Though Apple has long prided itself on the Mac’s safety record, recent events such as the Flashback Trojan horse have proven that the company can’t take the security of its operating systems for granted. And the security upgrades in Mountain Lion make it clear that Apple isn’t.
The marquee new security feature in Mountain Lion is Gatekeeper—but you won’t find a new pane for it in System Preferences. Instead, you open up the General tab in the Security & Privacy preference pane and (after providing your administrator credentials) set the Allow Applications Downloaded From option. That single setting is the front-end for Gatekeeper.
You have three options there: You can choose to run only those apps that were downloaded from the Mac App Store, apps from the Mac App Store and identified developers, or apps from anywhere.
The first and last options are straightforward: The first limits your Mac to running apps from the Mac App Store; the last places no limitations on the apps your Mac can run. The middle option merits explanation: Any developer can register with Apple to get a unique certificate with which to cryptographically sign its apps. Thanks to such signatures, your Mac can know which developer is behind a given app. It can also tell if a signed app has been tampered with. If a signed app is found to behave maliciously, Apple can revoke its developer’s certificate. That would cause a warning to appear before users could install the app.
Gatekeeper works its protective magic only the first time you launch an app. So if you upgrade to Mountain Lion and choose the Mac App Store–only Gatekeeper setting, you can still freely launch apps that came from elsewhere, if you ever ran them in the past.
Most Mac users have already encountered messages similar to the ones Gatekeeper will pop up: In previous incarnations of OS X, your Mac asked you to confirm your intentions when you first launched any app downloaded from the Internet. With Gatekeeper, the warnings are new, but the general experience is the same.
Should you come across an app that your Gatekeeper settings prevent from launching, you needn’t dive into System Preferences to fix things. Instead, Control-click (or right-click) on the icon of the app you’re attempting to run, and choose Open from the contextual menu that appears. You’ll see a variant of the warning dialog box; this one adds an option to go ahead and launch the app despite Gatekeeper’s grave concerns. Once you’ve done that, you can launch the app normally from then on.
In addition to Gatekeeper, Mountain Lion leverages a variety of other technologies to help keep your Mac secure.
Most significantly, Mountain Lion expands on Lion’s requirement that apps be "sandboxed". Sandboxing requires an app to specifically request what it wants to do with your Mac, rather than having a blanket license to do anything it wants. Sandboxing prevents apps from performing malicious activities upon your Mac and limits the damage security-compromised apps can wreak on your machine. All new Mac App Store apps are sandboxed; in addition, several Apple-provided apps are sandboxed in Mountain Lion,—among them FaceTime, Mail, Reminders, Notes, Game Center, and Safari.
Other new security tools: Mountain Lion uses Kernel Address Space Layout Randomization (ASLR) to make it harder for malicious attackers to exploit low-level system functions on your Mac. If you use FileVault, you can now leverage management updates to the
fdsetup command-line tool, which allows third-party software to control and configure various FileVault features. You can choose which apps to allow or deny location information to within the Security & Privacy preference pane. You also get finer control over which apps can access your location data, contacts, and Twitter credentials.
Finally, Mountain Lion will check for software updates daily. In previous versions of OS X, you could manually configure how often the system would check for updates; the default was once per week. But in Mountain Lion, Software Updates move to the Mac App Store, which can check for updates even when it’s not running. You’ll receive a Notification Center alert whenever new OS X updates are available. So when or if new Mac-focused malware starts to spread and Apple issues a fix, Mac users should at least be aware of the fix’s availability more quickly than they may have been before.