Deconfusing the term permissions from security controls and privacy protection. While permissions are set in a file’s attributes, privacy is controlled through elaborate rules.
SIP
How to check secure boot, SIP, Gatekeeper/XProtect, its SSV, FileVault, macOS and its firmware, and XProtect Remediator scans.
XProtect, XProtect Remediator, XProtect Behaviour Service, kernel extension excludes, incompatible apps, and some historical remnants, including a database that’s downloaded then vanishes.
It provided 3 protections when introduced in El Capitan in 2015, and has now grown extensively to cover NVRAM, kernel boot arguments, authentication of root, and even malware scans.
Permissions, ACLs, TCC’s privacy controls, SIP and app sandboxes. What they are, and how you can control them to access and maintain your files.
Essential details of each of the three types of XProtect data files, how they’re updated, how to update them, and more. Covers new XProtect in macOS 15.x.
App launch security is built in multiple layers, and not all check are run on every launch of an app. Syspolicy plays a key role, CDHashes are now central, and XProtect scans can make checks on large apps slow.
Three malicious apps – Atomic Stealer, Genieo and XCSSET – against macOS 14.6.1, with full security, SIP disabled, and Gatekeeper disabled.
If you thought spctl disabled Gatekeeper assessments, and disabling SIP had little effect, then you might like to think again.
Details of security checks including Gatekeeper, XProtect and notarization, performed when launching an app in full security.
The Eclectic Light Company 