[tokamak-teapot]

More of this could be great for corporate machines. Currently they are often bogged down with poorly behaving third party security software, some of which causes real problems for users, which could be lessened if some of that software could be replaced with better behaving OS capabilities.

Windows Defender (or whatever it’s called) looked like it might help similarly on Windows, but I haven’t seen it being used that way. It looks to me like the third parties keep looking for new features they can advertise, knowing that corporate InfoSec will mandate support for them quickly, and that an OS-provided solution isn’t sold in the same way, so will be deemed unsuitable.

Anyone feel more optimistic?

[drewg123]

If you read the darwin-kernel mailing list archives from 10-15 years ago, some of the most ignorant questions were from AV vendors. (like: "why does my system deadlock when I stop the entire kernel waiting for a userspace helper ..") They seemed so horrifically incompetent that I resolved to never run any 3rd party AV software on any machine I control.

[cpach]

“They seemed so horrifically incompetent that I resolved to never run any 3rd party AV software on any machine I control.”

Good call. There has been too many awful products in that space.

[lloeki]

Scenario 1: corp buys into Apple's protection, gets rid of (most) third party software

Scenario 2: corp keeps third party software, which bangs its head against Apple's protection which prevents such god processes to access information, thus corp disables Apple's protection and keeps using third party software.

[derefr]

Scenario 3: Apple treats third-party software that "bangs its head against Apple's protection" as malware, force-disabling it; mandates all third-party software to be rewritten to just use control APIs for Apple's internal protection mechanism.

(Compare/contrast: Hypervisor.framework)

[kaba0]

For what it's worth, most if not all "anti-virus" software that corps buy are borderline malware themselves and doesn't worth shit. The reason they even exist is that corps get to tick "security" on some bullshit bureaucracy check list. One reason I prefer Macs on company laptops is that corp doesn't get to modify it all that much.

[olyjohn]

Yeah the compliance is the same whether you use Windows, Mac or Linux. We run Microsoft Defender on our Macs. And have JAMF, and Beyond Trust. All the same shitty corp management software works on Macs now because they are popular in the workplace. If your corp isn't managing them the same as Windows, they either have no third party security audits, or your company is not compliant.

[AaronM]

PCI compliance mandates virus/ malware protection, so many orgs that handle card data are forced to run it.

[GeekyBear]

We've certainly seen Windows Defender delete software like uTorrent without any input from the system Administrator.

[greggsy]

This is exactly how Symantec operated under Windows 7, which required you to disable a key security feature at boot. Not sure if it’s still a thing.

[ec109685]

Apple’s software will never support DLP and other invasive Corp spyware so I think there will always unfortunately be a need for the latter.

E.g. https://www.bloomberg.com/news/features/2023-05-11/the-plot-...

[g42gregory]

Hopefully Scenario 3a: corp realized that they don't really need Apple OS and move to Linux instead.

[greggsy]

IMO this is pulling the OS closer towards a more trusted platform model that mobile devices have been afforded through years of incremental refinement of corporate MDM solutions.

[ChrisMarshallNY]

I would hope so.

We used to write image processing pipelines.

This is code that really needs to run fast.

We spent a huge amount of time tuning, analyzing, and re-tuning the software.

Our IT group was completely focused on office workers, and would force us to install their spyware on our test machines.

It was not a good fit.

[bluedino]

3rd party software checks the security and regulatory teams boxes, so no matter how bad they are, they won't be going away anytime soon.

[iancarroll]

I have seen companies pass audits with just XProtect, but I think it highly depends on your auditor and the wording you use to justify it.

[Unfrozen0688]

>Windows Defender (or whatever it’s called) looked like it might help similarly on Windows, but I haven’t seen it being used that way.

It is more and more, but you need the expensive Microsoft 365 license to use the web portal for it for, key word, MANAGEMENT.

You want to be able to scan computers, lock them out of all network access besides the AV management, block usb/peripherals etc etc when an attack happens.

You DONT want to just let it run headless.