I’ve had a few corporate MacBooks sent to me by clients for security testing and they always seem much slower than my own. It’s normally down to security tooling they install on them.
Careful, your homedir has a CloudStorage folder and if you are using, say, Dropbox or Google Drive then that find will be incredibly slow (in addition to security software possibly slowing it down).
On the one hand, a lot of security software is poorly written, eats resources like it's Chrome, and introduces all kinds of microstutters through (exclusive) locks all over the place.
On the other hand, many operating systems don't provide a (reliable) API to design decent security software against. Log collection is all over the place, even on Windows, which traditionally had Event Log as a well concentrated logging destination. There's no way to write good security software for an operating system that's written without security software in mind.
If I were handling important secrets, I wouldn't want a fleet of machines out there with just the basic antivirus that came preinstalled with the OS (if it came with one at all). On the other hand, so many pieces of "enterprise" security management are absolutely terrible, and require one (or more) full-time employee(s) to constantly configure them, communicate with users, and solve problems, just to keep software in check.
I think both operating systems and security management software need to listen to each other, and change. Operating systems need to be written with security stuff in mind, and security software needs to focus on a good user experience rather collecting than shiny buzzwords to sell to management.
> Operating systems need to be written with security stuff in mind, and security software needs to focus on a good user experience rather collecting than shiny buzzwords to sell to management.
They won't because by the time the users get fed the "food" the contract is long since signed and valid for a few years, and the competition isn't better so even if management could be arsed to vote with their wallet, they couldn't.
Is there an actual term for "the entire industry is bullshit, but can get away with it because the cost to entry is so high that new, less bullshit competitors can't even enter the industry"?
Yeah. At my previous job we had all kinds of JAMF management software and Crowdstrike (??) and it was a massive performance killer.
Particularly, it seemed to be configured to scan every file on disk access, which was a performance nightmare for things like that involved "accessing lots of files" like Git on our large repo. Spotlight indexing seemed to cause some pretty big random lag spikes as well.
My personal MacBook Pro (m1 pro) feels (and benchmarks) far faster than my work M1 Max which has cylance and Jamf on it.
Recently it has had a cpu core dedicated to `find / -iname log4j-core*` which has a very unreasonable impact on everything else on the machine.