{"id":26041,"date":"2019-07-23T16:41:36","date_gmt":"2019-07-23T20:41:36","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=26041"},"modified":"2020-07-03T16:56:29","modified_gmt":"2020-07-03T20:56:29","slug":"annoying-catalina-security-features","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2019\/07\/23\/annoying-catalina-security-features\/","title":{"rendered":"Annoying Catalina Security Features"},"content":{"rendered":"

Jason Snell<\/a>:<\/p>\n

\n

After 24 hours of trying to use Catalina in earnest with all my data and apps intact, the new security features are incredibly annoying. Apps constantly asking for permission to see various folders, lots of relaunches and trips to System Preferences. It’s really unpleasant.<\/p>\n

At WWDC Apple’s presenters said they would not prevent you from running software you wanted to run on your Mac, but these interface choices are disaffecting. It feels like my Mac is fighting my choices every step of the way, and there’s not even a button to turn it all off.<\/p>\n<\/blockquote>\n\n

Erik Schwiebert<\/a>:<\/p>\n

\n

Apple is going to end up learning the lesson Microsoft did with Vista’s UAC prompts. Users end up getting conditioned to blindly click OK because the “security” just gets in their way. It’s a mess.<\/p>\n<\/blockquote>\n\n

Mark Hougaard Jensen<\/a>:<\/p>\n

\n

I, apparently as the only one, think it’s great. I found out for instance that Google’s “backup from this Mac” app wants to log all of my keystrokes. I’d never have known if Catalina didn’t tell me.<\/p>\n<\/blockquote>\n\n

[Update (2019-07-26): I’m not sure what this is referring to, as apps such as TextExpander and Dash that need to monitor which keys you type have long needed to ask for accessibility access. There’s speculation<\/a> that the warning is about registering a global hotkey, in which case it sounds like it’s misleading or was misinterpreted by Jensen.]<\/p>\n\n

Kyle Howells<\/a>:<\/p>\n

\n

They won’t actually prevent you from the running software. They’ll just limit how much they can do and make what they still can do impossibly annoying to use until you voluntarily give up and stop using them.<\/p>\n<\/blockquote>\n\n

Bryan Jones<\/a>:<\/p>\n

\n

Agreed. It also irritates me that GateKeeper is automatically re-enabled periodically.<\/p>\n

I constantly have to turn it off in Terminal just to open a bash script marked as executable in a text editor.<\/p>\n<\/blockquote>\n\n

Brad Brown<\/a>:<\/p>\n

\n

The worst so far for me is that all my QuickLook plugins are blocked, and while permission dialogs are annoying for other things, I can’t even find<\/em> a way to whitelist those plugins anywhere.<\/p>\n<\/blockquote>\n\n

John Gruber<\/a>:<\/p>\n

\n

I sincerely think Apple should add a single “expert mode” preference to OK all of this at once. Maybe even make it something you have to type in Terminal, to discourage looky-loos, but something you only have to do once.<\/p>\n<\/blockquote>\n\n

Peter N Lewis<\/a>:<\/p>\n

\n

I think the security preferences needs to be flipped over, so applications are listed, and then permissions associated with them, with a big red switch at the top for “allow all”.<\/p>\n<\/blockquote>\n\n

Daniel Kennett<\/a>:<\/p>\n

\n

Modern Mac development! \\o\/<\/p>\n<\/blockquote>\n\n

James Thomson<\/a>:<\/p>\n

\n

Honestly, this is all part of my decision not to rewrite DragThing. The writing is on the wall for system level utilities, even if it’s tolerated currently...<\/p>\n<\/blockquote>\n\n

Peter N Lewis<\/a>:<\/p>\n

\n

[It] is clear Apple wants to stop all levels of unapproved workflow apps, despite it being essential both for business and even more so for accessibility assistance.<\/p>\n<\/blockquote>\n\n

Panic<\/a>:<\/p>\n

\n

Transmit 5.5.2, released today, will be the last version to support the current iteration of Transmit Disk. To prepare Transmit 5.6 for Catalina, we must support hardened runtime, which means dropping Transmit Disk and OS X El Capitan (10.11).<\/p>\n<\/blockquote>\n\n

Wil Shipley<\/a>:<\/p>\n

\n

App sandboxing has set app development back more than anything else. I love security but it was designed wrong from the beginning. Should have just replaced the system calls instead of trying to be invisible and magic.<\/p>\n

[…]<\/p>\n

It wouldn’t have been trivial to create a new set of API calls that were secure and remove access to the old ones, but it would have been a billion times better for developers and users than the current hyperlink nightmare.<\/p>\n<\/blockquote>\n\n

Daniel Jalkut<\/a> (tweet<\/a>):<\/p>\n

\n

The Catalina 10.15 public beta identifies software that has not been notarized as potentially risky because it “cannot be scanned for malware.”<\/p>\n<\/blockquote>\n\n

Peter N Lewis<\/a>:<\/p>\n

\n

And the (“cannot be scanned for malware.”) is such a lie, since Apple could clearly just check it at that point - why not just add a Scan button, and have it scan using the same process. Why? Because Notarisation is about controlling developers, not about security.<\/p>\n<\/blockquote>\n\n

macOS doesn’t even tell you that there’s a way to bypass the check by using the Open command in the contextual menu.<\/p>\n\n

Previously:<\/p>\n