Although Apple is only just about to enforce it fully, notarization brings another important security measure: as of next month (February), all apps which are freshly notarized are also required to be hardened, which brings with it additional protections when the app is running. They include a deep signature check and assessment of that app’s notarization, both of which will normally involve macOS – not the app – checking the app’s credentials with Apple’s servers. In Catalina, ‘first run’ checks are even more extensive. This is to prevent a malware behaviour known as ‘repackaging’, and has been judged an effective measure by many Mac security experts outside Apple. With Sierra, it introduced app translocation (officially known as Gatekeeper Path Randomisation), which in certain circumstances means that the first run of a freshly downloaded app occurs from a special temporary location. In essence, when these users tried to open one of my apps as a new install or update, Little Snitch was blocking the app by preventing it from completing its ‘first run’ checks.Īpple has progressively increased the extent and depth of these ‘first run’ checks on apps which are downloaded to your Mac from all software suppliers apart from Apple and its App Store, to make them more comprehensively protective. In most cases – and these are now the most frequent cause of support problems here – these Macs are running Little Snitch, the excellent software firewall which is intended to prevent unwanted software and malware from ‘phoning home’. This all arose with several who, in trying to use my free apps, found that they couldn’t open them successfully on their Macs. Without your being fully aware of what you’re doing. In fact, if those added security measures aren’t carefully thought out, they can lead you to behave recklessly, and effectively disable the primary defences in macOS. Last week I learned that, in some circumstances, it doesn’t. You’d think that adding more security measures to your Mac would make it more secure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |