sierra's Preferences.

The ability to accept apps from "Anywhere" hasn't actually been pulled, according to Simon Cooper, an Apple engineering manager, during a session at the Worldwide Developers Conference on Tuesday. An unsigned application downloaded from outside the Mac App Store can still be opened, sidestepping Gatekeeper, using a button that will appear in the Preferences pane, or the other techniques already available, such as right-clicking the app in the Finder and choosing “Open.”