Checklist 07: New Security Features in macOS Sierra
- Using your Apple Watch to Auto-Unlock your Mac.
- Gatekeeper Improvements.
- Security patches galore!
- Say goodbye to Flash, and say hello to HTML5.
- A new file system, coming soon to an OS near you!
On today’s episode, we’re talking about the latest version of Apple’s desktop operating system, the newly rebranded macOS Sierra. Aside from the new name, which officially retires the OS X moniker, Sierra brings a few major tentpole features to the Mac for the first time, including Siri, the option to copy and paste between macOS and iOS, and more.
If you’re a fan of all things Apple, chances are you’ve already heard about those features and started playing around with them. Today, we’re going to be focusing on another aspect of macOS Sierra by looking at some of the security features. Most of these aren’t that obvious and occur sort of behind the scenes at the operating system level, the app level, or even the backend level. With that said, these features are important ones and are worth knowing about if you will be using macOS Sierra for the next year.
We start unlocking all of these mysteries with Auto Unlock.
Using your Apple Watch to Auto-Unlock your Mac. The very first security feature we want to talk about is related to one of the big tentpole features of macOS Sierra, and that’s the Auto Unlock feature. Essentially, Auto Unlock makes it possible for a customer with an Apple Watch to unlock their Mac automatically when they are in range.
So, instead of having to enter a password on your MacBook, you could just sit down in front of the computer with your Apple Watch on your wrist and have it unlock. When you walk away, the Mac also automatically locks itself.
Obviously, this is a pretty cool feature that feels almost like something out of a futuristic science fiction movie. This feature is something that tech companies have been trying to do for years, and Apple’s knocked it out of the park with a seamless design. It’s also maybe the most effective promotional strategy that Apple has had for the Apple Watch yet.
With all of that said, for some users, Auto Unlock will raise a few questions about security. When you enable your Apple Watch to unlock your Mac, you are fundamentally setting up two-factor authentication on both the Mac and the Watch, which makes it possible for the Watch to unlock the Mac. This setup creates a couple of different security concerns.
The first, of course, is what happens if you misplace your Apple Watch. When your watch is missing, there’s essentially a key to your computer and all of your files out there, and you don’t know where it is. In that kind of situation, you are going to want to disable the two-factor authentication on your Mac, so that the watch can’t unlock it. That way, you at least protect your files and data until you find your Apple Watch.
The second concern is about range. How far away from your computer do you have to be for the Apple Watch to unlock it? What is the range or the tolerance like there? Ideally, for security, your computer will stay locked until you are right in front of it. Most Apple Watch users report that the watch will unlock your Mac when you are within about a meter of it. Still, it’s good to test that range to make sure you are secure.
The bottom line is this: the Apple Watch and the two-factor authentication of the Auto Unlock feature can be as secure as any good password and twice as convenient. Using this feature, though, requires some extra responsibility.
Gatekeeper Improvements. Another major security update with macOS Sierra is an upgraded Gatekeeper. Gatekeeper’s job in the Mac operating system is to review applications, ensure they’ve been signed with a certificate, and make sure they haven’t been tampered with. Gatekeeper has been around since the Mountain Lion days and is mainly there as a last protection against potentially malicious applications. If you’ve ever gotten the “are you sure you want to open this application” message, that’s a Gatekeeper feature.
There are two main features with Gatekeeper in macOS Sierra, one of which is visible and one of which is more in the backend. The first is that, when you go in to change your Security & Privacy settings, you will only be able to allow apps downloaded from the Mac App Store or the Mac App Store and identified developers.” There used to be a third option in there to enable apps downloaded from anywhere. You can still use apps from unidentified developers if you want to—you just have to right click the app and click “Open.” However, you can’t permit these apps universally anymore: you have to open them manually.
The hidden feature, meanwhile, makes it more difficult for rogue apps to pose as others so that users open them. If you do decide to install an unsigned app, Gatekeeper will choose a random location on the drive to install it. It won’t actually be stored in the Applications folder, with other signed apps. As a result, malicious apps won’t be able to repackage themselves as other applications. Since they aren’t stored alongside other apps, unsigned apps won’t be able to access the resources of those apps either. Gatekeeper strips them of their possible disguises.
Security patches galore! We would be remiss if we didn’t at least mention all of the security patches and fixes that Apple has included with the new macOS Sierra. As you probably know if you follow this podcast, every Apple update comes with relevant security content. You might get new features every year or so with the big updates from one OS installment to the next, but most of the updates in between are important largely for security purposes.
In addition to bringing new features to the table, macOS Sierra also included a ton of patches for known security vulnerabilities—65, to be exact. These probably aren’t as exciting as using Siri on your Mac for the first time or trying the Auto Unlock feature, but they are just as important. Most of them fix issues that would allow attackers to run arbitrary executables, which can bring your Mac to its knees when carefully exploited.
So if you aren’t too jazzed about any of the big tentpole features of macOS Sierra and are on the fence about taking the time to update, at least do it for the added under-the-hood security. It could save you a lot of headaches down the road.
Say goodbye to Flash, and say hello to HTML5. One major new security feature that Apple is pushing right now has more to do with Safari than macOS Sierra itself. Still, these updates came out at the same time, and if you use Safari, you will see this feature. It’s also a pretty good argument for using Safari if you are someone who has installed other web browsers on your computer.
We’re talking about the fact that, with macOS Sierra and the latest version of Safari, Apple is taking a hard stance against Flash in favor of the more secure HTML5. In the past, Safari has communicated between websites and the user’s computer about the availability of different plugins. Most websites can present video content with either Flash or HTML5 but tend to default to Flash if the plugin is available.
Now, Safari won’t tell websites if users have the Flash plugin installed. In other words, Apple is trying to force sites to default to HTML5 with video and rich media content, instead of defaulting to the less secure Flash. You will still be able to use Flash—particularly on sites that don’t offer HTML5—but Safari is definitely trying to kill the reliance that websites have on the Flash plugin.
A new file system, coming soon to an OS near you! The last security update we want to talk about actually was not a part of the macOS Sierra 10.12 operating system download that Apple released to end users last month, and that’s the new Apple File System or APFS.
Apple has said that it plans to release the APFS update in 2017, with a later version of macOS Sierra. It’s been described as a “modern file system” and will be released across all Apple hardware and operating systems. In other words, the new file system is coming for macOS, iOs, tvOS, and watchOS.
We’ll learn more about APFS as it approaches, but the new file system actually was featured in developer beta of macOS Sierra released this past summer, so we at least know a few things about it. Regarding security, the significant feature of APFS is that it will use integrated encryption. This encryption will be a good deal faster, stronger, and more efficient than what OS X offered in the form of FileVault.
The new file system is also going to include faster file and drive cloning, quicker and better Time Machine or iCloud backups, more efficient allocation of disk space (including space sharing), more precise time stamping on files and more. All told, there are a lot of intriguing features and characteristics about APFS to anticipate. We don’t know when in 2017 the file system will make its debut with end users, but it does sound like Apple is planning to roll out APFS before we get to next fall and the next major update to macOS.
That wraps up this week’s episode! If you haven’t yet updated to macOS Sierra, hopefully all of the new security features and improvements will be enough to make it your top priority this month!