Apple Sandboxes the Mac App Store

On Friday, June 1st, Apple officially began requiring all apps sold in the Mac App Store must be sandboxed. What does this mean, and how will it affect you and your apps?

Sandboxing gets its name from kids playing in a sandbox. When a kid plays in a sandbox, the idea is that all of the play happens in the sandbox. The kids enter the sandbox to play and don’t leave the sandbox until they are done playing. No toys or sand enter or leave the sandbox. In reality the allusion has some flaws, but I think you get the idea.

Apple has required that any apps sold in its Mac App Store do a very similar thing. A developer codes their app to create a sandbox when launched. This prevents the apps from accessing unnecessary resources, such as critical system files, documents, contact info, etc. This will prevent apps from unnecessarily grabbing private info, as well as potentially breaking the Mac OS. This should mean apps in the Mac App Store have a higher level of privacy and more security because of the limited access to the system.

App makers will also be able to add entitlements if they need to access something out of the ordinary. This means apps that need to scan through system files to find something or access your webcam, have to have the entitlement written in and approved by Apple.

For users, this only means added security. Users will not see much difference between how their apps worked before sandboxing was required and how they will work in the future. By limiting what an app can and cannot have access to, one app crashing will limit the potential damage to other apps running. Troubleshooting may also be easier. Things like caches and preference folders will be kept in “containers” only pertaining to a specific app, making it easier to clean these out should any trouble arise.

There are some limitations to be noted however. Users may see a rise in the number of dialogue boxes asking for permission to access other apps because of sandboxing. Grant Cowie speaking to Macworld notes that many apps currently have the ability to send files directly into other apps. He uses the example of his own program “MoneyWorks” being able to send a spreadsheet to be directly opened in Microsoft Excel or iWork’s Numbers. Now, users will have to close MoneyWorks and then manually open the file in Numbers or Excel. Image editing programs will likely feel the same crunch. Some people have already reported bugs in apps like Apple’s Preview, which has already been sandboxed, that prevent it from sending a PDF straight to Mail or print. Many of these bugs will be phased out in the next couple of months.

Some developers have taken to selling the “full versions” of apps on their websites, or allow users to upgrade from within the app to add these features. ClamXAV, a popular, free, and open source antivirus for Mac (my review of it here), is not allowed to use the Sentry program, which scans incoming and created files as they are written to the hard drive, if downloaded from the Mac App Store. If you want that feature, you must download the full version from the ClamXAV website. We can expect to see more of this in the future.

Many developers hope to see looser restrictions and guidelines for sandboxing in the future, fearing potential lost revenue in the Mac App Store (for both them and Apple), as well as less powerful apps available.

There are still many apps not sold or available in the Mac App Store.  Tools like Firefox, Google Chrome, Microsoft Office, Steam, Onyx, and more still publish their products outside of the Mac App Store for various reasons. These programs will not be directly affected by the rules of sandboxing because the rules don’t apply to them. Apps sold in the Mac App Store that use these apps may see restrictions, such as the previously mentioned MoneyWorks example, but apps sold outside of the store should still function as they have.

Sandboxing will make apps more secure and most users should not notice many differences before the sandboxing implementation and after it. Developers will have to implement some features in new ways to meet the new standards, or remove some features entirely, while power users may notice a change in their workflow. Whether Apple will ease these restrictions or not has yet to be seen. If you have any questions, comments, or suggestions about this or any other topic, leave a comment below or email me at You can also check me out on Facebook, Twitter, and YouTube by hitting the buttons on the top of your screen. And check out my Google Plus. Thanks!

App of the Week: ClamXav

I am a fan of open-source, no doubt about it.  Part of it is certainly that open-source stuff tends to be free (LibreOffice, Firefox, just to name a couple), but it also helps bring people together.  Open-source is almost inherently a community activity.  It also means anyone who knows any code can generally take open source software and change it to their needs, so long as they give at least some reference to the original code.  And open-source also tends to lead to innovation.  I see all of these things and plenty of security in ClamXav.

ClamXav is an open source antivirus for Mac.  ClamXav is based on the popular Clamav, a commonly used, open source antivirus on Linux, as well as Windows.  ClamXav takes that engine and lets it run on OSX (hence the X in ClamXav).  But Clamav has traditionally been run as a command line program, simply meaning there’s no easy buttons to push.  ClamXav not only adds an easy user interface, but also has a sentry feature that actively watches your files for any suspicious activity.  The interface is

ClamXav's main screen

really simple, with big buttons labeled for starting and stopping scans, updating the definitions, and preferences.  There’s also a list of quick folders to scan, though you can always set up other scans, even your whole hard drive.  The preferences are also fairly easy to go through and set up, setting up simple tasks like what to do if the app detects a virus, email alerts, scheduling scans, etc.  The app also allows more advanced users to perform tasks like running other command line utilities, install their own antivirus engine, etc.

Performing a scan tells you in real-time any malware it finds, gives them to you in a list, and can be immediately moved to quarantine for review or deleted.  One confusing thing about the scan is that it tells you how many types of viruses the app can detect, but at first glance this almost looks like how many viruses you have on the system, which is simply not true.

One of the big things I like about ClamXav is the fact that it can not only detect Mac malware, but also Windows malware.  You might wonder why this a big deal; Windows code won’t run on Mac, so Windows viruses won’t affect that Mac OS.  The main reason having an antivirus that scans for Mac and Windows malware on the Mac is to prevent what is called the “downstream effect”.  If a Mac gets a Windows virus, the virus can’t do anything because neither the Mac nor Windows understands what the other is (it’s like two people having a conversation in two different languages, or trying to build something when you can’t read the instructions).  However, the virus could be transferred accidentally from Mac to a Windows computer via an email, a bad link, a flash drive, etc.  And if you have friends and family that use Windows…i think you get the idea.  While this means that ClamXav takes longer to scan your hard drive than if it only searched for Mac malware, I think it’s a worthy trade.

All this being said, there are a couple of things to note.  First, the version in the Mac App Store is different from that being offered on ClamXav’s website.  The main differences are that the Mac App Store version does not allow for user virus engines, but more importantly it does not come bundled with Sentry.  Sentry basically is the active scanner that comes with the normal version of ClamXav, and scans your files as they come in, much like any other antivirus would.  There are other problems however; ClamXav tends to be especially heavy when scanning your hard drive, and tends to noticeably take a few hours.  If you run this scan, it’s generally easier just to let the scan run while you leave your Mac to do something else.  Another problem is ClamXav tends to have a few false positives when scanning.  Almost anytime when I scan, a scholarship website email that I use is constantly flagged as a trojan horse.  This seems like something that needs to be fixed.  The only other problem is that when app is done scanning, it tells you the viruses found, and the number of viruses it can scan for.  These are both good, but when you are doing a quick look over, seeing the “viruses scanned” and a number in the tens of thousands is a little disconcerting until you read the fine print.  It would be better if the program could make this a little more clear.

All in all, ClamXav is still a good antivirus, especially for those who are diehard open-source fans.  I would recommend getting ClamXav from the official site, rather than the Mac App Store.  It is available for free either way, though a donation is requested.  If you have any questions, comments, or suggestions about this or any other topic, leave a comment below or email me at  You can also check me out on Facebook, Twitter, and YouTube by hitting the buttons on the top of your screen.  You can also check out my Google Plus Page.  Thanks!

App of the Week: Growl

Growl is different from almost all of the other apps I’ve reviewed; whereas most of these apps tend to run alone, Growl is an app that runs because of other programs.  Some of you may even have Growl already installed on your Mac and not even realize it.

Growl is a notification system for Mac, and almost every major app supports it in some way, from browsers, to media apps, Twitter apps, and more.  Growl support is so ubiquitous in Mac apps, that it’s almost hard to find an app that doesn’t support it (if you exclude apps meant to run in the background).  So, let’s say you have a Twitter app open, but you’re writing a paper in another app.  When you get a new tweet, a small little window will pop up with the tweet and either the app name or the name of the person tweeting.  If I have Rockmelt running, Rockmelt will notify me that it just updated in the background and needs to be restarted.

Growl installs a Preference pane under System Preferences, as well as an optional menubar icon.  From there, you can customize the style of Growl’s notifications,

Screenshot of Growl's preference pane.

(e.g. change it from a small window in the corner, to a large news-ticker style bar at the bottom of the screen, etc.) as well as what apps Growl can run with, and how long each notification stays on-screen.  Growl doesn’t use up your system resources, though occasionally I notice hang-ups when certain apps are about to post to Growl.  This might be the fault of the apps’ implementation of Growl rather than Growl itself.

While Growl runs on almost any app you can download, you have to get separate plugins if you want it to work with Apple Mail, Safari, or iTunes since Apple doesn’t make its apps support Growl by default.  You can also download a plugin for Growl to run when you plug in or have any hardware changes made to your Mac.  It is important to note, however, that GrowlMail and GrowlTunes development (Growl for Apple Mail and iTunes respectively) have been given to another developer to work on.

Growl is a free download though from, while instructions for installing GrowlSafari and HardwareGrowler can be found at  As for GrowlMail and GrowlTunes, check them out at

UPDATE: As of Growl 1.3, you can buy it from the Mac App Store for $1.99.  While I’m sad it’s no longer free, I think it’s worth the price.

If you have any suggestions for apps to review, or just want to speak your mind, comment below, send an email to, or hit up the Facebook, Twitter, and/or YouTube pages by hitting their logos at the top of the page (you can find quick tips there that I don’t always post to the blog).  Thanks!

Games4Mac: N.O.V.A. 2

Normally, I prefer to do Games4Mac posts as videos, primarily because you can see some real gameplay for yourself and get a better idea of what the graphics are like.  Unfortunately, after watching some of the footage I took of this game, it just seemed to laggy to make a decent video, so you’ll just have to take my word from writing and pictures.

One of my favorite first-person shooters (FPS) has to be Halo. I won’t deny it one bit, but I love playing Halo (at least the ones Bungie made, but I won’t judge any future versions of Halo until I see them).  That’s also why one of my first Games4Mac posts was the Halo CE demo.  The sad part about the demo, as I found out when getting ready for Lion, is that it is a PowerPC app.  This means that it won’t run on any Mac that runs OSX Lion or later.  I still love playing shooters though, and I had some money left over on my iTunes card after buying Lion, so I went searching through the Mac App Store.  Sure there was Call of Duty, and Bioshock, and a bunch of other big name games, and most of them are really great games.  But I wanted to try something different, so I bought a copy of N.O.V.A. 2 from the Mac App Store.

N.O.V.A 2 (which is short for Near Orbital Vanguard Alliance) is the sequel to the hit iOS game N.O.V.A., and takes place 6 years after the events of the original game.  For the record, I haven’t played the original, so I’m learning as I go along through the game.

N.O.V.A. 2 title screen (property of Gameloft)

You play as Kal Warden, a soldier of the Near Earth Orbital Vanguard, who has come back into the line of duty in order to fight the new Alliance, a Human-Volterite (the aliens) government that promises utopia via advanced technology.  SPOILER: They really don’t want that utopia.  Overall, a lot of the aspects of the game are a lot like Halo, which is reportedly their inspiration; you play a strong but snarky hero, you have a helpful female AI in you suit, you have to deal with a giant, ancient doomsday weapon.  Get the picture?

You have a wide variety of guns from pistols, to rocket launchers, lasers, and more, which you carry with you at all times.  This seems a little bit old hat now compared to the current 2 or 3 gun model most shooters have, requiring you to pick your weapons wisely.  It doesn’t detract from the game’s overall play value though.  The game also has a variety of terrains to play from including jungle, city streets, snowy mountains, and more.  You can go from running across a terrain, to falling from the sky, and riding a hoverbike through the city streets.  Vehicles rides are scripted and on the rails (meaning you don’t completely control where you drive), but all the vehicles are in first person, which I like if the game is trying to maintain some level of immersion.  The cutscenes, however, do seem a little over animated and detract somewhat from the immersion of the game.  They make up for it by helping push the story further and making it more interesting.

The game is pretty fun to play and plays fairly smooth on my 13 inch Macbook Pro (4 gigs of RAM, 2.26 Ghz Intel Core 2 Duo).  I did notice a noticeable freeze when the game approaches a save point or before a cutscene, which is something I expect from older shooter.

On the rails vehicle riding, but there's nothing like running over the guy shooting at you. (Property of Gameloft, used from iTunes)

Furthermore, the graphics seem rather blocky for running on a modern system, especially comparing what we see in the title screen and animation.  To be fair though, this game was originally an iOS game, which means the expectations for graphics are a little lower compared to PC or console gaming.  While it isn’t hard to notice, I can’t say that it hurts the gameplay value.

And if you get tired of playing through the campaign, there’s always multiplayer.  You can play either locally with people on your network, or with other people online.  In order to play online, you have to create a free Gameloft account.  However, that means you get to play online for other Gameloft games, like Starfront: Collision, Modern Combat: Domination, and more.  The online community is rather small, and is very fast paced on relatively small levels.

Overall, it does seem a little dated in terms of features and graphics, but is nonetheless a fun shooter alternative at a relatively cheap price.  N.O.V.A. 2 is available in the Mac App Store and the iOS App Store for $6.99 and runs on iOS 3.1.3 or higher, or Mac OSX 10.6.6 or higher.  However, Mac users should take note that the game is currently not supported for Intel integrated graphics or ATI Radeon graphics.

Have a comment to make, or a game to review?  Comment below or send an email to  And don’t forget to follow me on Twitter @EasyOSX, and checkout the new Facebook Fan page.  Thanks!

All 5 iLife apps have been updated

iPhoto, iMovie, and Garageband ’11, as well as iWeb 3 and iDVD 7 (both iLife ’09 and ’11 apps) have been updated today.  They are relatively minor updates, so I won’t go over them.  iDVD and iWeb will update through Software Update.  iPhoto, iMovie, and Garageband will need to update through the Mac App Store if you bought them there, but will update through Software Update if you bought it elsewhere (like on the physical discs).