Gatekeeper in Principle

Gatekeeper is a program designed to continuously monitor the operation of your Macintosh, watching for operations that are commonly carried out by viruses as they attempt to spread. When Gatekeeper detects an infection attempt it will automatically stop the attempt, almost before it's started.

This type of monitoring and protection is possible because viruses generally depend on a small group of operations which they use in somewhat unusual ways. Of course, if detecting virus operations was really as straightforward as all that, everyone would be doing it. The fact is there's a catch. Not a big one, but a catch just the same:

Some perfectly normal programs carry out some of the same basic operations that viruses do. (For very different reasons, of course.)

Gatekeeper deals with these "false-alarms" by allowing you to tell it what virus-like operations any given program should be allowed to carry out. You tell Gatekeeper just once, then forget about it - everything's automatic from then on.

Gatekeeper restricts two basic classes of operations:

  1. Operations on information about files that contain programs. These are known as "File" operations.

  2. Operations on the components of programs stored within files. These are known as "Resource" (usually abbreviated as just "Res") operations.

Within each class of operation there are three variants:

  1. The file being operated on is the file containing the currently running program, i.e. the program is operating on itself. This is known as an operation of type "Self."

  2. The file being operated on is the System file. This is known as an operation of type "System" (usually abbreviated as "Sys").

  3. The file being operated on is some other file, i.e. the program isn't operating on itself (case 1) and it isn't operating on the System file (case 2), either. This is known as an operation of type "Other."

With these two basic classes of virus operations, each of which has three variants, we get a total of six separate operations for which Gatekeeper has to watch.

If this doesn't mean anything to you, don't worry. It's helpful to understand what these different operations do, but it's certainly not required. Just understand that there are two classes of operations monitored by Gatekeeper, "File" and "Res," and that there are just three variations within those two classes, "Self," "System" and "Other." You don't have to memorize this, but it's worth being aware of it.