Last Week on my Mac: Silence is not golden

In computer security and updates, silence and stealth are deadly, not golden. It is high time that the major software vendors recognised that, and stopped treating us like fretful children who might get stressed if they knew that their computers had just applied a security update.

Last week provided an excellent example of how Apple’s current policy of pushing silent updates out to Macs not only fails users, but can leave them unintentionally unprotected.

OS X El Capitan and macOS Sierra contain security systems which attempt to prevent, detect, and remove as much malware as possible. These consist of diverse components, such as MRT, the ‘Malware Removal Tool’, a hidden app which looks for signatures and other stigmata of known malware and tries to remove it. There’s also Gatekeeper, a hidden feature which checks downloaded apps and other components, and prevents them from being run unless they are properly signed. There’s even a kernel extension which silently prevents blacklisted kernel extensions from loading, as they could be malicious or cause damage.

When you install and update OS X / macOS, you don’t get any options as to whether those hidden security components come with it: they do. We then presume that they continue to work correctly, and that Apple keeps them up to date.

Those are significant presumptions: that they continue working correctly, and are kept up to date. Because they are hidden and silent, at least until they detect a problem, if something were to happen to stop their normal function, we are very unlikely to know about it. There’s no pane in System Preferences to show you that all your security systems are up and running. You just have to take it on trust.

The even bigger presumption is that these security components are using the latest data files, as promulgated by Apple. Look in the App Store pane and you’ll see there’s an item which should be checked, to ensure that “system data files and security updates” are downloaded and installed automatically.

Presuming that never gets turned off, there are still situations in which a user can lose all recent updates to the data files on which their security systems rely. The most common occurs after applying a Combo update, or reverting to an older release of OS X / macOS. Unless you then force your Mac to call for updates released since those which applied at the time of that update, it can be many hours or even days before that occurs in the normal course of events.

What is more, you won’t normally know whether or when those updates have been installed. Just as Apple doesn’t push you a notification that security updates have just been installed when they’re promulgated silently, you get no notification when they are installed extraordinarily.

The case in point last week has been the fresh discovery of malware which seems to have been afflicting Macs for some years: Fruitfly, or OSX.Backdoor.Quimitchin. In this particular instance, infection remains very unlikely, as this appears to have been spread to only a small number of targeted systems.

But last week, Apple pushed out silent updates to the data files used by El Capitan and Sierra’s security systems, including MRT. Apple doesn’t tell anyone this, but I keep a lookout and announce these updates here. Some of the updates contain readable information which lets me inform you of what has changed, but MRT uses a database which I cannot access, preventing us from knowing that the update did.

So, after these updates last week, do you think or know that your Mac is protected against Fruitfly/Quimitchin? Or might Apple address that in the next silent update, which you are also not supposed to know about?

The prudent user who understands security issues can only presume that their Mac is not so protected. So, far from reassuring users, silent updates like this cast doubt not confidence. If Apple were to inform us of the security updates – as it does of other updates which address security vulnerabilities and other bugs – then we might be able to put real trust in systems which are actually both powerful and effective.

Why doesn’t Apple (and others) treat us like adults, and ensure we are kept fully informed? It has nothing to lose, and a lot of user confidence and respect to gain.