Sneaking past the Gatekeeper

Reader Richard Patterson finds his way blocked when trying to launch a favorite application. He writes:

I have been using the Onyx utility for years to tweak the Mac OS. I recently upgraded to Mountain Lion and downloaded a compatible version of Onyx. While I was able to download it I'm told that I can't open it because I didn't get it from the Mac App Store. What's going on?

Though you're unaware of it, you've just shaken hands with Mountain Lion's Gatekeeper feature. It works this way:

Gatekeeper is designed to prevent cootie-laden applications from releasing their bothersome payload into your Mac. It does this by offering three levels of protection. The most strict allows you to initially launch only those applications that you've acquired from the Mac App Store. The second level requires that you launch applications from either the Mac App Store or from approved developers. (This second option is the default setting.) And the least restrictive is the ability to launch applications that you've found any old place on the web. Some explanation follows.

First, you'll note that I said launch rather than download. You can download any software you like, regardless of how Gatekeeper is configured. It's when you attempt to launch an application for the first time that Gatekeeper kicks in. Once you have launched that application, it's no longer of interest to Gatekeeper. You've apparently approved that initial launch and so Gatekeeper won't butt in again for that specific application.

Secondly, about those approved developers. Those developing Mac software sold outside the Mac App Store don't have to suffer through an onerous approval process. Rather, to become approved in the eyes of Gatekeeper, developers need to apply to Apple for a Developer ID and then code-sign their applications. Doing so identifies the application to Gateway so that it doesn't throw up the Ixnay sign when you attempt to launch it for the first time.

For reasons best known to him, Onyx developer appears to not be interested in getting Apple's blessing. And that means that unless you have Gatekeeper configured correctly you won't be able to launch it without knowing a trick I'll reveal shortly.

To configure Gatekeeper to allow these kinds of applications, launch System Preference, select the Security & Privacy preference, and click on the General tab if it's not already selected. In the area marked Allow Applications Downloaded From you'll see three choices--Mac App Store, Mac App Store and Identified Developers, and Anywhere. Click the Lock icon, enter an administrator's user name and password, click Unlock, and change that setting to Anywhere. Onyx will now launch without complaint.

But what a bother to dash between the application you want to launch and the Security & Privacy pane. Unless you always want to open applications from anywhere, don't bother making this kind of trip. Instead, Control-click on the application you want to launch and select Open from the contextual menu that appears. A different dialog box will appear that includes an Open button. Click Open and Onyx launches, never to bother you again with these kinds of messages.

Join the CSO newsletter!

Error: Please check your email address.

Tags OS X Mountain LionApplesecurityMountain Lion

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Christopher Breen

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts