About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search
Home » Learning Curve

A #WWDC19 Takeaway

They reoccur annually.

Get It

Try It

'The work that needs to be done in terms of computer security is not to make more secure the systems that are already acceptably secure - but to convince the 90% of the unwashed to move over to a more secure platform so the whole world can be secure.'

Apple had a WWDC last year where they discussed computer security. Here are a few slides from one of their presentations.

Here's a direct link.



This is about advances in macOS security. Instead of 'advances' you're allowed to say 'changes'.


Defence in depth is a concept. Much like 'bottom line'. But no, no single technology or feature can deliver perfect security.

To do that, you'd have to build all systems upside-down, and start by not allowing anything, then retroactively allowing just a tiny bit at a time. Although even then you'd find gaps.

The important thing is mandatory access control, which Unix already has, as opposed to discretionary access control, which is bad, and that's what Windows has.

Yes, macOS has many layers of security. And the people behind this 'maverick' Unix don't seem to care much about community review or about eating their own dog food.


Yes, and that's the only reason for this panicky move. Because Apple's macOS is incessantly under brutal attack, and it's a wonder anyone survives a single day online.


This is good. Provided it's complete and truthful. And doesn't change by yesterday morning again. Meaning that...

But, as you'll see revealed further down, you can't often know if something is malicious or not - that some discretion is needed on the part of the user. Such as not being a dork and downloading Apple products from an independent site in Tasmania.

The final point refers to the 'protocol hole' which was the first-ever security crisis on the platform.

Note what Gatekeeper does: it checks the first launch of quarantined apps. So like what is quarantine? We will have reason to come back to that. Oh will we ever.


'Marks files that arrive on the system...' Yes, but not all of them. How do you mark these files? How do you get at them? You need some system module. And believe us, they've worked overtime to make sure they can get at as much as possible.

'Adds metadata about the source' - something we check on an hourly basis. No wait, we don't, or, rather, you don't, because you don't know how and Apple will surely not tell you, even if they wanted to (which they don't). Put another way: they love metadata at Apple, and if 'com.apple.WhatIDidLastSummer' is still available, they might use it.

'Apps can opt-in to quaranting files...' Why?

And a mention of sandboxed apps. Another stroke of genius by Apple Inc.


Ah the Launch Services. That was really cool - once upon a time. Mention of NSWorkspace is a bit hypocritical, as they've done all in their power to destroy NSWorkspace, and most of that code came from a new 'core foundation' layer anyway.


Yes, NSTask doesn't get caught. Which is cool - if not for the fact that, starting with Mojave, Apple borked the code in other inventive ways, to the point that one-just-doesn't-care-anymore.

dlopen is a Unix way of loading a shared library.


A comparison of 'security' on Mojave and Catalina. Note the use of the 'Happy Mac' icon. Also note use of word 'requires' when mentioning software.

NOTE THE THIRD COLUMN. So how do you get into that third column? By not being a dork.

This is the most important pic in the article.


Ah thanks. But don't go assuming you can keep 70% of your own revenues. And/or that it costs only $100 to apply. And/or that you can share whatever you want with whomever you want.


Here they go again. Hot and cold. Good cop, bad cop. There's a fight on for the rhetoric. In legal terms this is called 'mens rea'.

Epilogue (Yes Already)

'The work that needs to be done in terms of computer security is not to make more secure the systems that are already acceptably secure - but to convince the 90% of the unwashed to move over to a more secure platform so the whole world can be secure.'

Don't expect Apple to save the world. They're not interested. Don't expect them to save the Internet either. They don't care.

The latter was in their grasp. They showed no interest whatsoever.

Apple have an 18% unit market share in the mobile market, and just over half that in the PC market. Their revenues are off the charts, mostly due to their obscene profit margins, as much as 40% [sic].

So why are they working so hard to 'protect' an OS that very few people use?

Or is that what they're really trying to do?

There are an estimated six billion reasons to suggest otherwise. And they reoccur annually.

See Also

About Rixstep

Stockholm/London-based Rixstep are a constellation of programmers and support staff from Radsoft Laboratories who tired of Windows vulnerabilities, Linux driver issues, and cursing x86 hardware all day long. Rixstep have many years of experience behind their efforts, with teaching and consulting credentials from the likes of British Aerospace, General Electric, Lockheed Martin, Lloyds TSB, SAAB Defence Systems, British Broadcasting Corporation, Barclays Bank, IBM, Microsoft, and Sony/Ericsson.

Rixstep and Radsoft products are or have been in use by Sweden's Royal Mail, Sony/Ericsson, the US Department of Defense, the offices of the US Supreme Court, the Government of Western Australia, the German Federal Police, Verizon Wireless, Los Alamos National Laboratory, Microsoft Corporation, the New York Times, Apple Inc, Oxford University, and hundreds of research institutes around the globe. See here.

All Content and Software Copyright © Rixstep. All Rights Reserved.

John Cattelin
Media Contact
ACP/Xfile licences
About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search
Copyright © Rixstep. All rights reserved.