[mike_hearn]

Probably not 99%, no. It may be worth noting that macOS doesn't have these issues. The password manager doesn't run as the user, and entries in it have ACLs that restrict which apps can read them. In turn that's enforced by the kernel: apps can't ptrace each other and they can't tamper with each other's files. Browsers, meanwhile, encrypt the cookie store using a key stored in the keychain, so you can't read the user's cookies either.

All this is true without app sandboxing being activated. Apps that are sandboxed get even more protections.

Apple have done the best job of incrementally isolating apps from each other using different levels of sandboxing. Linux and Windows are far behind even with Flatpak. For example, we tell people who use Conveyor (our product for deploying desktop apps [1]) that one of the most secure platforms to do signing on is a Mac laptop, because the signing keys can be protected such that only Conveyor itself can read them. Even if you execute malware, it would trigger a permission prompt if it tried to access the signing keys, and then the process doing the signing is also protected in the same way. To get the same effect on Linux you'd need to set up dedicated UNIX users and the like.

Maybe I should write up a blog post on this stuff. Apple tighten things incrementally with each major release and don't make much noise about it, so I've found a lot of people aren't aware of how advanced their security has actually become.

[1] https://hydraulic.dev/

[mcdonje]

>Maybe I should write up a blog post on this stuff.

Please do. And post it to HN. It could inspire some distro maintainers.

[mistrial9]

security so advanced that an individual software author cannot write a small MacOSX app, add an About box and cool icon, and distribute it themselves, as they choose?

[mike_hearn]

Assuming by "as they choose" you mean without buying a Developer ID then yes, they can do these things. In fact if you don't supply signing certificates Conveyor will self-sign your app and produce an HTML download page with instructions telling the user how to bypass GateKeeper. It'll also generate a `curl | bash` one liner to install it from the terminal. Obviously, this isn't meant for consumer software. Really you shouldn't bypass GateKeeper even if you're a pro level developer, although of course in reality we all do it.

I too used to be maximally skeptical about this stuff. I saw what Apple did with iOS and like so many others saw the writing on the wall. But it's been 15 years now and you can still distribute and run unsigned Mac software if you want to. Developer ID/notarization remains very different to app review. App sandboxing remains optional. You can still get root if you want, both the default de-privileged version and the full fat version (by disabling SIP).

In the end the wall writing existed only in our minds. Apple have never closed the macOS platform like with iOS, and honestly I see no sign they ever will.

[mistrial9]

this is great to hear, thank you for posting a current overview

[NavinF]

Why troll? Nothing stops you from distributing a .app from your website

[mistrial9]

`$xattr -d com.apple.quarantine /path/to/file`