Apple macOS so secure some apps can't be easily deleted An Apple macOS security process called System Integrity Protection can prevent certain apps from being easily uninstalled, which isn't ideal when the code may be vulnerable or malware. System Integrity Protection, or SIP, has clear benefits for macOS security. Introduced in OS X El Capitan (10.11) in 2015, it applied a new …
How much of this is for security and how much of it is Apple protecting their rigid branding and customer lock-in? I started using Apple products from DOS 3.2 but quit after MacOS 10.6.8. For how much money Apple is charging, I need to feel like I actually own the computer after I buy it.
This post has been deleted by its author
I installed java 9 just to find out that it did not work with a Eclipse based IDE. Only solution to get rid of it was to disable SIP, because there are no uninstaller. You could blame evil Oracle for the later.
I haven't enable SIP. I want to be able to delete my software.
Presumably it makes updating kexts difficult too. They are just a folder containing a few more folders and files and some of them would need to be deleted in an update.
So putting SIP on the 3rd party kext folder just seems to be a way of locking in kext bugs.
You need to jump through the hoop, and know that it is there to even see the folder in question in Finder. That sort of stuff is hidden. I've unhidden it because I know what I'm doing and recently had to go in and take something out. This is a hand-me-down machine from my daughter and it is running a load of stuff in the background that I don't need. She is in Bioinformatics so installed a pile of custom software packages and had server connections galore which all wanted a bite.
That's right, the virus checker found something, not dangerous or active and the infected file was not something I needed. But I could not find it in Finder to delete it.
As for not being able to delete things, welcome to Android. I neither need, use or want a whole slew of the Google apps on my phone but I cannot delete them without rooting it. So why pick on Apple?
I normally resist OS major version updates on Apple until the .1 release (much like I used to on Windows) in order for all the beta testers to find the main issues in the OS. I then take a view on whether the issues that occur justify updating the OS major version using the .1 release or adopting a further wait and see approach given they usually go up to a .5 release.
In this case I think High Sierra is just utterly fucked and I'll miss the whole thing. I'm sure, if he were alive, Jobs would have disembowelled someone with magic mouse by now over the shitty quality control that now seems to pervade everything Apple do.
Apple have become far too focused on the iPhone, everything else is falling by the side of the road in varying states of disrepair. The focus is off their PC offerings, has been for years and they are coasting, knowing that some will continue to buy whatever nonsense they release. I say that as someone who was repairing PowerPC logic boards back in the 90s and who hasn't owned a Mac laptop or desktop for over 20 years now but still have plenty of hands on experience of repairing friend's ones.
The iPhone is the cash cow these days.
This post has been deleted by its author
Tim Cook = Steve Ballmer.
Inherits the business from a visionary, maintains the status quo, eventual complacency and decline.
https://steveblank.com/2016/10/24/why-tim-cook-is-steve-ballmer-and-why-he-still-has-his-job-at-apple/
A lack of vision portends death of a business. Especially in the tech industry.
Well remember SIP can be turned off simply enough, troublesome Kext's removed, and either left off, or re-enabled, no biggie for most, if you need to, but for many, they will just leave it all 'as is'
for me, I *always* remove iTunes, messages, all that photo, maps, social media and cloud crap, and the rest of the included shovl-ware.. but admittedly, i'm not exactly a regular type of user however..
Yes, SIP can be disabled but Apple tries to make this as dfficult as possible. The real beef with SIP is that it promises more than it can really deliver while making perfectly reasonable stuff harder to do. The thinking might be about reducing Apple's potential liability because, in general, users have to disable the protection.
I ran BitDefender for 12 months on my corporate Mac. Then the company mandated a different AV product. Cue 12 hours of frustration, reboots, and eventually a reinstall of MacOS to get rid of every last remaining part of BitDefender. And I am a technical person.
Imagine what happened at the main board level?
To be fair, Tim Cook has said many times that he will give away all his money during his lifetime.
So someone will benefit. I can only hope that his gifts don't have the same sort of strings attached as those of other more well known ex IT company CEO's have.
Tim Cook does not strike me as being as personally money hungry as Mr Big Boats over at Oracle but I could always be wrong. But he was until recently not flying on private jets but commercial services. Isn't a private jet (and a white cat) all part of the things you need to get you to your private island?
Seriously.
It's about KEXTs. They're a boon of Mac security since I can remember. There was a time when Apple refused to service Macs if certain KEXTs were present.
The point is: I, and Apple, and others, firmly believe the average user does not need to install KEXTs, ever. If you don't understand why, I'll give you a hint: It's in the first letter.
Now, there's a small subset of (non-average) users, who need to install software that cannot, technically, be run without KEXTs. For these users, the way to install KEXTs easily is kept open. At the same time, those small subset of users are experienced enough to jump through the hoops to uninstall (it is not that hard as the article implies). A point could be made that making installing KEXTs should have a bigger hurdle than it does now, with KEXTs being lumped into the same category as unsigned, but safe for most users, software.
The bigger problem here is the exampled application, BlueStacks, installing a KEXT. Because its purpose -- running Android apps -- does NOT require KEXTs. A quick google gives me at least two more software packages that can do that, without KEXTs. So it's either a lazy developer (using KEXTs is easier to program than not), or it's on the track to being malware.
Bluestacks' kext is a hypervisor, maybe running Android in an ARM VM gives better results than writing an apk interpreter from scratch, especially with Google Play dependencies getting greater with every release.
Or there's repartitioning your Mac and adding Android x86 as an OS which it could boot up from which I don't think anyone would want.
@dan 55
It's not that easy to install non-Apple OS'es because SIP prevents you from modifying bootstuff. See http://www.rodsbooks.com/refind/sip.html
On my 2012 MBP I managed to disable SIP, but I'm not sure if Apple will still allow you to disable it on new products. I'm not taking the risk anyway, next laptop won't be an Apple for me.
> I, and Apple, and others, firmly believe the average user does
> not need to install KEXTs, ever.
Then, add frigging touchscreen support to Mac OS Already. Or at least allow one to be recognized and operated as a generic mouse.
I have a Dell ST2220T display hooked up to my Mac Mini. Can't even operate the touchscreen without installing an expensive KEXT from Touch Base. Linux can use the touch portion of the screen upfront without any need to install anything.
And to top it off, Apple wants to merge iOS and Mac OS apps. That's a bad enough idea as is, but explain to me how I'm going to use iOS apps without pinch-to-zoom gestures?
Here's another thing: There's only so much PEBCAK that you can protect from.
What's Apple supposed to do?
– If they change the rules for installing apps so that KEXTs need another hurdle, people complain that they do not have control over their own machine.
– As seen, if they protect the kernel (including installed KEXTs), people complain they do not have control over their own machine.
So what is it? You either have high security or full, easy control. Apple needs to balance, and they will step on someone's toes any which way they do it. Currently, you HAVE full control. Just a few hurdles to jump over. Just not where some people expect them.
Do the rules make sense. Maybe. Maybe not. Can they?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
