Up close with Mountain Lion: Security

Though Apple has long prided itself on the Mac's safety record, recent events such as the Flashback Trojan horse have proven that the company can't take the security of its operating systems for granted. And the security upgrades in Mountain Lion make it clear that Apple isn't.

The Gatekeeper

The marquee new security feature in Mountain Lion is Gatekeeper--but you won't find a new pane for it in System Preferences. Instead, you open up the General tab in the Security & Privacy preference pane and (after providing your administrator credentials) set the Allow Applications Downloaded From option. That single setting is the front-end for Gatekeeper.

You have three options there: You can choose to run only those apps that were downloaded from the Mac App Store, apps from the Mac App Store and identified developers, or apps from anywhere.

The first and last options are straightforward: The first limits your Mac to running apps from the Mac App Store; the last places no limitations on the apps your Mac can run. The middle option merits explanation: Any developer can register with Apple to get a unique certificate with which to cryptographically sign its apps. Thanks to such signatures, your Mac can know which developer is behind a given app. It can also tell if a signed app has been tampered with. If a signed app is found to behave maliciously, Apple can revoke its developer's certificate. That would cause a warning to appear before users could install the app.

Gatekeeper works its protective magic only the first time you launch an app. So if you upgrade to Mountain Lion and choose the Mac App Store--only Gatekeeper setting, you can still freely launch apps that came from elsewhere, if you ever ran them in the past.

Most Mac users have already encountered messages similar to the ones Gatekeeper will pop up: In previous incarnations of OS X, your Mac asked you to confirm your intentions when you first launched any app downloaded from the Internet. With Gatekeeper, the warnings are new, but the general experience is the same.

Should you come across an app that your Gatekeeper settings prevent from launching, you needn't dive into System Preferences to fix things. Instead, Control-click (or right-click) on the icon of the app you're attempting to run, and choose Open from the contextual menu that appears. You'll see a variant of the warning dialog box; this one adds an option to go ahead and launch the app despite Gatekeeper's grave concerns. Once you've done that, you can launch the app normally from then on.

Other improvements

In addition to Gatekeeper, Mountain Lion leverages a variety of other technologies to help keep your Mac secure.

Most significantly, Mountain Lion expands on Lion's requirement that apps be "sandboxed". Sandboxing requires an app to specifically request what it wants to do with your Mac, rather than having a blanket license to do anything it wants. Sandboxing prevents apps from performing malicious activities upon your Mac and limits the damage security-compromised apps can wreak on your machine. All new Mac App Store apps are sandboxed; in addition, several Apple-provided apps are sandboxed in Mountain Lion,--among them FaceTime, Mail, Reminders, Notes, Game Center, and Safari.

Other new security tools: Mountain Lion uses Kernel Address Space Layout Randomization (ASLR) to make it harder for malicious attackers to exploit low-level system functions on your Mac. If you use FileVault, you can now leverage management updates to the fdsetup command-line tool, which allows third-party software to control and configure various FileVault features. You can choose which apps to allow or deny location information to within the Security & Privacy preference pane. You also get finer control over which apps can access your location data, contacts, and Twitter credentials.

Finally, Mountain Lion will check for software updates daily. In previous versions of OS X, you could manually configure how often the system would check for updates; the default was once per week. But in Mountain Lion, Software Updates move to the Mac App Store, which can check for updates even when it's not running. You'll receive a Notification Center alert whenever new OS X updates are available. So when or if new Mac-focused malware starts to spread and Apple issues a fix, Mac users should at least be aware of the fix's availability more quickly than they may have been before.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lex Friedman

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts