Cracking open MacOS Sonoma

[richmond62]

Should anyone have any problems getting software accepted on their Mac machine, here's something:

Crack open your Terminal App:

Type this:

Code: Select all

sudo spctl --master-disable

hit the RETURN key and enter your password.

Then crack open SYSTEM PREFERENCES:

AND go to 'Security and Privacy' and accept 'software from ANYWHERE'.

THAT IS ALL.

[stam]

I've never had to do that. Ever.

I shouldn't have to say it but security is there for a reason.
If you've ever worked in a place that was had by ransomeware attacks, you wouldn't be as blasé about this.

All apps I've ever installed (including Homebrew stuff) can be installed with setting Security to allow application downloaded from App Store and identified developers. For software not from identified developers, just right-click, select open, dismiss the warnings and you won't be asked again - for that specific app.

Disabling security permanently is incredibly dangerous advice. Especially when there is no need to do this.

This is saying that you can't be bothered to open the door for people you know, so you'll just take the door of it's hinges so anyone can just walk in.
If someone did that in real life you'd call them stupid...

[richmond62]

For software not from identified developers, just right-click, select open, dismiss the warnings and you won't be asked again - for that specific app.

Certainly NOT with Sequoia.

[Klaus]

Sequoia isn't out yet!

But yes, that will make things like this much more complicated, not to say highly annoying!

[richmond62]

so anyone can just walk in.

What a load of cobblers.

I choose what to download and what to install: "opening the door" as you put it, does NOT mean that apps can mysteriously download themselves and install themselves.

If you download and install something that chews your system to blazes you only have yourself to blame.

ALSO: having installed and run one's app that 'wouldn't you can always do THIS in your terminal to sew things up again:

Code: Select all

sudo spctl --master-enable

Yes: it might be foolish to leave the thing disabled if you let spotty adolescents and/or your crazy uncle have access to your computer: but as I have neither adolescents (spotty or otherwise) or a crazy uncle (my uncle is reasonably sane, AND he lives on Vancouver island: a long, long way from Bulgaria) in my house, I am not unduly worried.

[stam]

Not sure what the logic here:
Apple is the silly fool while Richmond the wise guides us to the Elysium fields?

I also bet you don’t wear a seatbelt when driving because “it restricts your freedom”. We’ve had this discussion before. Clearly you won’t learn until you are bitten.

[richmond62]

Oddly enough I'd rather not rely on Apple.

[stam]

For what reason exactly?

[richmond62]

Apple are a commercial operation and have already got themselves in trouble with all sorts of regulators.

They never do what they do because they love me, or you, or anyone but themselves.

[stam]

1. If you think it’s only Apple instituting security measures like this you are gravely mistaken. Apple is more severe than other platforms but also has many fewer issues than other platforms. But all platforms do this (except for *nix cowboy country)

2. Please do enlighten us common folk which “regulators” Apple has fallen foul of, and how this is linked to security

3. No one said Apple do this because they have personal interests in their users and stating this is, well, a stupid demagogic argument. Apple is a corporation and has a corporate responsibility to promote security.

You probably aren’t aware of ransomware attacks and have never experienced what these can do. Sadly, I do because the NHS insists on using Windows, and like you introduced security holes for convenience.

As a result, a few years ago, the entire Barts NHS trust suffered a ransomware attack killing all their equipment for over two months. Disaster for intensive care patients.

More recently, just a couple of months ago, we suffered a similar fate because all our blood tests were outsourced to a 3rd party company called Synovis. Our IT is strict but theirs, like what you propose, wasn’t. They were subject to ransomware attack and as they didn’t pay up, patients data were release on the internet and it’s taken us 3 months to be able to request blood tests normally again. All planned operations had to be cancelled. Intensive care could not get blood tests done. Many people came to harm.


It’s a free world. Do what you want. Really, no one cares.

But advocating disabling security to a general audience is beyond irresponsible.

[richmond62]

I am well aware of ransomware attacks: having discovered and reported one of the first ones on Windows in 2004.

But advocating disabling security to a general audience is beyond irresponsible.

I was not advocating GENERAL security disablement: I was advocating disabling security, temporarily, for a certain single reason: to get a piece of software to run that is of known provenance, but will NOT run otherwise.

[stam]

Cool. So since you’re the discoverer of ransomware attacks your response is “hey let’s disable security”.

Yep. Can’t fault that logic.

[Klaus]

Come on guys, this is leading nowhere but to possible personal offences!

Stam, this is RICHMOND, as we know and (maybe) love him, get used to it/him!