Gatekeeper

Gatekeeper works its protective magic only the first time you launch an app. So if you upgrade to Mountain Lion and choose the Mac App Store–only Gatekeeper setting, you can still freely launch apps that came from elsewhere, if you ever ran them in the past.

Most Mac users have already encountered messages similar to the ones Gatekeeper will pop up: In previous incarnations of OS X, your Mac asked you to confirm your intentions when you first launched any app downloaded from the Internet. With Gatekeeper, the warnings are new, but the general experience is the same.


Gatekeeper gives you three levels of security: run only those apps downloaded from the Mac App Store; run apps from the Store and specific developers; and run any app at all.

Should you come across an app that your Gatekeeper settings prevent from launching, you needn’t dive into System Preferences to fix things. Instead, Control-click (or right-click) on the icon of the app you’re attempting to run, and choose Open from the contextual menu that appears. You’ll see a variant of the warning dialog box; this one adds an option to go ahead and launch the app despite Gatekeeper’s grave concerns. Once you’ve done that, you can launch the app normally from then on.

Other improvements
In addition to Gatekeeper, Mountain Lion leverages a variety of other technologies to help keep your Mac secure.

Most significantly, Mountain Lion expands on Lion’s requirement that apps be "sandboxed". Sandboxing requires an app to specifically request what it wants to do with your Mac, rather than having a blanket license to do anything it wants. Sandboxing prevents apps from performing malicious activities upon your Mac and limits the damage security-compromised apps can wreak on your machine. All new Mac App Store apps are sandboxed; in addition, several Apple-provided apps are sandboxed in Mountain Lion,—among them FaceTime, Mail, Reminders, Notes, Game Center, and Safari.

Other new security tools: Mountain Lion uses Kernel Address Space Layout Randomization (ASLR) to make it harder for malicious attackers to exploit low-level system functions on your Mac. If you use FileVault, you can now leverage management updates to the fdsetup command-line tool, which allows third-party software to control and configure various FileVault features. You can choose which apps to allow or deny location information to within the Security & Privacy preference pane. You also get finer control over which apps can access your location data, contacts, and Twitter credentials.

Finally, Mountain Lion will check for software updates daily. In previous versions of OS X, you could manually configure how often the system would check for updates; the default was once per week. But in Mountain Lion, Software Updates move to the Mac App Store, which can check for updates even when it’s not running. You’ll receive a Notification Center alert whenever new OS X updates are available. So when or if new Mac-focused malware starts to spread and Apple issues a fix, Mac users should at least be aware of the fix’s availability more quickly than they may have been before.