hoakley May 28, 2020 Macs, Technology

Software Update and SilentKnight after Security Update 2020-003

If you’re still running High Sierra or Mojave and have installed the latest Security Update 2020-003, you’ll have had bit of a shock. One of its carefully hidden changes is that Software Update can’t now forget that Catalina has been released, and keeps reminding you to install it.

The problem has been explained in detail by Jeff Johnson: the command that many users had run to tell softwareupdate to ignore the Catalina update is now “deprecated”. Translated into plain English, Apple has stopped you from turning its red badge off.

Jeff explains that you can still use the commands in Terminal, first telling softwareupdate to ignore Catalina, then making that stick by deleting the LatestMajorOSSeenByUserBundleIdentifier from its preferences. You’ll see a warning about deprecation, but Jeff says that, provided that you don’t open the Software Update pane again, the badge won’t reappear. Perhaps we should have expected that this change would come with a bug, only for once that works in our favour.

The theory then goes that, so long as you only use the softwareupdate command, and not the Software Update pane, the annoying red badge won’t trouble you.

So what does this have to do with my free app SilentKnight?

When you launch SilentKnight, it runs a series of checks on which security data files are installed, checks those versions against those in my GitHub database, checks your firmware, and more, and runs softwareupdate to look for pending security updates. As someone who runs SilentKnight several times a day, I can vouch for the fact that running softwareupdate from within the app does sometimes trigger Software Update to notice a pending update and display the red badge.

If you’re one of the many who is still running High Sierra or Mojave and have this newly crippled version of softwareupdate, running it automatically every time that you open SilentKnight probably isn’t good.

SilentKnight version 1.7 therefore – unlike Apple – gives you the option. It has a new preference, which you can readily change in the app menu or at the command line, which determines whether softwareupdate is run as part of its checks. If you decide not to run that, it makes it clear.

One beneficial side-effect is that you aren’t left waiting for SilentKnight to get the result from that check from Apple’s servers. You will still be alerted to any of the security databases which are out of date, thanks to the checks with my GitHub database.

This highlights an unintended consequence of Apple’s clumsy and ill-thought-out way to try to push more users to upgrade to Catalina: many will now disable updates altogether, or pull other tricks to be rid of this constant nagging. Keeping up to date with security updates and not getting annoyed with Software Update is going to be difficult. That Apple did this as part of one of its most important security updates is telling.

If you’re using SilentKnight on High Sierra or Mojave, more problems come when you discover that you do need to download and install security updates, as Apple may well try to include the Catalina upgrade (or other unwanted updates) with those. Another of my free apps, LockRattler, lets you select exactly which updates you want to download and install. I thought about incorporating that feature into SilentKnight, but decided not to overcomplicate it: if you want to retain full control, then use LockRattler to do the updating.

SilentKnight version 1.7 is now available from here: silentknight17
from Downloads above, from its Product Page, and through its auto-update mechanism – which, unlike Apple’s, you control.

13Comments

Add yours

1

John on May 28, 2020 at 7:29 am

I run Mojave, and System Preferences are easily accessed from the Apple menu, so I don’t keep it in my Dock, and the new issue with the persistent (insistent?) red badge isn’t a bother.

However, I am curious whether the nags to update to Catalina, or other updates, will manfiest themselves in the form of Notification Center popups in the upper right corner of the desktop. Those are much harder to ignore, and frustratingly, must be actively dismissed.

I don’t use Safari, and was bombarded by those notifications daily until I succumbed and allowed the update to v13.x and its gimped extensions framework.

If that now applies to all updates, including Catalina, I will have to think hard about the 003 security update, and the attendant risks of not installing it. I have no intention of updating to Catalina in the near future and would not appreicate being nagged about it daily.

LikeLiked by 1 person
- 2
  
  hoakley on May 28, 2020 at 2:42 pm
  
  I’m sorry, I can’t answer that, as I’m on Catalina here.
  Perhaps someone else running Mojave who has applied this security update, please?
  Howard.
  
  LikeLike
3

cade on May 29, 2020 at 2:53 am

Howard: I just ran the Security Updates 2020-003 for Mojave via Silent Knight, then used SK also to install the XProtect and MRT updates. They were required in that sequence, didn’t happen together, XP/MRT were still showing as needed after the security updates installed, then restarted. Then ran SK again.

I also don’t plan to upgrade to Catalina anytime soon as everything’s basically ok on Mojave for me on late 2015 iMac turbo ssd/hd combo — except everything seems to be even worse as memory hogs (I has mostly happy w/ High Sierra too).

Anyway, I’m not quite sure if this is what John is asking but yes, I had a bunch of finder > top right hand notifications per usual for the sites I’ve allowed to push to me (it’s a love hate thing probably based on FOMO) but I also know I can completely disable them individually under Safari preferences > Websites > Notifications — which I do from time to time when they start getting on my nerves, as they inevitably do.

AND I know I can completely disable by various means, including totally for Safari under System Preferences > Notifications > Safari or any other app.

And if the OP wants to turn on Do Not Disturb from 11:59pm to 11:58pm or something like that to basically disable them as a shortcut, I think that’s one of the workarounds I’ve seen?

Hope I understood the question correctly. And thank you again for the first site I visit if something goes awry or to check whether to update sooner or wait awhile, and to journey amongst all the beautiful art.

Cheers!

(note to Howard: sometimes I forget I have to restart to actually implement/finalize the updates — would it be possible to add a note at the end of SK results that the Mac must be restarted for the full installs to be recognized by SK and the the system? for some of us getting up there in years — thanks!)

LikeLiked by 1 person
- 4
  
  hoakley on May 29, 2020 at 7:10 am
  
  Thank you.
  It’s actually not clear whether you do need to restart after installing these security updates. XProtect takes immediate effect, and no restart has ever been necessary. Although MRT used to require a restart for it to perform fresh scans, recent installers have resulted in those scans taking place without a restart.
  You certainly don’t need to restart to implement or finalise the updates: updating is completed when they’re installed.
  Howard.
  
  LikeLike
  - 5
    
    cade on May 29, 2020 at 9:13 am
    
    Thanks for that Howard — I always thought I had to restart for it to register or show as updated. Cheers!
    
    LikeLiked by 1 person
6

cade on May 29, 2020 at 2:55 am

and oh yeah, I don’t see any nags about upgrading to Catalina in the right corner notifications — only on red badge on sys prefs and in that panel.

LikeLiked by 1 person
7

almeath on May 30, 2020 at 7:06 am

I am using Mojave on a 2019 iMac. When I untick “Check Updates” and close SilentKnight, the next time I start the app it still checks for updates and says “finding available software .. no new updates available”. When I check the SilentKnight menu, I see that “Check Updates” has become automatically ticked again. So I cannot stop the app from checking for updates automatically.

LikeLiked by 1 person
- 8
  
  hoakley on May 30, 2020 at 7:26 am
  
  I think the preferences file has become damaged. Try setting the preference in Terminal, or discarding the preferences file altogether.
  Howard
  
  LikeLike
  - 9
    
    almeath on May 30, 2020 at 2:51 pm
    
    I tried deleting the preferences file, but no change. I also deleted SilentKnight using AppCleaner and then downloading a fresh copy. Unfortunately, every time I restart the app it forgets that I previously selected don’t check for updates.
    
    LikeLiked by 1 person
    - 10
      
      hoakley on May 30, 2020 at 3:11 pm
      
      Thank you.
      Deleting the app won’t do anything: this setting is stored in its preferences file. Have you tried setting it from Terminal, please? I suspect that you may have a permissions problem which is causing this, as it does so often with non-sticky preference settings, but the Terminal command could work around that.
      Howard.
      
      LikeLike
11

almeath on May 30, 2020 at 11:27 pm

Thanks, setting the preference via the terminal did work successfully.

LikeLiked by 1 person
- 12
  
  hoakley on May 31, 2020 at 7:51 am
  
  Hurrah!
  I suspect that you may have a permissions problem somewhere there, but I’m delighted that it worked in the end.
  Howard.
  
  LikeLike
13

Steve on May 31, 2020 at 9:29 am

Like John, the badge doesn’t bother me and I don’t keep System Preferences in the Dock. If it does bother you run this command to temporarily kill the badge (and leave the automatic checks unticked).

defaults write com.apple.systempreferences AttentionPrefBundleIDs 0; killall Dock

If you want to check for updates run Software Update again. The badge will come back. Just run the command again.

Meantime use Howard’s great apps SilentKnight or better LockRattler.

LikeLiked by 1 person

·Comments are closed.

Share this:

Like this:

Related