macOS Security Will Never Stop Us From Running Software of Our Choice

2 minute read
| Analysis

There is an emerging notion that as macOS security gets better, it will make the
use of a Mac more burdensome. A WWDC 2019 session affirms that this is false.

Here it is from Session #701, “Advances in macOS Security.”

A promise from WWDC 2019, session 701.

That incorrect notion derives from the suspicion that the user will be confronted with obstacles, limits of use, and onerous messages that would disrupt workflows and make using the Mac less productive and enjoyable in the future.

This is exactly the opposite of Apple’s vision for the future of macOS. As the slide above affirms, in the tradition of the Mac, fully informed users who wish to take responsibility for their choice of software to run will always be able to do so.

What Session #701 reiterates is that Apple’s Security Engineering and Architecture team wants to achieve is better security for those users who aren’t experts and who aren’t familiar with the intricacies of security threats. Those users expect the system to look out for them behind the scenes in intelligent, even proactive ways.

Catalina’s Gatekeeper is smarter, not more burdensome.

Catalina Evolution

A good example is that, in macOS Mojave, Gatekeeper validates apps launched via Launch Services. This check makes sure the app 1) has no malicious content, 2) is (digitally) signed by the developer (and not tampered with), 3) complies with the user policy expressed in the Gatekeeper options, and has been expressly approved for launch by the user.

In macOS Catalina, this protection is extended to ways of loading code not managed by Launch Services. There are few geeky ways that I won’t delve into in this overview.

This planned, elegant escalation of the oversight power of macOS’s Gatekeeper, intended to work behind the scenes, remains transparent to the average user. It allows Apple to size up and react to emerging threats. What it doesn’t do is get in the way of the user’s workflow or constrain the user.

Another enhancement in Catalina is the goal of minimizing user authorization prompts by introducing protections that invoke “User Intent” as opposed to the simpler, more obtrusive “User Consent” actions in Mojave. In other words, the security team is trying to make macOS more proactive instead of reactive by understanding what the user is doing. That’s because too many authorization prompts make macOS feel needy and nagging, and it slows the user down.

These are just a few examples from Session #701 that affirm how Apple is working to make macOS, as it evolves, more secure under the hood without, ultimately obstructing the experienced Mac user from mindfully running software that they deem necessary.

Developer Issues

Of course, what’s often overlooked is that Apple requires developers to play along and update their code in some cases. For example, new apps published after June 1, 2019 must be notarized. Sometimes, developers find that, as macOS security evolves, they must balance their traditional ways of coding with the new security protocols. They sometimes complain about this evolution because, of course, it’s more work.

But we shouldn’t equate this occasional griping with the suspicion of a gradual, wholesale loss of macOS flexibility. Apple works with developers to mitigate the impact of new security policies and thereby retain desired app functionality. I think that ongoing dialog and struggle is what makes some observers believe that macOS will eventually shrivel into a Gordian knot of restrictions and frustration, leaving them no option but to forsake macOS for Linux.

In summary, Apple’s legacy and ongoing plan with macOS is to gradually improve security in smart, effective, transparent ways so that average users can remain confident and unfettered all the while retaining the UNIX underpinnings for power users who have special needs. That’s a laudable, right-headed approach.

4
Leave a Reply

Please Login to comment
2 Comment threads
2 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
4 Comment authors
wab95John MartellaroBregalad Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Member
ToneWilliamsUSA

Quite frankly, I would not be so quick to give Apple a free pass. It has become yet another behemoth corporation driven by shareholder returns. It cares little for its customers any longer but that which will lead to greater profits. While these goals do not have to lead to a decline from excellence, most of the time it does and that is what we are witnessing today with Tim Apple. Steve Jobs, on the other hand, was driven by the pursuit of excellence and understood by giving the customer the very best user experience for a modest premium that… Read more »

wab95
Member
wab95

There was a time when I would have agreed with you regarding the usability of Keychain. I’m not sure when you’ve last used it, or on what device, but in my use case, particularly since Sierra on the MBP, it has been extremely user friendly and most often requiring no more than my fingerprint to open a site. I too use long and difficult passwords that I routinely change, typically the hard passwords recommended by Siri. I have also been struck with how well these port across all my devices. On iOS I now regularly have the option of selecting… Read more »

Bregalad
Member
Bregalad

What if I choose to run something that isn’t notarized? Will there be a way to do that? There is some really good and useful software out there that will never be notarized because it’s no longer supported by the developer. There is some really good and useful software out there that’s open source and the Mac port isn’t signed/notarized/whatever and may never be. Apple has also banned certain types of software and all inter-app communication in the name of security. So no, in Catalina I can’t run whatever I want to.