Gatekeeper uses certificates to ensure software that a user installs on their Mac was created by an identified developer in good standing. Apple can revoke a certificate from a developer who is creating harmful software, conducting financial fraud, theft or who is in violation of the terms of their developer licenses.

Setting Gatekeeper to "Mac APP Store" is the best solution for a majority of users and enterprises.

"Mac App Store" provides the best level of protection from malicious applications including malware and trojans. The reasons why the everyday and enterprise users should set Gatekeeper to "Mac APP Store" include:

• You cannot install any software that is download from the web thus you are controlling the source of your software.
• Users will need to go looking for malicious applications within the APP Store rather then stumbling on to it.
• Apple can pull certificates and Applications which are malicious thus preventing them from running.
• Apple reviews APPs within the Mac APP Store which is better then not doing code review on open source software independently.
• Enterprise users can deploy APP's via their APP Store and easily implement coded signing.
• Droppers, Decoys and a host of primitive malware and trojans created by criminals will not work with "APP Store Set."
• Administrators can get greater control over users activities. 
• Similar controls have been extremely successful in iOS without any lost of productivity.
• Users remains productive and safe without loss of resources. 

To set Gatekeeper to APP Store is very straight forward. 

1. Select  > System Preferences.
2. Select "Security and Privacy."
3. Select "General" from the Tab View.
4. Set Allow Applications downloaded from "Mac App Store."
5. "Lock to Prevent further changes."
6. Select "Show All" or close Security & Privacy Window.

In addition to Gatekeeper you can also set Safari to not "Open Safe Files..." See TIPS FOR SAFE SAFARI BROWSING

Additional Gatekeeper Settings Explained

Unfortunately various software and plugins including Flash are not distributed via the Mac APP Store. When you need to install an application or plugin not in the Mac APP store you will need to change Gatekeeper to "Mac App Store and Identified Developers." While you can use a keyboard command we do not recommend using the keyboard option for general users. 

Before installing any software you should confirm that the source is trusted. Once the installation is complete set Gatekeeper back to "Mac App Store."

To Install Software from Identified Developers such as Adobe and Microsoft

1. Select  > System Preferences.
2. Select "Security and Privacy."
3. Select "General" from the Tab View.
4. Set Allow Applications downloaded from "Mac App Store and Identified Developers."
5. Install the Package from "Identified Developers."
6. Set Allow Applications downloaded from "Mac App Store."
7. "Lock to Prevent further changes."
8. Select "Show All" or close Security & Privacy Window.
   

Never Set Gatekeeper to Anywhere.

Gatekeeper is only one of the methods you can use to protect Mac OSX from malicious software from running. Setting to "APP Store" provides the highest level of protection. 

Setting Administrator Settings

In addition to setting Gatekeeper to Mac APP Store only turn on Require an administrator password to access system-wide preferences. This added level of protection ensures that a PASSWORD is required to make any changes to System Wide Preferences via the Command line or GUI.