Since getting my M1 MacBook Air, I’ve wondered whether I should continue to run Rogue Amoeba audio apps. To do so would require me to disable a standard security setting that prevents Rogue Amoeba’s software from running. I trust Rogue Amoeba, so what’s the problem?
This week’s Security Now! show notes for episode 893 (PDF), in the section called “Malicious Kernel Drivers,” covers a security problem in Microsoft Windows that I think sheds some light on the problem.
Windows allows loading of kernel drivers but Microsoft supposedly kept a blacklist of kernel drivers that were vulnerable and should be blocked from being loaded. Their big problem was that they did not keep the blacklist up to date.
I’m unaware that Apple claims to check for or prevent vulnerable kernel drivers from being loaded. With default security settings in place, no kernel driver can be loaded removing the need to handle vulnerable kernel drivers differently.
On an M1 Mac, my understanding is once I select “Reduced Security” to allow Rogue Amoeba’s kernel drivers to load, any other kernel driver also could be installed without further checking. Apple does not attempt to enforce a blacklist of vulnerable kernel drivers.
The “Reduced Security” setting still provides your Mac with powerful security, only allowing operating systems approved by Apple to run.
ACE is a standard audio plug-in, not a kernel extension. However, because it receives enhanced privileges to access your system’s audio, Apple uses their existing kernel extension verification system to allow ACE to load on MacOS 11 and up.
You also have to restart to enable any of these after installing them, so I think the chances of someone deliberately installing a bad kernel extension on your device is sufficiently low enough not to worry about it.
Like I said, I trust the intentions and competency of Rogue Amoeba. It is not their software I consider a threat.
This is a common reply to my concern, and an assessment that each of us is free to make. For me, I ask myself why Apple defaults to blocking all kernel extensions if the threat is not real?
Because there is a subset of Apple customers who are at extremely high risk of focused efforts to target their computers - depending on their occupation, notoriety, countries they travel in, etc. It’s extremely important that Apple build their computers and software to handle that degree of security.
For the other 99.9% of their customers, “reasonable” security efforts are fine.
I’m not sure this is it. If that 0.1% is aware that they’re targets (which is how I read your comment), it would be simple for Apple to offer user settings to provide that level of protections.
Instead, Apple makes it universal.
The people I know who think most about security don’t like the “I’m not a target” argument – it’s a variation on security through obscurity. Putting sensitive material deep in an obscure directory is a great way of protecting it – until someone writes a directory crawler that just traverses all branches.
The point is that a vulnerability is a vulnerability. Just because no one has yet weaponized it, doesn’t mean the threat isn’t real. Just because it takes too much effort to roll out en mass now doesn’t mean that will always be the case. (See: ransomware.)
By the same logic, Apple making it universal does not correlate to Apple considering it an area of acute weakness. It could just be “Most people won’t notice, so why not?”
I would not be swift to blame Rogue Amoeba on this one. There IS a mechanism, it IS sufficiently cumbersome to limit the kernel extensions you’d do the dance for.
It seems to me Rogue Amoeba’s purpose is legitimate and I just wish Mac OS provided a better way for this purpose.
Those people are aware they are targets but they do not necessarily have the technical expertise to set those protections. While scientists working on nuclear technology are likely quite focused on tech specifics of security, young Hollywood actresses may not be readers of MPU but instead simply know that an iPhone with iCloud is a good way to keep personal photos private.
Not only that - of the 99.9% “regular” customers most of them have no reason to turn off selected features such as kernel protection; so it seems reasonable to me to default to max security for all but allow the option to reduce security to “reasonable” instead of max.
I’m going to take this a bit further: Those people are also attacked directly relatively rarely. It happens and it makes it to the news when it does, but those incidents are far and few between when compared with the much, much, much more common method of subverting weaker targets and leveraging trust relationships (technical or personal) into attacks on targets of value. That kind of thing happens all the time and it’s one of the reasons why general security for everyone is so important.
I understand that Rogue Amoeba usage is legit, but also having access to system audio is of course a privacy concern
I believe it is quite baffling that macOS is requesting me to give permissions for stuff like Screen Recording, Full Disk Access, Accessibility issues to the level of becoming a nuisance but does not have a permission for exactly what Rogue Amoeba’s stuff does! Enabling this should be a setting in the Security preference pane (are they called preference panes any more?)
This. Screenflow is allowed to record everything going on on my computer with just some simple security settings. But letting Rogue Amoeba’s apps intercept audio somehow requires more than that?
And don’t get me wrong, I believe that it does. I just think it’s kind of weird that Apple doesn’t have a way to allow it.
Perhaps it’s due to the fact that there are not many apps that do the pretty fancy stuff that Rogue Amoeba does. But then again, maybe there are no apps because you would have to build your own kernel driver and override the default system security settings!
@karlnyhus What were you using Rogue Amoeba’s apps for, and what are you replacing them with? I think I would rather take steps to isolate the recording/editing computer and keep my audio workflows—but I don’t know the alternatives well.
I used their AirFoil app to all my speakers and devices. And their video player (while it existed) to (mostly) eliminate the WiFi delay inherent in Apple’s AirPlay.
At the moment, for music playback, my Mac is jacked into my old stereo system with a pair of speakers in the living room and a pair in the bedroom (where my office is). I still have a single HomePod mini mounted on the wall in a central location for when I want to take the Mac away from my desk.
Edit to add: I also have a WonderBoom bluetooth speaker for playing podcasts around the house from my iPhone. (Exercise equipment is in the basement, for example.)
Edit again: I also have an Apple TV HD that takes care of the video delay that existed with some older AirPlay configurations.
You know, that’s what I probably should do. I could look for an affordable Mac mini and use it as a stationary audio hub. This idea, of course, is not original with me. And I did try it with my collection of old iPads but none of them was satisfactory for the task.
So I bought an inexpensive used Mac mini (late 2014) from OWC / MacSales. Easy setup. Apple offered an upgrade to macOS Monterey which I accepted after seeing youtubers give it a vote of confidence on this generation of the mini. Air Dropped my old iTunes folder and the new Music folder from my M1 MacBook Air to the mini. The Music app looks just the same on both machines. And on the old Intel Mac mini, playlists play all the way through without stalling out (my chief complaint on the M1 MBA). The desktop mini has a wired ethernet connection and is cabled direct to my old stereo. Music plays well again and sounds great! And the Screen Sharing app is giving me everything I need in remote access.
I could look for an affordable Mac mini and use it as a stationary audio hub. This idea, of course, is not original with me. And I did try it with my collection of old iPads but none of them was satisfactory for the task.