Apple released macOS 10.15 (Catalina) on 7th Oct 2019 and now it is publicly available for download. With multiple features presented at the WWDC 2019, here’s an overview of the new security and privacy features introduced in Catalina.
Gatekeeper, is an important outer layer of security, designed to prevent malicious software from running on your system. It ensures that all new apps you install — from the App Store or the internet — have been checked for known security issues by Apple before you run them the first time.
From macOS 10.15 Catalina, Gatekeeper will now perform known security checks periodically to check that code has not been tampered with. Also all software, whether quarantined or not, and regardless of how that code is loaded, will be scanned for malicious content.
In a future version of macOS, unsigned code will not run by default.
In order to run on macOS Catalina, Mac apps, installer packages, and kernel extensions that are signed with Developer ID must also be notarized by Apple. It will help users gain more confidence that the software they download and run, no matter where they get it from (App Store or the internet), is not malware by showing a more streamlined Gatekeeper interface.
For macOS 10.14.5, Kernel extensions signed after April 7th 2019 must be notarized in order to load
For macOS 10.15: All software must be notarized from June 1st 2019
User privacy protection (aka Data Protection) is designed to ensure that even if malicious software is able to get around Gatekeeper, it doesn’t necessarily have access to your most sensitive data and resources.
macOS Catalina will now protect most of the common locations where you store your files, such as Documents, Desktop, and Download folders, Trash, iCloud Drive/other cloud storage providers, as well as external, removable, and network drives. Apps must also request your permission to perform key logging, or to capture still or video images from your system. Similar to Mojave, the list of approved apps can be viewed and managed in the System Preferences Privacy pane.
User consent is not required for an app to create new documents in any of these protected locations, just to read existing contents, the contents of files that are already there. For example, a file transfer app can continue to save new files to the users downloads folder without triggering a consent prompt.
macOS Catalina will run in its own private, read-only volume, so there will be no way for malicious apps to write files to the volume or alter existing files. The installation of macOS Catalina creates two volumes, one with the operating system, and another with data, segregating the two types of files.
macOS Catalina will be the last version that will run existing kext’s (kernel extensions). Kext’s are slowly being replaced with system extensions (user-space apps), which will exist outside of the protected system volume. This will ensure that if something is wrong with an extension, either from poor design or an attack from malware, the system itself is not affected.
Furthermore, installing kext’s or system extensions will likely require a restart of the Mac.
Catalina has removed all support for 32-bit code. Thus, a number of older apps that have not been updated to 64-bit will cease to run.
Similar to iPhone, if you have a Mac which contains T2 security chip, you will now be able to prevent the unauthorized use of your Mac, if it is lost or stolen. This T2 chip can be found in Mac mini, MacBook Air, and MacBook Pro from 2018 or later, and the iMac Pro.
Find My Mac will allow you to locate a lost device even if it’s asleep and not connected to the network, via crowd‑sourced location and Bluetooth beacon. When you report your device as missing and another Apple user’s device is nearby, it can detect your device’s Bluetooth signal and report its location to you. User Privacy is not compromised as device information sent is completely anonymous and encrypted.
Apple is incorporating multiple security features and enhancing the existing ones considering the emerging threat landscape. Most of these security features provide decisions in user’s hands, but what will help user to take right decision? How can you protect your Mac from the security threats out there? Here are a few defensive measures to minimize the level of risk:
I hope this list will help you anticipate the changes required when you decide it’s time to upgrade to macOS Catalina. What changes in macOS Catalina are you most concerned about, or looking forward to? Let us know in the comments, below.