{"id":70360,"date":"2017-09-27T08:49:44","date_gmt":"2017-09-27T15:49:44","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=70360"},"modified":"2017-10-02T11:15:58","modified_gmt":"2017-10-02T18:15:58","slug":"macos-high-sierra-security-and-privacy-features-overview","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/macos-high-sierra-security-and-privacy-features-overview\/","title":{"rendered":"macOS High Sierra: Security and Privacy Features Overview"},"content":{"rendered":"

\"macOS<\/p>\n

Apple’s 13th\u00a0release of the modern UNIX based operating system, macOS High Sierra, has arrived! macOS High Sierra\u00a0introduces a slew of\u00a0new features and core technologies that improve salient functions of your Mac. There are several\u00a0new\u00a0security and privacy features\u00a0as well, which I\u00a0will cover in this article.\u00a0But before diving\u00a0into that, first a little bit about Apple’s naming scheme of the operating system (OS).<\/p>\n

Is an upgrade to macOS High Sierra worth it?<\/h3>\n

I’ve heard this several times over the past years: “It has pretty much the same name, so there’s really nothing new.” Because the name is almost identical (with one exception), some Mac users assume\u00a0it’s just a minor upgrade with merely\u00a0a handful of new features and enhancements.\u00a0So there’s really no need to upgrade anytime soon, right?<\/p>\n

This notion cannot be further from the truth.\u00a0Let’s take a look at some previous OS upgrades and the naming schemes they received:<\/p>\n

2005<\/strong>
\nMac OS X 10.3 Panther -> Mac OS X 10.4 Tiger (this is that exception)
\n2009<\/strong>
\nMac OS X 10.5 Leopard -> Mac OS X 10.6 Snow Leopard
\n2012<\/strong>
\nMac OS X 10.7 Lion -> OS X 10.8 Mountain Lion
\n2017<\/strong>
\nmacOS 10.12 Sierra -> macOS 10.13 High Sierra<\/p>\n

Despite the similar-named operating system\u00a0releases, what’s most exciting for\u00a0Mac users is that each new OS\u00a0upgrade is\u00a0historically the best. Why? Because every few years Apple sits down with all their teams and focuses less on new features and more on improving what’s already there. Apple developers\u00a0rewrite existing code, optimize performance, enhance the user experience, and more.<\/p>\n

This was first done in 2005 with Tiger, and even though it received a different name (Fluffy Panther just didn’t sound right), this is exactly what they did: optimize and enhance upon what they previously created. Tiger and Snow Leopard are by far my two favorite versions of OS X, and since Sierra was already a very nice OS to work with, High Sierra promises to be high on the list of best macOS versions to date.<\/p>\n

So while the names of some new OS’s are nothing to get excited about in and of themselves, what’s\u00a0under the hood is what matters most, and with a similar sounding name you can typically be sure it comes with massive improvements to its predecessor.<\/p>\n

Now for the fun part. With the release of macOS High Sierra 10.13, Apple also introduced some new security and privacy enhancements\u00a0worth noting. Here’s an overview of High Sierra’s new security features.<\/p>\n

Basic Security Features<\/h3>\n

You can read about the basic and existing security features of High Sierra on Apple’s website;<\/a>\u00a0it covers FileVault, Gatekeeper, iCloud keychain and more. We want to tell you about some of the more notable changes and enhancements.<\/p>\n

Apple File System (APFS)<\/h3>\n

Announced last year<\/a>, Apple’s new File System (APFS) will be the default as of macOS High Sierra on the Mac. iOS devices have been running the new file system since iOS 10.3, and Apple has finally introduced it to the Mac. Designed to make the best use of Flash technology (Solid State), it brings faster performance and better security.<\/p>\n

The security aspect comes from the file system’s built-in encryption capabilities, crash-safe protections and easy backup capabilities.<\/p>\n

Switching over an entire file system is quite an impressive feat. You may recall the iOS 10.3 update taking much longer than usual to download \u2014 this was because your iOS device was switching file systems. On a Mac with potentially hundreds of gigabytes of data, this process may take a long time. This also brings with it a big risk. High Sierra essentially\u00a0has to rip the carpet from underneath your data (without messing up a single bit), and\u00a0at the same time put a new carpet in place! If something goes wrong, you can imagine the catastrophic effects this can have on your data.<\/p>\n

Before upgrading to a new operating system,\u00a0especially before upgrading to High Sierra, make sure you have a backup of all your data<\/a>! Double check those backups and if there’s time left before dinner, triple check them. Apple stated that the High Sierra APFS upgrade is “nondestructive<\/a>,” but you’re always better off safe than sorry. Trust us! Backing up your Mac is\u00a0imperative. \ud83d\ude42<\/p>\n

There are also a few things to keep in mind if you share files<\/a> between multiple Macs\u00a0and\/or macOS\u00a0Servers.<\/p>\n

Intelligent Tracking Prevention<\/h3>\n

Apple’s Safari web browser now includes Intelligent Tracking Prevention, which uses machine learning to identify advertisers and others who track your online behavior, and is designed to remove the cross-site tracking data they leave behind. I mentioned this feature last week<\/a> when iOS 11 became capable of doing this, and now the Mac will have the same feature. For those of you who value browsing privacy, this is no doubt a welcome feature!<\/p>\n

TLS Connections<\/h3>\n

You use TLS connections countless times a day; for example,\u00a0when you connect to an https<\/strong>:\/\/ website, like that of your bank, or when you send and receive an iMessage, use VPN connections, File Transfers and with\u00a0many other applications. As the successor to SSL, TLS is more secure and is the current standard protocol that provides security and privacy on the web. To establish the trust between you and the server you connect with, TLS uses certificates to\u00a0prove that, for example, your bank’s website is indeed your bank’s website.<\/p>\n

High Sierra removes support for TLS connections using SHA-1 certificates. SHA-1 is a cryptographic hash function that is still widely used today, but no longer strong enough to provide the security as intended. SHA-1 has been on its way out for a while and Apple is urging<\/a> developers and website operators to move to the much more secure SHA-256.<\/p>\n

Before High Sierra, Safari would warn you when visiting a website that uses a SHA-1 certificate and a few hoops had to be jumped through to get such a website to load.<\/p>\n

\"TLS<\/a>
\nIn High Sierra, such connections will simply not work. This goes for websites, Mail, Calendar, VPN and other services.<\/p>\n

While a good step forward in security, you may want to check your Mail host, any websites you own or manage, and VPN services you use to make sure they\u00a0will\u00a0still work after upgrading to High Sierra.<\/p>\n

User Approved Kernel Extension Loading<\/h3>\n

Kernel Extensions (or kexts for short) are used to add functionality to the core part of the operating system. It allows an application to have additional code loaded by the OS when the computer starts up, which in turn can provide that software with more capabilities. A good example of software that uses Kernel Extensions is Mac antivirus software<\/a>. Unfortunately, malware can also install Kernel Extensions, which can allow it to intercept keystrokes and more.<\/p>\n

To get more control over what is allowed to install a kernel extension, High Sierra will warn you the first time if such an extension is about to be loaded. Unless you approve, a kernel extension will not\u00a0be allowed to load. This, in theory, means you can install your favorite antivirus application<\/a>, but malware on the other hand cannot install and run the components it requires to perform its malicious functions. Of course, it’s up to you and how carefully you’re paying attention to allow only software you truly use that will determine the effectiveness of this defensive mechanism.<\/p>\n

It’s also worth noting that\u00a0kernel extensions will not\u00a0require authorization under two circumstances:<\/p>\n

    \n
  1. If they are\u00a0on a\u00a0Mac before an\u00a0upgrade to macOS High Sierra.<\/li>\n
  2. If they are replacing previously approved extensions.<\/li>\n<\/ol>\n

    Firmware validation<\/h3>\n

    macOS High Sierra runs a check on your Mac’s firmware weekly to make sure it has not been tampered with, a new feature known as firmware validation. The check compares your Mac’s hardware ID against a database of firmware versions that should be installed on each model. If it’s different than what it should be, you get a warning.<\/p>\n

    \"Firmware<\/a><\/p>\n

    At this point, though, most people will likely never see this warning; however, if firmware changes are detected, you can send a report to Apple or Ignore. There are some firmware hacks out there that allow you to run High Sierra on unsupported hardware (both Hackintosh and real Macs alike), which will likely trigger this warning, but in those cases users can ignore it if they wish.<\/p>\n

    All in all, High Sierra promises to be a great update that\u00a0not only brings some shiny new features but lots of under the hood improvements. After backing up your data and making sure your hardware and software is compatible, we encourage\u00a0you to install the upgrade. (RELATED: How to Prepare Your Mac for macOS High Sierra<\/a>.)<\/strong><\/p>\n

    Before You Go…<\/h3>\n

    High Sierra will be the last macOS to run 32-Bit software. This not only means saying goodbye to QuickTime Player 7, Microsoft Office 2011<\/a> and Adobe CS 6, but also some of the older yet\u00a0still active malware out there that runs 32-Bit (yay!). The 64-Bit only change is a big one that should not be underestimated as it may impact your day to day activity significantly.<\/p>\n

    To see how much of your software still runs in 32-Bit, go to your Apple Menu<\/strong> > About this Mac<\/strong> > System Report<\/strong> and find “Applications<\/strong>” in the side bar. This may take a minute to load, but once the full list is presented, click the 64-Bit tab<\/strong> to sort all software by Yes or No.<\/p>\n

    \"\"<\/a><\/p>\n

    Everything listed as not being 64-bit will cease to function with the release of the next major OS update in 2018, so start preparing for that change soon. For now, all the software that worked on Sierra should continue to function in High Sierra.<\/p>\n

    If your hardware is up to the task and all the software you need is compatible, you are ready for macOS High Sierra! Let us know how the update went for you and what your thoughts on High Sierra in the comments below!<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

    Apple’s 13th\u00a0release of the modern UNIX based operating system, macOS High Sierra, has arrived! macOS High Sierra\u00a0introduces a slew of\u00a0new features and core technologies that improve salient functions of your Mac. There are several\u00a0new\u00a0security and privacy features\u00a0as well, which I\u00a0will cover in this article.\u00a0But before diving\u00a0into that, first a little bit about Apple’s naming scheme […]<\/p>\n","protected":false},"author":79,"featured_media":70603,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[7,151,13],"tags":[3652,106,319],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\t\n\t\n\t\n