Recommendations for the ‘standard’ user for security and privacy protection from startup to shutdown. A broad overview of all key systems and how they fit together.
Gatekeeper
In Sequoia, XProtect’s data is now updated in a different way. Does this change its capabilities, though? A quick dip into YARA files has the answer.
Notarization is now obligatory for developers, but at the same time, we’re still able to run our own apps that aren’t notarized. Here’s how that works, and why.
Essential details of each of the three types of XProtect data files, how they’re updated, how to update them, and more. Covers new XProtect in macOS 15.x.
Although we have another month to wait for AI, Sequoia 15.0 has important new features including iPhone Mirroring, the Passwords app, and changes in XProtect.
App launch security is built in multiple layers, and not all check are run on every launch of an app. Syspolicy plays a key role, CDHashes are now central, and XProtect scans can make checks on large apps slow.
Three malicious apps – Atomic Stealer, Genieo and XCSSET – against macOS 14.6.1, with full security, SIP disabled, and Gatekeeper disabled.
If you thought spctl disabled Gatekeeper assessments, and disabling SIP had little effect, then you might like to think again.
Details of security checks including Gatekeeper, XProtect and notarization, performed when launching an app in full security.
How is it going to be harder to run apps that haven’t been notarized in Sequoia, and does it bring any benefit in return for the inconvenience?
The Eclectic Light Company 