How does Gatekeeper work?

[Catlord]

Good day everyone!

I've got a question regarding Gatekeeper.

If an app was developed by an unknown developer—one with no Developer ID—or tampered with, Gatekeeper can block the app from being installed.
https://support.apple.com/et-ee/HT202491

I get this is when you download the app from Internet. But let's say I transer files from CD, DVD or external hard drive - will Gatekeeper notify me if there is something that wants to activate and run?

Scenario 1) There is app on external hard drive, CD: if it lacks Apple ID, will Gatekeeper ask if I want to run it?

Scenario 2) There is hidden malicious program on external hard drive, CD: will Gatekeeper ask if I want to run it?

Or will Gatekeeper only keep eye on things downloaded from Internet?

 

[KALLT]

Gatekeeper only checks files that have a special attribute that is added when a file is downloaded. For example, Safari adds this. If the file was originally downloaded by such an application, chances are that the attribute is still there. However, there is no guarantee. Not all applications add it and it may be lost when stored on external mediums, e.g. If it came from another operating system or the file system does not support extended attributes.

 

[Catlord]

Gatekeeper only checks files that have a special attribute that is added when a file is downloaded. For example, Safari adds this. If the file was originally downloaded by such an application, chances are that the attribute is still there. However, there is no guarantee. Not all applications add it and it may be lost when stored on external mediums, e.g. If it came from another operating system or the file system does not support extended attributes.

Thank you for quick answer!
So Gatekeeper's defense only works when using files downloaded by Safari?
I downloaded GIMP image editor using Firefox once and it did complain that it lack Apple ID - so does it mean those downloaded by Firefox also count?


And anything from external HDDs and CDs will never trigger Gatekeeper?

 

[KALLT]

The mainstream browsers all add it. Some torrent programs as well, such as Transmission.

For external drives, I would use caution, unless you downloaded the files yourself and use preferably an HFS+ file system.

 

[Catlord]

The mainstream browsers all add it. Some torrent programs as well, such as Transmission.

For external drives, I would use caution, unless you downloaded the files yourself and use preferably an HFS+ file system.

That's good to know about mainstream browsers. If I am, one questions about external disks - CDs bought from shops, that contain older apps that are nowhere else to get - official installation CDs, those are reliable? Or has there been any news about shop bought CDs containing malicious software?

 

[KALLT]

That's good to know about mainstream browsers. If I am, one questions about external disks - CDs bought from shops, that contain older apps that are nowhere else to get - official installation CDs, those are reliable? Or has there been any news about shop bought CDs containing malicious software?

I am not the right person to ask, but I think that this is very unlikely. Gatekeeper itself is mostly a measure of trust. If you don’t trust the vendor, then you should not be opening it in the first place. Gatekeeper is basically just a mechanism that checks whether the file you downloaded has been signed by an Apple-certified developer and the code and contents have not been tampered with after signing. It is basically just there to make sure that the vendor can guarantee to you that the copy has not been altered during transport (i.e. download). Apple does keep a blacklist of some malicious software and also uses Gatekeeper to reference this blacklist, but that’s about it. You will probably be fine.