570: Mac Security

1 Like

Do any of you know how to stop getting the “Relocated Items”? Because I just end up having to send those to the Trash all the time

Relocated items or Recovered items? I find a recovered items folder in the trash when my Mac wasn’t shut down properly.

Same here. It is really annoying (it appears to be full of folders with screenshots in them that I have taken during the session).

I always put my 16" MacBook Pro to sleep. Is that the issue?

Dunno. Catalina and Big Sur introduced a lot of changes that I’m still getting used to.

I am going to go on a rant here

I completely disagree with most of this episode.

There are good reasons to be logged in as gust for example you can’t use sodo.

App permissions- why should there even have to sign anything? If everything was open source and compiled by yourself you would know exactly what you’re putting on your system(I don’t necessarily think everyone can do this but open source it’s still good enough) but because of proprietary apps you have no idea. These permissions can help but you still have to trust the developer not to do anything malicious with the access they have.

Hardening the system- Being able to remotely kill apps is a ridiculous premise granted they haven’t used it that much what stopping someone from hacking into Apple and killing all the apps. What about killing an app it doesn’t find politically correct? This also could mean that they could kill all the apps on your system (based off your iCloud account) and make the mac useless. And apparently they can send commands to the Mac what is stopping them from pushing down a update that makes the FileVault password 111 or something similar.

Not being able to change config files means if you wanted to disable the external GPU it would not be as simple. This also means you can’t have full access to your system. (or change it so Apple‘s apps can’t bypass a VPN)

Windows and macOS or both horribly insecure because they don’t have as many eyes on them as they would Linux (and some bsds) this is why Lenix had specter and meltdown patches before windows and MacOS.

And there’s no such thing as privacy threw obscurity. Although it may seem like windows a macOS are the biggest operating systems 99% of all servers run Linux so if you could Break Linux you could have in much more money on your hands.

Hardware security- it is cool what Apple can deal with the T2 chip but if your hard drive dies you can’t easily replace the SSD. And if your laptop is on your decryption key is in ram so it cannot be secure(I know there is a command to not stored there were some thing but how can you trust it with a software update change that without your knowledge) this is more privacy with the arm chips how do you know there is not some thing Like the Intel management engine spying on everything you do.

Best practices- how can you trust something like lastpass they are proprietary and on the cloud.


After listening to the episode I almost posted how great I thought it was. I had some different thoughts but didn’t think them worth mentioning.

You are absolutely entitled to your opinion. Here’s one from someone who started earning a living with computers in '91. The same year Linus Torvalds began working on his little project that was “just a hobby, won’t be big”.

I’ve always believed most people shouldn’t run as an admin. In their guide to hardening a Mac, released in 2010, the NSA said users should never surf or read email while logged in as an admin. I agree. Some users may be expert enough to run as admin but the vast majority of computer users aren’t. If they don’t cause security problems most will eventually install enough crap on their machines to adversely effect the performance. But if it’s their computer and they are on their home network it’s their call.

OTOH, I had to clean up the mess my users were constantly creating until Windows 2000 and OSX came along. By then I was in a position to set policy and most of those kind of problems disappeared with the introduction of non-Admin accounts. YMMV

I’m a fan of Open Source software, I built and deployed a number of Linux servers. There are over 20 million lines of code in the Linux kernel alone and even Linux Torvalds admits that he doesn’t understand everything about it anymore. It takes a full time team to deal with just the kernel and there are millions of other open source projects, most of which that I seriously doubt have more than one person looking at the code. I started off with CPM and DOS and later worked on Windows and Mac, VMS, OS400, and several variants of Unix/Linux. All had their good points and all gave me massive headaches at one time or another.

As far the way Apple is locking down macOS, I agree, many of the changes are making life more difficult. And there is nothing we can do about it except complain. IMO, Macs have “evolved” from traditional computers to appliances that are difficult or impossible to repair. I suspect the resale value of Macbooks will eventually become like that of a used iPad - very little once the battery starts giving out. Just another of life’s little disappointments.

We’ve got a good bunch here and I’m glad you joined us. I suspect you will help keep things interesting. :slight_smile:


I have no idea what’s in there when I compile something. As of today, GIMP has 826,464 lines of code.I am not going to review it. Not even a single one.

The point is: 90+% of users have no idea how to compile software. And often enough it’s more complicated that just starting XCode and clicking on “compile”. So it makes sense to provide binaries and to avoid wonky sources, which are a major security issue, code signing makes sense. We still have the option to run unsigned code, so no big deal.

I don’t get it… :slightly_frowning_face:

Good podcast and I learned a lot, especially about the under-the-hood things, like the T2 chip. Since I’ve upgraded to Catalina recently, I’ve been collecting some of those scary notifications that the hosts mentioned. Some are over the top, and even keeping your brain engaged, as the hosts recommend, does not always help, as in this one: Installer.app wants access to control “SystemUIServer.app. Allowing control will provide access to documents and data in SystemUIServer.app”, and to perform actions within that app. Don’t remember what that was for, but my brain couldn’t help.

1 Like

Go for the Pro Display XDR @MacSparky!

My only gripe with FileVault (and I put up with it anyway) is that 3rd party Bluetooth keyboards won’t let you enter your password to decrypt the drive. I have to dig out the USB cable for my Keychron every time I have to reboot.

1 Like

It’s not just FileVault that doesn’t like Bluetooth, I frequently have problems using startup key combinations. So I keep an old a1242 wired keyboard permanently attached to my mini.

This isn’t true. There’s a famous paper in Computer Science that talks about this very scenario: Reflections on Trusting Trust.

Ken Thompson was one of the original authors of UNIX. He could log in to any UNIX system for years after he stopped working on it without a password. Why? He put a backdoor in the compiler that was used to compile the login program.

The bottom line is, unless you want to write your own code and design/manufacture your own hardware, you’re going to have to trust somebody somewhere.

I liked the episode. It was common sense, highly effective suggestions for normal (not even really Power) users.


Awesome! I was just about to post a link to that paper here too! :smiley:

Just listening to this podcast and checked out the part about File Valut encryption and a recovery key. Listing to the podcast made me think I needed a key to print out etc. However there are now to options.

  1. iCloud
  2. Recovery Key

I am happy using my iCloud account and had to do this recently when I tried to do a migration assistant between 2 Macs, some how it reset my local account password but not my disk password (how that happens I have no idea).

I waited too long after listening to the episode before posting this, and now I forget what I was going to say.

I remember thinking that it felt like a good overview, but for power users, there were some things missing. The one that I can still remember is that there are bunch of security issues/warning regularly discussed at Objective-See. Patrick (who runs the site) is the only person that I know of who is talking about Mac security at this level.

I also think that MalwareBytes wasn’t mentioned. I wouldn’t leave the “real-time scanning” on, but it’s a good tool if you need to run a spot check.

I’ll also remind folks who care about serious Mac/iOS news that Michael Tsai’s Blog is the best place that I know of to keep track of what are the truly important stories, including things that Mac/iOS developers are talking about on Twitter.

1 Like

Is this because of the resources it uses or some other reason?

Indeed. The CPU/memory resources it uses occasionally spike and sometimes even stay at levels so high that made it almost as bad as if you had malware installed. When I sorted Activity Window by CPU usage, MalwareBytes was always near the top.

The threat of malware on the Mac is “possible, but unlikely” which leads me to decide that running any sort of real-time checking software is not helpful.

Now what is helpful are things like KnockKnock and BlockBlock which are described thusly:

Malware installs itself persistently, to ensure it is automatically executed each time a computer is restarted. KnockKnock uncovers persistently installed software in order to generically reveal such malware.

Malware installs itself persistently to ensure it’s automatically (re)executed.
BlockBlock monitors common persistence locations and alerts whenever a persistent component is added.

KnockKnock is something you run periodically to see what is setup to launch on login.

BlockBlock does real-time checking, but it’s only monitoring some folders and services, so it’s not very resource intensive at all.

1 Like

Who’s there?

1 Like