How macOS security can have excellent tools and defences, but fail to inform the user of the detection of malicious software.
quarantine
Samples of four malicious software downloaded and run on macOS 13.1. Could it detect and block them effectively? Or do you need 3rd party protection?
ResEdit changed what was in the resource fork. With Mac OS X, Apple moved away from forks to extended attributes, now used for quarantine flags and more.
There’s more to the quarantine flag, as it’s not binary on/off, and app translocation can trap even notarized applications if you don’t move them right.
You unarchive a freshly downloaded app and try to give it a test run. It immediately crashes. Here’s one common reason, and how to solve it very simply.
Quarantine flags first appeared in 2007. This explains how they work, what they do, and the differences between app and document quarantine.
From the start of voluntary code signing in 2007, defences against malware in macOS have changed dramatically. Here’s an overview of what has happened.
Why does it take 2 years to realise that macOS has been checking signing certificate validity online?
If you were to strip unwanted code from a Universal App, would it still pass Big Sur’s strict security checks?
AirDrop is very convenient, but sets the quarantine flag, which can break Apple’s installer apps. Here’s how to remove those flags in a couple of minutes.
The Eclectic Light Company 