Every time I update an app I have to be told I downloaded it from the Internet and do I trust it. Can this app look on the local network?
Constantly being nagged to the point I don't even check/care anymore.
Exactly what Vista used to do.
This isn't what Vista "used to do". Vista had a single elevation popup dialog / shatter attack prevention screen. Any request that required elevation required this popup.
macOS has not only elevation requests but entitlements. Using the local network is an entitlement. What macOS gets very wrong is any denied entitlements will re-prompt next time you perform that action with the app, which may simply be starting the app. It also does one entitlement at a time, i.e. if you have an app that requires screen sharing and camera, you'll get the first entitlement, restart app, go to do action you wanted again, second entitlement.
Both OSes have MoTW, but Apple goes beyond with the notarization warning/block.
macOS users are going to suffer from prompt fatigue. And the /r/macos "secure cus UNIX!" will be wrong on two points.
Technically you're right. From an end-user standpoint, it's irrelevant. Apple's mock vista ad applies just as well to Ventura: they're all annoying and a security theater if the user is just told to input admin password into any random popup.
Quick clarification on terminology. From a developer perspective, entitlements a static dictionary (or a collection of key-value pairs) attached to the app at code-signing time. The entitlements you mentioned don't "entitle" the app to access resources, as user consent is still required.
FWIW, Vista's level of prompts is the only way to run UAC in any kind of secure fashion. The configuration that has been the default since Windows 7 makes it trivial for a low-privilege application to gain UAC privileges.
Microsoft doesn't regard UAC as a security boundary if you're logged in as an admin (https://learn.microsoft.com/en-us/previous-versions/tn-archi...). You can use UAC as one as part of a defence-in-depth approach by logging in as a non-administrator user (like everyone tells you to do but nobody wants to do) and entering a password for every prompt, but for that to work well you'd need to make sure to turn UAC prompts back to max (read: Vista level or worse). I don't think I'd set up a system like that without a fingerprint reader or Windows Hello facial recognition camera, because typing out the password that often is just a massive pain.
Windows, as configured by default, barely runs any downloaded files. You can pay hundreds of euros for a certificate, sign your installer, and still have users get told off by SmartScreen for daring to open an executable file. I don't think Apple's notarization has done anything useful so far, but their security prompts are a lot less scary than Windows'. I think it's a matter of time before unsigned Windows executables with the MotW simply won't open by default like those on macOS.
The local network popup thing is too overdone in my opinion. However, I do think it is a good choice (in some respects) for Apple to have the "this is a program downloaded from the Internet", even if it can be annoying. It might also be a push to get developers to publish on the App Store (where Apple can be more sure (hopefully) that the apps are safe).
It's a double-edged sword in my opinion. I think it's good that the OS is looking out for the user in a lot of cases. I also understand how it can give the users pop-up fatigue.
> It might also be a push to get developers to publish on the App Store (where Apple can be more sure (hopefully) that the apps are safe).
Apps on macOS need to be signed and notarised. Apple has the exact same capability to scan for malicious behaviour and revoke your keys regardless of how you publish. We all know the real reason they want to push apps towards the app store.
"This is a program downloaded from the internet" isn't a push to the app store. It predates the Mac App Store, iirc.
It's another quick security hack (as they often are in any OS). Many years ago someone noticed that apps can pick any icon they want. And, therefore, if you could convince a browser to download a file to ~/Downloads (not hard), the user might look inside and find what appears to be a harmless JPEG or Word document, double click it and are immediately pwnd because back then there was no app sandboxing of any kind, no SIP etc. macOS in that era was a conventional desktop UNIX.
So the quick hack - make apps that download things mark files with extended attributes, and if the Finder sees that, it pops up the warning and then removes them. Now the user realizes (maybe) that the document-looking-thing was actually an app.
That's a fair point. But did Mac have the same issue as Windows where file extensions were not shown by default? That feels like it would have been the core issue.
There is a "show all file name extensions" option in Finder, but I don't recall if it's on by default or not as I haven't had to set up a fresh macOS install in a while and I've always had it turned on.
But, macOS isn't like Windows - the file extension doesn't matter. I can have a "file.txt" but it's actually a .xlsx excel workbook, and Excel will open it just fine (albeit, with a warning that the file extension doesn't match but that's dependent on the application presenting a warning). Windows actually uses the file extension to determine the type, macOS (and other *nixes) don't, they'll use some other file metadata. You can put whatever extension you want on a file, it doesn't matter except for determining what default app will attempt to open it when double clicking it in Finder.
> It might also be a push to get developers to publish on the App Store (where Apple can be more sure (hopefully) that the apps are safe).
This is exploitation of developers, plain and simple. Apple should secure their runtime, not roleplay as a software rent-a-cop that manually (and fallibly) inspects submissions. The App Store is a blatant moneymaking racket, on mobile and desktop alike. "Security" is a fig leaf for the perverse incentive Apple has to corral developers under their thumb.
I think entitlements are the correct direction to move in. I don't like Apple's implementation. But it gives us that fine-grained control of what an app can and cannot do with things outside of the app's "bubble" (or sandbox). We need Discretionary Access Control.
And to NSO Group's delight, they don't review SMS messages or Safari contents either. The "curated security" shtick is a lie, it does not protect anyone and doesn't function reliably in the first place. Both targeted malware and generic scams are rampant and unrestrained on iOS. Many of them are promoted as iPhone Search Ads, or suggested Siri results.
The knock-on effects it has are even worse. By relying on this game of shuffling private entitlements around, Apple has less incentive to actually review what developers are doing with them. Look at the Uber iPhone app's screenrecord permissions, or when TikTok stole iOS clipboards.
Apple uses "secure" review as an excuse to not review apps or secure their runtime.
Apple's review sucks but you are very confused about your "takedown" of their security practices. It's not meant to protect against everything. Even well-made security boundaries can fail against sophisticated attackers, or be too onerous against generic malware.
Honestly, I think you have a fair point there. I personally don't believe that any system could be 100% secure. But I do think there is a point to be made on the efficacy of securing the runtime compared to individual app inspection.
In macOS 15, there is no GUI bypass. Right click -> Open no longer works. xattr is "the way". I'm sure someone has probably created an Automation or something for it.
There's a small section in System Settings that they don't really tell you about that pops up when the OS blocks a file from opening. You can then override the block there. Yes, it's extremely annoying.
> where Apple can be more sure (hopefully) that the apps are safe
Ha, they'd love to capture the 30% Apple tax on macOS too, I'm sure.
I don't think the mark-of-the-web feature is bad, but I am particularly annoyed that I have to open the system settings app to open an application.
Honestly, when I first tried modern macOS, I was surprised how bad the popups and warnings were. This is exactly what Apple (rightfully) made fun of when Vista came around. I've caught myself mindlessly approving prompts because there are so many of them and most of them don't make much sense at all ("do you want to allow iTerm access to your downloads" after I've explicitly dragged the thing to the special "developer tools" setting? what the heck?).
Slight tangent: Apple TV constantly has MLS (major league soccer) and Apple TV+ in the left-side pop up Home menu, taking up real-estate for something I will never access. So annoying.
Why, as someone from England — with arguably the best football league in the world — would I want to watch American Soccer? I don’t even watch the English league.
The menu is:
———————
* Search
* Home
* Apple TV+
* MLS
* Store
* Library
———————
Title: Channels & Apps
* This is where all the channels I have actually opted for live — separate from the Apple products that I don’t want
———————
Both Apple TV+ and MLS should not be on that menu permanently. And it should be possible to turn them off.
> Why, as someone from England — with arguably the best football league in the world — would I want to watch American Soccer? I don’t even watch the English league.
So you're the type that doesn't watch the Special Olympics I take it? MLS is the geriatric retirement league for super star players, or the not quite good enough to play in the other leagues league. One season, I tried to get into MLS. At one point I tried using a stop watch to clock how much time the ball was out of play in MLS compared to "real" leagues, and it was close to 20% which is not far away from amateur kids level of play.
I don't blame you for not liking the MLS branding. However, I'm guessing they paid a couple of shiny coins for that privilege, so they're naturally going to try to do anything to recoup that money
I don’t watch football at all. If it’s not cricket… well it ain’t cricket!
But even if it was a channel dedicated to test cricket (the greatest sport in the history of sport), I would still resent the foisting. These are clearly anti-competitive practices and that always leads to worse products eventually.
Speaking of installed-by-default, it's even more stupid that you can't even uninstall apps like Photos. Supposedly it's 'required for your Mac to function.' I'm sorry, I do not have a need for a photo library on a computer used exclusively to write software.
> Apple Music is just an advertisement by default and "conveniently" opens every sound file mimetype
Not only that, but you get the advertisement every time it starts and then it doesn't play the actual file. So unless you join the service the process is: try to open the audio file, close the advert, go back to source, open the file again.
Sometimes I consider looking switching back to MacOS (left because OS X 10.7 was becoming too much like iOS and I don't like the idea of apps having to be signed and/or in an app store) and holy shit I am glad I left.
I did Linux for a bit, but I was really impressed with Windows 10 once I disabled all the junk. Good window management, WSL is fantastic, I really like a few windows-specific utilities, and programs. I like having the Adobe suite + a nix env.
That being said, Windows 11 is making me consider jumping back to Linux, along with me being increasingly annoyed by Adobe.
For development work, I honestly prefer Windows. At least WSL knows what you want to do and gets out of the way. Comparatively, making a "correct" shell on MacOS often entails QEMU and local NAS, alt-tabbing between that and your native terminal for version control. Or you build your server software to be MacOS-native for debugging and port it to Linux later like a neanderthal.
Just... no. MacOS looks pretty but the workflow is uglier than Satan's taint. I don't get paid to work around Apple's dysfunction.
> iCloud nags never go away if you don't log into iCloud
I don't get people who buy macs and refuse to login to iCloud.
You don't have to use iCloud for storage or anything else, all that can be disabled in settings.
The biggest benefit of logging into iCloud is protection if your device gets stolen. It means the thiefs can't just wipe and resell your device. It means you can track and remote-wipe it in Find My.
I hear you, but 10y of MacOS usage habit will make that to you, it's easier for me to work around MacOS quirks and Apple's authoritarianism than it is to try and get a Linux distro I like to work perfectly for me for more than 6 months, or worse, go back to win
