Gatekeeper in Principle
Gatekeeper is a program designed to continuously monitor the
operation of your Macintosh, watching for operations that are
commonly carried out by viruses as they attempt to spread. When
Gatekeeper detects an infection attempt it will automatically stop
the attempt, almost before it's started.
This type of monitoring and protection is possible because viruses
generally depend on a small group of operations which they use in
somewhat unusual ways. Of course, if detecting virus operations was
really as straightforward as all that, everyone would be doing it.
The fact is there's a catch. Not a big one, but a catch just the
same:
Some perfectly normal programs carry out some of the same
basic operations that viruses do. (For very different reasons,
of course.)
Gatekeeper deals with these "false-alarms" by allowing you to tell
it what virus-like operations any given program should be allowed
to carry out. You tell Gatekeeper just once, then forget about it -
everything's automatic from then on.
Gatekeeper restricts two basic classes of operations:
- Operations on information about files that contain programs.
These are known as "File" operations.
- Operations on the components of programs stored within files.
These are known as "Resource" (usually abbreviated as just
"Res") operations.
Within each class of operation there are three variants:
- The file being operated on is the file containing the
currently running program, i.e. the program is operating on
itself. This is known as an operation of type "Self."
- The file being operated on is the System file. This is known
as an operation of type "System" (usually abbreviated as
"Sys").
- The file being operated on is some other file, i.e. the
program isn't operating on itself (case 1) and it isn't
operating on the System file (case 2), either. This is known
as an operation of type "Other."
With these two basic classes of virus operations, each of which has
three variants, we get a total of six separate operations for which
Gatekeeper has to watch.
If this doesn't mean anything to you, don't worry. It's helpful to
understand what these different operations do, but it's certainly
not required. Just understand that there are two classes of
operations monitored by Gatekeeper, "File" and "Res," and that
there are just three variations within those two classes, "Self,"
"System" and "Other." You don't have to memorize this, but it's
worth being aware of it.