Right now there is no need to take the option away. You are certainly correct about that.
Microsoft is going to soon start pushing its users to buy from its app store. I can see a future in which only 'trusted' programs can be run on new computers. Trusted here means programs approved by Apple/Microsoft and the national government of the country in which your computer resides.
I don't know how likely this would be but China seems to like to have a lot of control over the computing its citizens do.
I guess I missed your point. In which case it seems you missed my point.
If only approved programs can run on a computer then it is quite easy to disable undesirable programs. There's obviously a kill switch involved. If social unrest gets too great then move Twitter clients to the unapproved list and they all get deleted. This would be a lot easier than installing key loggers and...what? remotely logging into 100 million computers to delete certain programs?
Things like Gatekeeper can in the future be extended and used to exert more control of computing. It may even be a requirement for all manufactured computers as we enter the surveillance state era.
False. It's already been reported that this is not the case. Gatekeeper uses, and clears, the quarantine flag, the thing (which already exists) that throws up the "BLAH is an application downloaded from the Internet. Safari downloaded this file today at 4:30PM" message the FIRST time you open an application. Since after the application is launched, the quarantine flag is cleared, you don't get prompted again, and the blacklist is not checked again either. So, whether it's malware, or some kind of "subversive" app the government wants to suppress, no apps that have previously been opened at least once will ever be prevented from running by Gatekeeper. And nobody ever said anything about deleting anything.
Furthermore, even after a developer key was blacklisted, apps loaded from disks such as CDs or USB drives don't get quarantine flag. Only files that came from the network.
Now that is a deliciously diabolical plot. Infiltrate the hub supplier in Shenzhen, coerce the people that oversee parts deliveries in the appropriate wing of the facilities at Pegatron into not reporting a thing to Apple or other integrator clients, and let the trojan hardware filter into the market. The hubs are inert until they have a driver installed surreptitiously from a compromised copy of Baidu Desktop Search or QQ. No one would be any the wiser.
I'd order a tinfoil hat at this point but I don't know who might have interfered between the aluminum refinery and the sheeting facility.
Yes. Unfortunately control of citizens' computing is one area that China leads in. Other national government appear to be envious of this control seek to emulate it.
If option 3 is removed then how is this so? It's not in Apple's interest right now to do this. In five years? Maybe China decides that in order to get access to its market Option 3 must not be available. Maybe Gatekeeper gets enhanced in the future.
Obviously this is hypothetical but given the trend toward national surveillance is it hard to imagine that this can happen?
I don't see how installing key loggers being easy is germane to whether or not enhancing Gatekeeper to delete unapproved programs is a future possibility.
I read the comment as being, "China's key logging exploits are evidence that it likes to control computing and it will seek to enhance this capability." The trend amongst world governments is to seek greater control of computing. I doubt this is going to stop with key logging software and won't be enhanced.
"The overwhelming majority of their users will never touch it."
Oh Thomas, Thomas, Thomas. You of all people should know the unimaginable power of porn and the incredibly stupid things people do in response to the promised delivery of the same.
"The overwhelming majority of their users will never touch it."
That's unless they want to install any app currently available on the Web that isn't signed. There is a lot of legacy software people keep using, even Mac users. I don't see that setting staying default for very long.
The way I understand it, one can override the setting on a per application basis by control-clicking an app and choosing "Open" _once_. I would hope that would make Apple sign those apps ins some way, bu I do not think they will, as they will not want to store the master key of doing that on the user's disk.
Also, apparently, all applications already installed get this magic applied automatically.
There's no reason you couldn't sign a DVD ripping app; all that code signing will do is ensure that you are who you say you are. Since you don't have to distribute apps through the Mac App Store, you could sign up for a dev account, build your custom app, and distribute it however you want.
For tools like that, this could actually be a big benefit - it lends a sense of credibility. You wouldn't be able to distribute modified (read: backdoored) binaries, and if you did people would know who you were (at least, to some extent, and Apple could revoke your credentials so no one else would inadvertently run your software).
As for pirated software: I haven't seen a lot of actual 'cracks' lately; mostly it seems to be 'put in this serial plus set these hosts entries so it can't phone home' sort of thing. For app-modifying cracks, you'd have to disable this, but I'm not sure how common that is lately.
But one of the things Apple can now do is void you keys and make all the apps on people computer unusable at least as I understand it. So for legally dubious application this wouldn't be such a good idea.
I agree with you: not having the option would be very bad... but it's very unlikely they'll ever take the option away.
Why would they? The overwhelming majority of their users will never touch it.