The app that won’t go into quarantine

How an obscure ACL can prevent a quarantine flag from being attached to an internet download: demonstration and explanation.

What is macOS Ventura doing tracking provenance?

How the new tracking extended attribute is attached to apps, how it’s recorded in a security database, and how it’s checked. But for what purpose?

Using a Mac without a network connection

New version of ViableS runs in a sandbox, with no shared folders, and can now be isolated from networks. So how well does Ventura work without internet?

Ventura has changed app quarantine with a new xattr

Ventura introduces a new extended attribute com.apple.provenance, used to mark successful clearance of quarantine. It’s protected by SIP too.

Last Week on My Mac: the trouble with better security

How macOS security can have excellent tools and defences, but fail to inform the user of the detection of malicious software.

Can you rely on macOS Ventura for malware protection?

Samples of four malicious software downloaded and run on macOS 13.1. Could it detect and block them effectively? Or do you need 3rd party protection?

From resource forks to quarantine, ResEdit to Gatekeeper

ResEdit changed what was in the resource fork. With Mac OS X, Apple moved away from forks to extended attributes, now used for quarantine flags and more.

App first run, quarantine and translocation

There’s more to the quarantine flag, as it’s not binary on/off, and app translocation can trap even notarized applications if you don’t move them right.

Don’t run that app where it landed: how translocation can cause crashes

You unarchive a freshly downloaded app and try to give it a test run. It immediately crashes. Here’s one common reason, and how to solve it very simply.

Explainer: Quarantine

Quarantine flags first appeared in 2007. This explains how they work, what they do, and the differences between app and document quarantine.