Software Update and SilentKnight after Security Update 2020-003

If you’re still running High Sierra or Mojave and have installed the latest Security Update 2020-003, you’ll have had bit of a shock. One of its carefully hidden changes is that Software Update can’t now forget that Catalina has been released, and keeps reminding you to install it.

The problem has been explained in detail by Jeff Johnson: the command that many users had run to tell softwareupdate to ignore the Catalina update is now “deprecated”. Translated into plain English, Apple has stopped you from turning its red badge off.

Jeff explains that you can still use the commands in Terminal, first telling softwareupdate to ignore Catalina, then making that stick by deleting the LatestMajorOSSeenByUserBundleIdentifier from its preferences. You’ll see a warning about deprecation, but Jeff says that, provided that you don’t open the Software Update pane again, the badge won’t reappear. Perhaps we should have expected that this change would come with a bug, only for once that works in our favour.

The theory then goes that, so long as you only use the softwareupdate command, and not the Software Update pane, the annoying red badge won’t trouble you.

So what does this have to do with my free app SilentKnight?

When you launch SilentKnight, it runs a series of checks on which security data files are installed, checks those versions against those in my GitHub database, checks your firmware, and more, and runs softwareupdate to look for pending security updates. As someone who runs SilentKnight several times a day, I can vouch for the fact that running softwareupdate from within the app does sometimes trigger Software Update to notice a pending update and display the red badge.

If you’re one of the many who is still running High Sierra or Mojave and have this newly crippled version of softwareupdate, running it automatically every time that you open SilentKnight probably isn’t good.

SilentKnight version 1.7 therefore – unlike Apple – gives you the option. It has a new preference, which you can readily change in the app menu or at the command line, which determines whether softwareupdate is run as part of its checks. If you decide not to run that, it makes it clear.


One beneficial side-effect is that you aren’t left waiting for SilentKnight to get the result from that check from Apple’s servers. You will still be alerted to any of the security databases which are out of date, thanks to the checks with my GitHub database.

This highlights an unintended consequence of Apple’s clumsy and ill-thought-out way to try to push more users to upgrade to Catalina: many will now disable updates altogether, or pull other tricks to be rid of this constant nagging. Keeping up to date with security updates and not getting annoyed with Software Update is going to be difficult. That Apple did this as part of one of its most important security updates is telling.

If you’re using SilentKnight on High Sierra or Mojave, more problems come when you discover that you do need to download and install security updates, as Apple may well try to include the Catalina upgrade (or other unwanted updates) with those. Another of my free apps, LockRattler, lets you select exactly which updates you want to download and install. I thought about incorporating that feature into SilentKnight, but decided not to overcomplicate it: if you want to retain full control, then use LockRattler to do the updating.

SilentKnight version 1.7 is now available from here: silentknight17
from Downloads above, from its Product Page, and through its auto-update mechanism – which, unlike Apple’s, you control.