Summer Party Mac OS
Article Title = macOS 11 Big Sur Third Party Product Compatibility Info
Article Author(s) = Graham Needham (BH)
Article Created On = 11th August 2020
Article Last Updated = 9th March 2021
Article URL = https://www.macstrategy.com/article.php?243
Article Brief Description:
A list of information relating to third party software products and their compatibility with macOS 11 Big Sur
macOS 11 Big Sur Third Party Product Compatibility Information
- Big Sur can physically damage some Native Instruments hardware.
- Big Sur has reported compatibility issues with USB devices that have FTDI VCP chips with custom PIDs.
- Big Sur does not support legacy System/Kernel Extensions (KEXTs)
- VPN connections via L2TP over IPSec now require 'HMAC-SHA-256' security at the third-party server end - make sure your VPN server is compatible!
- Big Sur does not support 32-Bit Applications
- Big Sur does not support legacy media formats
- Safari 14 in Big Sur does not support any legacy NPAPI browser plug-ins including Adobe Flash
- Safari 14 in Big Sur does not support older .safariextz packaged Safari Extensions - you should check whether the developer has created a newer/updated 'Safari App Extension' version which will be available via the Mac App Store
- Big Sur has an OS version of 11.x instead of 10.x - this could affect some older software installers and scripts if they check the OS version incorrectly
- Big Sur does not support Dashboard applications/widgets
- Big Sur has a dedicated and 'signed' system volume - third party backup/cloning/disk repair software should be checked and updated/upgraded if necessary to work with this version of macOS
- Big Sur does not support Rosetta/PowerPC software
All Discussions. It would be great if you'll add Mac OS support for this awesome game Showing 1-7 of 7 comments. Nov 21, 2016 @ 5. Part 2: Mount ISO Mac OS X with Disk Utility Some Mac users might not even be familiar with this application on Mac although this program has been preinstalled with the Mac OS X. Nine times out of ten, this Disk Utility program is just being tucked away in the big Application folder. Apple's desktop operating system, macOS, has been the staple crop for its iMacs and MacBooks. Here we go back to where it all began in 2001 (when it was known as Mac OS X). Feb 18, 2016 Although there are plenty of great apps already built into OS X, I use a lot of third-party apps on my Mac to give it more functionality tailored to my needs, as I’m sure many other Mac users do too. In this piece, I’ll be sharing what my five favorite third-party apps to use on my Mac on a daily basis are, and I’ll also share why I love.
Apple File System (APFS)
Big Sur uses a low-level file system called Apple File System (APFS) - this could affect many third party software products especially disk utilities that work directly with the file system e.g. DiskWarrior and TechTool Pro along with products that share/serve files over a network. We have a separate article with information about APFS and some frequently asked questions.Third Party Apps/Hardware Specifically NOT Compatible With APFS
- some Adobe Creative Cloud individual applications - update to the latest versions for best results
- Aura SSDs from OWC - known issue
- Alsoft DiskWarrior v5 - update to DiskWarrior v5.1 to be able to run the application + full support for APFS will be included with a future DiskWarrior update once Apple releases the final APFS format documentation
- Carbon Copy Cloner 4 - some issues, best to upgrade to version 5 or later
- Google Drive - upgrade to Backup And Sync v3.36 or later (for consumers) or Drive File Stream (for business users)
- Prosoft Drive Genius - update/upgrade to v5.2.1 or later
- SoftRAID 5.x - full support for APFS will be included with SoftRAID version 6
- SuperDuper! - upgrade to v3.0 or later
Gatekeeper
Some (older) software may not install or run on Big Sur due to the Gatekeeper security feature. However, it will work, you just need to temporarily bypass gatekeeper if you are sure the software is trusted and safe - see our Gatekeeper article for more information.System Integrity Protection (SIP)
Big Sur includes a low-level security technology called System Integrity Protection (SIP) which prevents the modification or removal of certain system files - this could affect third party products that try to install/modify files/folders at the system level. We have a separate article all about SIP.HiDPI
If you have a HiDPI compatible monitor connected e.g. Retina Display, UltraHD, 4K, 5K, Big Sur will try to run applications in HiDPI mode on them. Older applications (written before HiDPI was available) may have problems with this. It is possible to run older, individual applications in 'low resolution' mode (Get Info on the application in the Finder and tick 'Open in Low Resolution' - if that option is not there then you can't).Products Specifically NOT Big Sur Compatible (including earlier versions thereof)
See also, our list of 32-bit applications- Ambrosia Soundboard and WireTap Anywhere / Studio
- Autodesk AutoCAD (LT) 2018 - upgrade to v2019.2 or later
- Bare Bones TextWrangler - all versions
- Bartender 3.x - Big Sur compatible upgrade available
- Citrix Gateway plugin - KB article
- DiskMaker X = all versions
- Graphisoft ARCHICAD 22 - will not be made compatible with this macOS
- Microsoft Office 2016 - although it currently appears to run okay, support and updates for Office 2016 ended on 13th October 2020 so if any issues become apparent they will not befixed. You will also not be getting security updates. So, if possible, upgrade to Office 2019 or later.
- MT-Newswatcher
- Native Instruments MASCHINE MK1, MASCHINE MIKRO MK1, TRAKTOR AUDIO 2 / 4 / 8 DJ, TRAKTOR AUDIO 2 MK1 and TRAKTOR S2 / S4 / X1 MK1
- Now Up-To-Date And Contact
- Parallels v15 - Big Sur compatible upgrade available
- Perian
- Reason Lite 10.4 and earlier - statement
- Reason Essentials 10.0.1 and earlier - statement
- Reason Limited 1.5.3 and earlier - statement
- Reason Record - statement
- QuarkXPress 6, 7, 8 and 9 (in addition Quark do not officially support QuarkXPress v2019 or earlier on Big Sur)
- SnapzPro X v4.0.0 and earlier
- Timbuktu Pro
Products Specifically NOT Big Sur Compatible
but they should be updated in the future to be compatible
- Many Thunderbolt (3) external (RAID) enclosures including TerraMaster
- Auident - EVO 4, EVO 8 and Sono
- Box Drive - not working properly
- Caffeine - v2.0 coming soon - beta version available
- Déjà Vu [Deja Vu] (backup software) - not currently compatible
- Enfocus Connect 2019 - does not officially support macOS Big Sur - will inform customers when a compatible version is released
- Enfocus BoardingPass - does not officially support macOS Big Sur - next public pre-release update, expected in January or February 2021, will be Big Sur compatible
- Shirt Pocket SuperDuper! - cannot clone boot drives
- SoftRAID v5.x - v6 BETA now available
- USB Overdrive 4.0.x - v5 BETA now available
Companies
- Ableton = compatibility statement
- AIR = compatibility statement
- AKAI = compatibility statement
- Alesis = compatibility statement
- Apogee = compatibility statement
- Applied Acoustics Systems = compatibility statement
- Arturia = compatibility statement
- Auident = compatibility statement
- Autodesk AutoCAD = System requirements for AutoCAD for Mac
- Autodesk AutoCAD LT = System requirements for AutoCAD LT for Mac
- Avid = compatibility statement
- Backblaze (Arq online backup) = compatibility statement
- Bare Bones (BBEdit / Yojimbo) = compatibility statement
- Bitwig = compatibility statement
- Blue Cat Audio = compatibility statement
- Bombich = compatibility statement
- Celemony = compatibility statement
- DEVON Technologies = blog post about macOS Big Sur / Apple Silicon compatibility
- Drobo = upgrade to Dashboard v3.6.2 or later
- The Eclectic Light Company = compatibility statement
- Enfocus = compatibility statement
- Ergonis (PopChar X / KeyCue / Typinator) = compatibility statement
- FabFilter = compatibility statement
- Claris FileMaker = knowledge base article
- Finale Notation Products - compatibility statement
- Focusrite (Pro Products) = compatibility statement
- Folivora = compatibility statement
- FXpansion = forum post
- Graphisoft = compatibility statement
- Igg Software = compatibility statement
- IK Multimedia = compatibility statement
- Insider = compatibility statement
- Intego = knowledge base article
- iZotope = compatibility statement
- Korg = OS compatibility charts
- LaCie = knowledge base article
- M-Audio = Knowledge Base compatibility document
- Microsoft (Office for Mac) = macOS supported versions statement
- MOTU = compatibility statement
- Native Instruments = compatibility statement
- Nektar = compatibility statement
- Nikon = software list (products in the first list are supported and will be updated if problems are found)
- Novation = compatibility statement
- Numark = Knowledge Base compatibility document
- Omni = compatibility statement
- On1 (OnOne) Software = compatibility statement
- Overloud = compatibility statement
- Panic = compatibility matrix
- PreSonus = compatibility statement
- Pioneer DJ = compatibility statement
- Plugin Alliance = Facebook post
- Positive Grid = compatibility statement
- Quark = compatibility matrix
- Reason Studios = compatibility statement
- Rogue Amoeba = compatibility status report
- Roland = compatibility statement
- Roland (BOSS products) = compatibility statement
- Roland (Professional A/V category products) = compatibility statement
- Serato DJ Lite/Pro = compatibility statement
- Serato Sample = compatibility statement
- Serato Studio = compatibility statement
- Serif (Affinity Photo, Designer and Publisher) compatibility statement
- Slate Digital = compatibility statement
- SmallCubed (MailTags / Mail Act-On / Mail Perspectives / SigPro) = What's New in MailSuite 2019
- Solid State Logic = compatibility statement
- Spectrasonics = compatibility statement
- Steinberg = compatibility information
- Universal Audio = compatibility statement
- Vectorworks = compatibility statement
- Vectorworks = operating system matrix
- Waves = system requirements information
Printer And Scanner Manufacturers/Drivers
- Brother = Compatibility Matrix
- Canon (Europe) = no specific info so check your printer model via their support site
- Epson = support page (USA site)
- Fiery Command Work Station (CWS) = check via support site
- Fiery Driver = Big Sur supported with v6.5 or later
- Fujitsu Scansnap = ScanSnap Downloads - choose 'macOS Big Sur v11.0' in 'Step 2. Select Target OS.'
- Hewlett Packard (Printers) = HP printer compatibility with macOS and OS X page
- Hewlett Packard (LaserJet / PageWide scanning) = Set up the printer to scan in macOS
- Lanier = no specific info so check your printer model via their Knowledge Base
- Lexmark = macOS Compatibility Lists
- OKI = OS driver compatibility page
- Ricoh (including Gestetner / Infotec) = no specific info so check your printer model via their Knowledge Base
- Samsung = printing business moved to Hewlett Packard but HP now have a compatibility list online
- Silverfast = compatibility statement
- Xerox = compatibility page with downloadable PDF
Individual Products
- Acorn = Big Sur supported with v6.6.3 or later
- Autodesk AutoCAD (LT) for Mac 2019 = Big Sur supported with v2019.2 Update
- Autodesk AutoCAD (LT) for Mac 2020 = Big Sur supported with v2020.2 Update
- Autodesk AutoCAD (LT) for Mac 2021 = Big Sur supported with v2021.1 Update
- Banktivity = Big Sur supported with v8.0.5 or later
- Bare Bones BBEdit = Big Sur supported with v13.5.2 or later
- Bare Bones Yojimbo = Big Sur supported with v4.6 or later
- Bartender = Big Sur supported with v3.1.7 or later
- Bean = Big Sur supported with v3.3.4 or later
- BetterTouchTool = Big Sur supported with v3.502 or later
- BlueHarvest = Big Sur supported with v8.0.6 or later
- Boxcryptor = Big Sur supported with v2.36.1042 or later
- BusyCal = Big Sur supported with v3.11.1 or later
- C-Command DropDMG = v3.6 or later
- C-Command EagleFiler = v1.9.1 or later
- C-Command SpamSieve = v2.9.40 or later
- C-Command ToothFairy = v2.7 or later
- Carbon Copy Cloner = Big Sur supported with v5.1.22 or later
- Check Point Endpoint Security VPN = Big Sur supported with E84.30 or later
- Chronosync = Big Sur supported with v4.9.12 or later
- Maxon Cinema 4D = Big Sur supported with v2.3.1 or later
- Citrix Workspace (formerly Reciever) = Big Sur supported with v20.12.0.3 (2012) or later
- ClamXav = Big Sur supported with v3.1_8514 or later
- Cocktail = Big Sur supported with v14.0 or later
- Codeweaver CrossOver = Big Sur supported with v20.0.2 or later
- Eltima Commander One = Big Sur supported with v3.0.3368 or later
- CrashPlan for Small Business = Big Sur supported with v8.2.1 or later
- Cyberduck = Big Sur supported with v7.5 or later
- Default Folder X = Big Sur supported with v5.5.1 or later
- DEVONthink Personal/Pro = Big Sur supported with v3.5.2 or later
- Alsoft DiskWarrior = Big Sur supported with v5.2 or later (APFS formatted storage not supported)
- Alsoft DiskWarrior Recovery Maker = Big Sur supported with v1.3 or later (APFS formatted storage not supported)
- Prosoft Drive Genius = Big Sur supported with v6.2 or later
- EazyDraw = Big Sur supported with v10.1.1 or later
- Enfocus Pitstop = Big Sur supported with v2020 update 1 or later (but not Apple Silicon M1 Macs)
- Enfocus Switch = Big Sur supported with v2020 or later (but not Apple Silicon M1 Macs)
- Ergonis PopChar X = Big Sur supported with v8.10 or later
- Ergonis KeyCue = Big Sur supported with v9.7 or later
- Ergonis Typinator = Big Sur supported with v8.5 or later
- Geniatech EyeTV = v4.0.0 or later
- Claris FileMaker Pro 19 (Advanced) = Big Sur supported with v19.1.3 or later
- Claris FileMaker Server 19 = Big Sur supported with v19.0.2 or later
- Finale = Big Sur supported (with some cosmetic issues) with Finale v26.3.1 or later
- Find Any File = v2.2 or later
- Insider FontAgent = Big Sur supported with v9.6 or later
- Google Backup And Sync (for consumers - was Google Drive) = Big Sur supported with v3.51 or later
- Google Drive File Stream (for business users - was Google Drive) = Big Sur supported with v43 or later
- Handbrake = v1.4.0 beta 1 or later
- Heredis = Big Sur supported with v2021 or later
- iCab = Big Sur supported with v6.0.4 or later
- Intego X9 VirusBarrier = v10.9.35 or later
- Intego X9 NetBarrier = v10.9.13 or later
- Intego X9 ContentBarrier = v10.9.7 or later
- Intego X9 Personal Backup = v10.9.9 or later
- Intego X9 Washing Machine = v10.9.7 or later
- Intego X9 NetUpdate = v10.9.13 or later
- Intego X9 Common Components = v10.9.19 or later
- Lemkesoft Graphic Converter = Big Sur supported with v11.3.1 or later
- Lingon X = Big Sur supported with v7.6 or later
- Little Snitch = Big Sur supported with v5.0 or later
- Logitech Control Center (LCC) = Big Sur supported with v3.9.14 or later
- Logitech Options = Big Sur supported with v8.36.76 or later
- MacBreakZ = Big Sur supported with v5.40 or later
- Malwarebytes = Big Sur supported with v4.6.12.3825 or later
- Melodyne = Big Sur supported with v5.1 or later
- Microsoft NTFS for Mac by Paragon Software = v15.5.62 or later
- Microsoft Office 2019 (365 subscription) = Big Sur supported with v16.43 (20110804) or later
- NeoFinder = Big Sur supported with v7.7 or later
- Nikon Capture NX-D = Big Sur supported with v1.6.5 or later
- Nikon ViewNX-i = Big Sur supported with v1.4.5 or later
- Nisus Writer Pro = Big Sur supported with v3.2 or later
- OmniFocus = Big Sur supported with v3.11.1 or later
- OmniGraffle = Big Sur supported with v7.18.1 or later
- OmniOutliner (Pro) = Big Sur supported with v5.8 or later
- OmniPlan = Big Sur supported with v4.2.3 or later
- Panic Coda = Big Sur supported with v2.7.0 or later
- Panic Nova = Big Sur supported with v3.0 or later
- Panic Transmit = Big Sur supported with v5.7.0 or later
- Parallels Desktop for Mac = Big Sur supported with v16 or later
- Path Finder = Big Sur supported with v10.0 or later
- Pixelmator (Classic) = Big Sur supported with v3.9 or later
- Pixelmator (Pro) = Big Sur supported with v2.0 or later
- Postbox = Big Sur supported with v7.0.34 or later
- Posterino = Big Sur supported with v3.8.2 or later
- QuarkXPress = Big Sur supported with v2020 or later
- Realmac RapidWeaver = Big Sur supported with v8.7 or later
- Retrospect Client/Server = Big Sur supported with v17.5.0.185 or later
- Rogue Amoeba Airfoil for Mac = Big Sur supported with v5.10.1 or later
- Rogue Amoeba Audio Hijack = Big Sur supported with v3.8.0 or later
- Rogue Amoeba Farrago = Big Sur supported with v1.6.0 or later
- Rogue Amoeba Fission = Big Sur supported with v2.7.0 or later
- Rogue Amoeba Loopback = Big Sur supported with v2.2.0 or later
- Rogue Amoeba Piezo = Big Sur supported with v1.7.0 or later
- Rogue Amoeba SoundSource = Big Sur supported with v5.2.0 or later
- Serif Affinity Photo, Designer and Publisher = Big Sur supported with v1.8.6 or later
- Sensei (previously Trim Enabler) = Big Sur supported with v1.3 or later
- Silverfast = Big Sur supported with v8.8 or later
- SteerMouse = Big Sur supported with v5.5.3 or later
- SwitchResX = Big Sur supported with v4.11.0 or later
- Techtool Pro = Big Sur supported with v13.0.2 or later
- Things = Big Sur supported with v3.13.2 or later
- Time Out = Big Sur supported with v2.7 or later
- TinkerTool System = Big Sur supported with v7.0 or later
- Titanium Software Deeper = Big Sur supported with v2.6.5 or later
- Titanium Software Maintenance = Big Sur supported with v2.7.5 or later
- Titanium Software OnyX = Big Sur supported with v3.9.1 or later
- Corel/Roxio Toast Titanium (Pro) = Big Sur supported with v19 or later
- Vectorworks = Big Sur supported with v2020/v2021
- Vellum = Big Sur supported with v2.8.2 or later
- VirtualBox = Big Sur supported with v6.1.16 or later
- VMWare Fusion Player/Pro for Mac = Big Sur supported with v12.0 or later
- VueScan = Big Sur supported with v9.7.37 or later
- Wacom tablets = Big Sur supported with Driver 6.3.41-2 or later
- WhatRoute = Big Sur supported with v2.3.3 or later
- WhatSize = Big Sur supported with v7.6.2 or later
- X Lossless Decoder (XLD) = Big Sur supported with v20210101 or later
Maths/chemistry/scientific users should also check out this blog post that lists compatible/incompatible Big Sur software.
Musicians should also check out this web page that lists compatible/incompatible Big Sur software.
You could also check out this web site that lists compatible/incompatible Big Sur software.
Network Attached Storage (NAS) Products And Servers For Time Machine Backups Over SMB
macOS 11 Big Sur supports Time Machine backups over SMB - it may be the only way to use Time Machine over a network, we're checking into this and will update this article when we have more information. The basic NAS and Server requirements are:- SMB protocol version 3.x, including SMB 3.x signing
- Handling of SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 requests, including the Timeout field
- Handling of SMB2_CREATE_REQUEST_LEASE_V2 requests
- Handling of SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 requests
- Support for Bonjour discovery
- Support for Apple’s F_FULLFSYNC extension to the SMB2 FLUSH command
- FreeNAS - v9.10.4 or later (to be released)
Network Attached Storage (NAS) Products And Servers For Time Machine Backups Over AFP
AFP (Apple File Protocol) is deprecated but still works in Big Sur as a client connecting to an AFP server. It should support Time Machine backups over AFP, we're checking into this and will update this article when we have more information. NAS and Server products must support AFP protocol version 3.3 or later (introduced with OS X 10.7 Lion) if they are to be used for Time Machine backups. If you use NAS products that utilise open source software (FreeNAS and/or Netatalk) - FreeNas must be at least version 8.1 and Netatalk must be at least version 2.2.0. Specifically:Summer Party Mac Os 11
- AppleShare IP (ASIP) - You are out of luck, sorry no update will ever be issued.
- Buffalo NAS - check your product is macOS 11 Big Sur compatible.
- DataRobotics / Drobo - AFP v3.3 supported support area.
- FreeNAS - AFP v3.3 supported with v8.3.1 or later
- Lacie NAS - check your product is macOS 11 Big Sur compatible.
- Microsoft Windows Home Server (including HP MediaSmart Servers): HP have abandoned their original implementation of this software so there will be no update from HP. Microsoft's Windows Home Server 2011 even with the latest service pack does not support AFP protocol v3.3 or later. WHS is unlikely to ever support AFP protocol v3.3 or later. Also note:
- Some implementations of Windows Home Server install Microsoft's Remote Desktop Connection software. You can download the latest version from the Mac App Store
- Windows Home Server 2011 installs an application called 'Launchpad' - but so does Big Sur. If you install Big Sur first and then try to install WHS's Launchpad, you can't and currently there is no fix. If you have WHS installed and upgrade to Big Sur you won't get Maverick's Launchpad. Follow these steps to fix:
- Go to Macintosh HD > Applications folder and delete the Launchpad application.
- Go to Macintosh HD > Library > Application Support > Microsoft and delete the 'Launchpad' folder.
- Go to Macintosh HD > Library > Preferences > and delete the 'com.microsoft.launchpad.plist' file.
- Go to Macintosh HD > Users > ~your home directory > Library > Application Support > Microsoft and delete the 'Launchpad' folder.
- Restart your computer.
- Locate the Big Sur disc image and open it so it mounts on your desktop.
- In the mounted Big Sur disc image go to the Packages folder
- Double click the 'Essentials.pkg' package to start the software installation.
- Follow the on screen instructions to install (Big Sur's Launchpad application).
- Proxure have a WHS add-in for Mac backups called KeepVault Connector but there is little information on it and their links don't work
- Netgear/Infrant ReadyNAS - use ReadyNAS OS 6 or later
- QNAP - Time Machine supported.
- Synology - Time Machine supported.
- Western Digital NAS e.g. 'MyBook World' - Time Machine compatibility
Article Keywords: macOS 11 Big Sur 1100 third 3rd party software product compatibility
This article is © MacStrategy » a trading name of Burning Helix. As an Amazon Associate, employees of MacStrategy's holding company (Burning Helix sro) may earn from qualifying purchases. Apple, the Apple logo, and Mac are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc.
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.
Go to this
web page
to donate to us.
Developer(s) | Apple Inc. |
---|---|
Initial release | July 25, 2012 |
Operating system | macOS |
Gatekeeper is a security feature of the macOSoperating system by Apple.[1][2] It enforces code signing and verifies downloaded applications before allowing them to run, thereby reducing the likelihood of inadvertently executing malware. Capturer auto screen captures 1 0 2. Gatekeeper builds upon File Quarantine, which was introduced in Mac OS X Leopard and expanded in Mac OS X Snow Leopard.[3][4] The feature originated in version 10.7.3 of Mac OS X Lion as the command-line utilityspctl.[5][6] A graphical user interface was added in OS X Mountain Lion and later also in version 10.7.5 of Lion.[7]
Functions[edit]
Configuration[edit]
In the security & privacy panel of System Preferences, the user has three options:
- Mac App Store
- Allows only applications downloaded from the Mac App Store to be launched.
- Mac App Store and identified developers
- Allows applications downloaded from the Mac App Store and applications signed by certified Apple developers to be launched. This is the default setting since Mountain Lion.
- Anywhere
- Allows all applications to be launched. This effectively turns Gatekeeper off. This is the default setting in Lion. Since macOS Sierra, this option is hidden by default.[8][9]
- However, this option can be re-enabled by using the 'sudo spctl --master-disable' command from the Terminal and authenticating with an admin password.
The command-line utility spctl provides granular controls, such as custom rules and individual or blanket permissions, as well as an option to turn Gatekeeper off.[6]
Quarantine[edit]
https://cleaningdatnow.weebly.com/how-to-change-web-browser-on-macbook-air.html. Upon download of an application, a particular extended file attribute ('quarantine flag') can be added to the downloaded file.[10] This attribute is added by the application that downloads the file, such as a web browser or email client, but is not usually added by common BitTorrent client software, such as Transmission, and application developers will need to implement this feature into their applications and is not implemented by the system. The system can also force this behavior upon individual applications using a signature-based system named Xprotect.[11]
Mac Os Versions
Execution[edit]
When the user attempts to open an application with such an attribute, the system will postpone the execution and verify whether it is:
- blacklisted,
- code-signed by Apple or a certified developer,
- the code-signed contents still match the signature.
Since Mac OS X Snow Leopard, the system keeps two blacklists to identify known malware or insecure software. The blacklists are updated periodically. If the application is blacklisted, then File Quarantine will refuse to open it and recommend to the user to move it to trash.[11][12]
Gatekeeper will refuse to open the application if the code-signing requirements are not met. Apple can revoke the developer's certificate with which the application was signed and prevent further distribution.[1][3]
Once an application has passed File Quarantine or Gatekeeper, it will be allowed to run normally and will not be verified again.[1][3]
Override[edit]
To override Gatekeeper, the user (acting as an administrator) either has to switch to a more lenient policy from the security & privacy panel of System Preferences or authorize a manual override for a particular application, either by opening the application from the context menu or by adding it with spctl.[1]
Summer Party Massacre
Path randomization[edit]
Developers can sign disk images that can be verified as a unit by the system. In macOS Sierra, this allows developers to guarantee the integrity of all bundled files and prevent attackers from infecting and subsequently redistributing them. In addition, 'path randomization' executes application bundles from a random, hidden path and prevents them from accessing external files relative to their location. This feature is turned off if the application bundle originated from a signed installer package or disk image or if the user manually moved the application without any other files to another directory.[8]
Implications[edit]
The effectiveness and rationale of Gatekeeper in combating malware have been acknowledged,[3] but been met with reservations. Security researcher Chris Miller noted that Gatekeeper will verify the developer certificate and consult the known-malware list only when the application is first opened. Malware that already passed Gatekeeper will not be stopped.[13] In addition, Gatekeeper will only verify applications that have the quarantine flag. As this flag is added by other applications and not by the system, any neglect or failure to do so does not trigger Gatekeeper. According to security blogger Thomas Reed, BitTorrent clients are frequent offenders of this. The flag is also not added if the application came from a different source, like network shares and USB flash drives.[10][13] Questions have also been raised about the registration process to acquire a developer certificate and the prospect of certificate theft.[14]
In September 2015, security researcher Patrick Wardle wrote about another shortcoming that concerns applications that are distributed with external files, such as libraries or even HTML files that can contain JavaScript.[8] An attacker can manipulate those files and through them exploit a vulnerability in the signed application. The application and its external files can then be redistributed, while leaving the original signature of the application bundle itself intact. As Gatekeeper does not verify such individual files, the security can be compromised.[15] With path randomization and signed disk images, Apple provided mechanisms to mitigate this issue in macOS Sierra.[8]
See also[edit]
References[edit]
- ^ abcd'OS X: About Gatekeeper'. Apple. February 13, 2015. Retrieved June 18, 2015.
- ^Siegler, MG (February 16, 2012). 'Surprise! OS X Mountain Lion Roars Into Existence (For Developers Today, Everyone This Summer)'. TechCrunch. AOL Inc. Retrieved March 3, 2012.
- ^ abcdSiracusa, John (July 25, 2012). 'OS X 10.8 Mountain Lion: the Ars Technica review'. Ars Technica. pp. 14–15. Archived from the original on March 14, 2016. Retrieved June 17, 2016.
- ^Reed, Thomas (April 25, 2014). 'Mac Malware Guide : How does Mac OS X protect me?'. The Safe Mac. Retrieved October 6, 2016.
- ^Ullrich, Johannes (February 22, 2012). 'How to test OS X Mountain Lion's Gatekeeper in Lion'. Internet Storm Center. Retrieved July 27, 2012.
- ^ ab'spctl(8)'. Mac Developer Library. Apple. Retrieved July 27, 2012.
- ^'About the OS X Lion v10.7.5 Update'. Apple. February 13, 2015. Retrieved June 18, 2015.
- ^ abcd'What's New in Security'. Apple Developer (Video). June 15, 2016. At 21:45. Retrieved June 17, 2016.
- ^Cunningham, Andrew (June 15, 2016). 'Some nerdy changes in macOS and iOS 10: RAW shooting, a harsher Gatekeeper, more'. Ars Technica UK. Archived from the original on June 16, 2016. Retrieved June 17, 2016.
- ^ abReed, Thomas (October 6, 2015). 'Bypassing Apple's Gatekeeper'. Malwarebytes Labs. Retrieved June 17, 2016.
- ^ abMoren, Dan (August 26, 2009). 'Inside Snow Leopard's hidden malware protection'. Macworld. Retrieved September 30, 2016.
- ^'About the 'Are you sure you want to open it?' alert (File Quarantine / Known Malware Detection) in OS X'. Apple Support. March 22, 2016. Archived from the original on June 17, 2016. Retrieved September 30, 2016.
- ^ abForesman, Chris (February 17, 2012). 'Mac developers: Gatekeeper is a concern, but still gives power users control'. Ars Technica. Retrieved June 18, 2015.
- ^Chatterjee, Surojit (February 21, 2012). 'OS X Mountain Lion Gatekeeper: Can it Really Keep Malware Out?'. International Business Times. Retrieved March 3, 2012.
- ^Goodin, Dan. 'Drop-dead simple exploit completely bypasses Mac's malware Gatekeeper'. Ars Technica. Archived from the original on March 20, 2016. Retrieved June 17, 2016.