Posted October 18, 2018
Say goodbye to High Sierra, and hi to Mojave! On September 24, Apple released the latest version of its core operating system, macOS, and brought not only many security enhancements, but also some new add-ons for online and offline privacy. For those who are tuned to our thorough look at the latest features of iOS 1
What's New in MacOS Mojave?
Before we can look at the problems Some researchers have traveled with Mojave's latest features, we should talk about what these features really are.
First, let's turn on some of the features that MacOS Mojave and iOS 12 share with regards to enhancements. It consists mainly of things that we all can benefit from in our daily activities. For a more thorough look at the improvements common to both operating systems, check out Episode 110 of Checklist, iOS 12 Arrives for details in our discussion. But let's run a quick update for those who might have missed that episode. First on the list: better password management.
Browsing the Web using Safari in Mojave, you now have access to functionality that is very similar to what you find in a password processing, such as 1Password. With keychain enhancements, Safari gets the ability to create and save robust and unique passwords automatically. When you need to create a new account or change your password, use the "Password" feature in Safari to generate and save your login. Your keychain can be synced across devices with iCloud, so you never have to worry about remembering a complicated string.
One of the things we circle back to this show is usually the need to keep your passwords safe and unique – otherwise a simple violation can give the bad access to any kind of online data. With these improvements to Safari, there is no excuse left in order not to harness the power that good passwords provide. Since all you really need to keep in mind at this time is the AppleID password, the process is easier than it ever has been.
Apple's efforts to downplay advertiser tracking of users and data siphoning methods for social media giants (ahem, Facebook) are also part of these changes. Both MacOS and iOS 12 received a bowed version of Safari that makes it easier to control your privacy while adding additional auto protection that provides peace of mind without user intervention. Apple describes it this way:
Remember when you watched the green mountain bike online? And then so annoying green mountainbike ads everywhere you fly? Safari uses machine learning to identify advertisers and others who track your online behavior and remove the tracking data they leave, so your browsing will remain your business. And now, Safari keeps embedded content such as buttons, sharing buttons, and comment traces from tracking you without your permission.
In other words, Facebook will not be able to develop a profile of where you go online by registering a hit from your account when you visit a site with a similar button. We like it! Similar restrictions will be in place to stop "device fingerprints", also using the unique identifiers for your device, to build a profile that is not dependent on cookies. Combined with the content blocks Safari offers, it's one of the most private and safe browsing experiences you can have out of the box right now.
Please note, however, that this applies only to third parties not the sites you visit, from knowing where and when you visited. Likewise, this will not hide the Internet traffic from your ISP or your VPN provider. Instead, it is targeted at ad tracking displayed through third party advertisers and social media. By automatically identifying third-party cookies, Safari can immediately stop them from working.
What about new additions that are unique to Mojave? Apple demonstrates its commitment to continuing the fight against malware by providing users with additional tools to ensure the security of the software they use. To alert users to potentially suspicious software goes a step further in Mojave. You already know MacOS asking for permission to allow software to access certain parts of the system – this is a basic protection, but Mojave elevates it to the next level.
Apple has extended the number of areas of your system that apps can not access directly or indirectly without explicitly granting permission. These new constraints include user requests for:
- Email Databases
- Safari Data (e.g., Browser History)
- Message Stories
- Time Machine or iTunes Copies
- User Location Data
- System Cookies
So if any program on your Mac wants to start looking through your camera – such as the old MacOS FruitFly malware we've discussed earlier on the checklist – Mojave will warn you about what will happen and ask for your permission. If this is not something you expect, it's easy to know that something is wondering your Mac, which should not be there. With a limited scope regarding these alerts, Apple tries to avoid fatigue in the dialog. While you may still encounter more questions than is ideal for now, it is clear that they are working to ensure that users always take into account this information.
In the same type of blood year, a new "notarization" effort by Apple. Although Apple attaches great importance to the Mac App Store, there is still a lot of software that you can find outside of it, usually signed with a valid developer ID. Although there is no guarantee that you are not dealing with malicious software, many malicious developers have used genuine developer IDs to hide payloads. Apple wants a developer ID to be a stronger authentication of security.
Notary is Apple's way of saying "Hey, we checked this and we are reasonably sure that it does not contain malicious software." Although it's not 100% clear how to handle this process, they notice that it's not is an app review, but only a security search. Perhaps machine learning is involved in identifying problematic elements. Notarization will eventually be a compulsory part of the use of apps signed with a developer ID, hopefully closing the door for malware authors to use them as the attack vector. Notarization acts as an extension of the current Developer ID system.
Although there are some issues with Mojave, which we will discuss in next week's episode, there is the bottom line: it's still worth the upgrade. While there are still a few errors here and there to iron out, the additional features and security improvements are well worth it – and you know that Apple will have further updates coming down the pipeline in a short period of time.
While waiting for upgrading in the end, why not check out some of the shows mentioned in today's episode, like our look at what's new in IOS 12? You will find all the show tones plus complete sound for each episode in an easy to listen to the format here in our archives; which is the same place where every future show will go too – so it's the perfect "home base" for your digital security news.
Do you have a question you would like to hear us answer or a story you think would make for a good topic for discussion? Send your suggestions to an Email to Checklist@SecureMac.com and tell us what's in your mind. You may be able to find your question about the theme of a future episode! In the meanwhile, we will say our goodbye for this week when we prepare to return in seven days with another new episode of the checklist, brought to you by SecureMac. Thank you for listening.