>Of course if Apple’s ultimate goal is simply to continue to wrestle control of the system away from it users, under the guise of ‘security’, I’m not sure any of this even matters
I disagree with this conclusion. All of these features are turnoffable by booting into the recovery system which is available on all macs.
So people who want or need to constantly run unsigned code and load unsigned kernel extensions, they certainly can.
But people who can live with the system protected binaries in the state the Apple shipped them (which is probably the majority of the users) can relax, knowing that (minus issues like the one reported here) malware will have a much harder time to run, much less hide itself.
As long as I can right-click and "open" any binary and as long as I know that I can load unsigned kexts if I really need do, I really don't see a huge issue with this.
Since when did anyone who wanted control of the system use a Mac? Their entire history has been about limiting control. That was always their advantage - for consistent design, easy to use, security, etc. Those are good things people want. Hackers have Linux.
That the user can turn off these features by booting into safe mode is beside the point...users can't be expected to do that when installing an app.
Imagine the drop-off rate in your funnel if one of your steps was "boot into safe mode and run these special commands to turn off SIP". Apps that need kernel extensions are rare, but the ones that do aren't just niche developer apps. The office worker running VMWare Fusion to run an old Windows program or any Dropbox user with the Smart Sync feature are all semi-technical audiences that need kernel extensions for their programs to work.
IMHO, the end game for this is that Apple will continue to lock down what apps can do until they have the same level of control on Mac that they do on iOS.
[+] [-] pilif|8 years ago|reply
I disagree with this conclusion. All of these features are turnoffable by booting into the recovery system which is available on all macs.
So people who want or need to constantly run unsigned code and load unsigned kernel extensions, they certainly can.
But people who can live with the system protected binaries in the state the Apple shipped them (which is probably the majority of the users) can relax, knowing that (minus issues like the one reported here) malware will have a much harder time to run, much less hide itself.
As long as I can right-click and "open" any binary and as long as I know that I can load unsigned kexts if I really need do, I really don't see a huge issue with this.
[+] [-] tinus_hn|8 years ago|reply
[+] [-] averagewall|8 years ago|reply
[+] [-] varenc|8 years ago|reply
Imagine the drop-off rate in your funnel if one of your steps was "boot into safe mode and run these special commands to turn off SIP". Apps that need kernel extensions are rare, but the ones that do aren't just niche developer apps. The office worker running VMWare Fusion to run an old Windows program or any Dropbox user with the Smart Sync feature are all semi-technical audiences that need kernel extensions for their programs to work.
IMHO, the end game for this is that Apple will continue to lock down what apps can do until they have the same level of control on Mac that they do on iOS.
[+] [-] jsjohnst|8 years ago|reply
> can’t release technical details at this time
Then what was the point of the very long post? To grandstand?
[+] [-] yAak|8 years ago|reply
[+] [-] yifanlu|8 years ago|reply
[+] [-] teilo|8 years ago|reply