Gatekeeper

From Free Knowledge Base- The DUCK Project: information for everyone
Revision as of 13:59, 24 November 2020 by Littleguy (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Gatekeeper is a security feature of the macOS operating system that enforces code signing and verifies downloaded applications before allowing them to run, thereby reducing the likelihood of inadvertently executing malware. Installing software applications on Mac is easy when using the Apple App Store. Installing software applications from other sources is never easy and will be blocked when you try to install from a downloaded installer file. They are blocked by a specific security feature which is called Gatekeeper.

System Extension Blocked

By default, when macOS is installed, Gatekeeper is set to allow software from the App Store only.

To Bypass

In the security & privacy panel of System Preferences, the user has three options:

  • Mac App Store - Allows only applications downloaded from the Mac App Store to be launched.
  • Mac App Store and identified developers - Allows applications downloaded from the Mac App Store and applications signed by certified Apple developers to be launched. This is the default setting since Mountain Lion.
  • Anywhere - Allows all applications to be launched. This effectively turns Gatekeeper off. This is the default setting in Lion. Since macOS Sierra, this option is hidden by default.

Another option

You can bypass Gatekeeper restrictions by control-clicking the application and selecting Open from the pop-up menu. A new alert warns you the software is unverified by Apple and may contain malicious software, but you can still choose to Open it anyway.

More Background

Apple first introduced Gatekeeper in 2012, as part of OS X Mountain Lion. It works by scanning software that you download from outside of Apple’s Mac App Store to check if they’ve been “code-signed,” a process that verifies whether software comes from the developer it claims to, and that it hasn’t been tampered with. Gatekeeper also maintains a blacklist of known malware, to flag problematic downloads before you open them.

Gatekeeper doesn’t treat all files equally in that it considers applications coming from external drives, or shared over a network, as safe, thus introducing a security hole. macOS 10.14.5 is still fully vulnerable to this security flaw that has working exploits. An attacker can use a network share to install malware without the user even knowing it happened.

If a user is tricked into mounting a network share that isn't legitimate, with a share folder containing something like a file with another part of the vulnerability code, the system will be infected. All the user has to do is be tricked into mounting the network share, unzip a file and click the link.

Bring Back the "Allow apps downloaded from: Anywhere" Option:

Normally when you go to "System Preferences -> Security & Privacy" in the General tab for "Allow apps downloaded from" you only have two options: Mac App Store and Mac App Store and identified developers. There used to be a third option, as mentioned above which read "Anywhere" however is now gone after a Catalina security update. You can restore the third option by using the following command in an Administrator user console aka terminal window:

 sudo spctl --master-disable

Using this option will effectively disable gatekeeper in a general sense.