Ins and outs of quar­an­tine

Mac Format - - GENIUS TIPS -

QHow does macOS Sierra know when an app has been down­loaded from the in­ter­net, and so run a full se­cu­rity check on it? by Dan Hop­kins

AWhen your browser, or most apps ca­pa­ble of down­load­ing apps and in­stall­ers, save that down­load, it au­to­mat­i­cally at­taches quar­an­tine in­for­ma­tion to the file. This is in the form of an ex­tended at­tribute, or xattr, with the name com.ap­ple. quar­an­tine, and puts it into quar­an­tine. This is also recorded in the data­base at ~/Li­brary/ Pref­er­ences/ com. ap­ple. Launch Ser­vices. Quar­an­tine Events V 2

When you try to open or run that app, or any app in­stalled from a quar­an­tined disk im­age, archive or in­staller bun­dle, the Finder no­ti­fies Gate­keeper, which per­forms a full check on its sig­na­ture (s). This en­sures that, if a sig­na­ture has been re­voked, for ex­am­ple, macOS will refuse to run it and com­pro­mise se­cu­rity. If the app passes that check, or you opt to run it with­out a valid sig­na­ture, a flag in the xattr is changed to in­di­cate that the full check has been per­formed suc­cess­fully, and Gate­keeper won’t be asked to check it as thor­oughly again.

Don’t try to cir­cum­vent these checks, by us­ing tools like curl which by­pass them, or by tam­per­ing with the quar­an­tine xattr: they’re there for your se­cu­rity, to pro­tect you from run­ning mal­ware.

When the quar­an­tine xattr is set, open­ing an app will trig­ger a full Gate­keeper check of its sig­na­ture(s), for your se­cu­rity.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.