1 Reply
      Latest reply on Jun 11, 2019 10:42 AM by Get My Mac On
      rtrouton Level 1 Level 1 (0 points)

        Defense in Depth

        Gatekeeper

        User privacy protection

         

         

        Defense in Depth:

         

        macOS is designed with layers of security

         

        One layer failing doesn't defeat all security

         

        Rely on multiple layers:

        - Delay the advance of an attack

        - Reduce attack surface

        - Trap attackers

         

         

        Gatekeeper works with user privacy protection

         

        - If something gets past Gatekeeper, user privacy protections may block malicious software  from accessing user data.

         

         

        What does Gatekeeper check?

        - Malicious content scan

        - Signature validation - has it been tampered with?

        - Does it meet the Mac's security policy? (MAS only, MAS and Developer ID, None)

        - Does the user want to run it? (Ask the user if they want to run it.)

         

         

        When does Gatekeeper check on Mojave?

         

        - First launch of quarantined content

         

         

        Quarantine

         

        - Marks files that arrive on the system from a variety of external sources

        - Adds metadata about the external source (like web address, etc.)

        - Apps can opt-in to quarantining files

        - Default for files written by sandboxed apps

         

         

        On Mojave 10.14.5:

        Local policy check was updated to include checking for notarization

         

         

        On macOS Catalina:

         

         

        Local policy check: All new software requires notarization.

        First launch prompt: User must approve software in bundles

         

        Non-quarantined software:

         

        All software (quarantined and non-quarantined) gets the malicious content scan.

         

         

        Note: Apple's position is that you can always choose to run any software on your system. Apple will provide tools and methods to enable software to run.

         

         

        Goal:

         

         

        Make macOS as secure as iOS, while preserving macOS's flexibility.

         

        Platform security is reliant on validity of code signatures.

        In a future version of macOS, unsigned code will not run by default.

         

         

        For developers:

         

         

        Sign and notarize all software you distribute

        - Even if it doesn't get quarantined

        Don't modify signed applications or bundles

        Loading code can fail

        - Ensure your apps handle failure gracefully

         

         

         

         

        User privacy protections

         

        Recording capabilities

        Files and folders

        Automation

         

         

        Recording capabilities:

         

        Users have to consent to:

         

         

        On Mojave:

         

        Camera

        Microphone

         

        On Catalina:

         

        Camera

        Microphone

        Screen recording

        Keyboard input monitoring

         

         

        Keyboard input monitoring:

         

        No approval necessary to monitor events for own app.

        Monitoring all keyboard events requires user approval.

         

         

        Files and folders protection:

         

        - Data that requires user consent to access

        - Private data which is managed by the system.

         

        New protected areas in Catalina:

         

         

        Desktop

        Documents

        Downloads

        iCloud Drive

        Third-party cloud storage (Dropbox, OneDrive, Box, etc.)

        Removable volumes

        Network volumes

         

        User consent is not required to create new files in protected locations. Only reading data from protected locations.

         

        Open and save dialog panels are now hosted out of process.

        Files can be checked to see if they're readable / writable without triggering consent dialogs.

         

         

        Private data managed by the system:

         

        Mojave:

         

         

        Mail

        Messages

        Safari browsing history

        HTTP cookies

        Call History

        iTunes backups

        Time Machine backups

         

        In Catalina:

         

        Mail

        Messages

        Safari browsing history

        HTTP cookies

        Call History

        iTunes backups

        Time Machine backups

        Trash

         

         

        Do not need Full Disk Access to move a file to the Trash

        Just need authorization to the file being moved.

        Caller retains access to the file, even once it's in the Trash.

         

         

        Automation authorization:

         

         

        Synthetic input events

        - Governs ability to synthesize mouse clicks or keyboard presses

        - Important to prevent malware from clicking through security consent dialogs.

         

        Privacy preferences in macOS are being expanded to support a number of new privacy keys, including:

         

         

        File Provider Presence

        Listen Event

        Media Library

        Screen Capture

        Speech Recognition

        System Policy Desktop Folder

        System Policy Documents Folder

        System Policy Downloads Folder

        System Policy Network Volumes

        System Policy Removable Volumes