Back in 2016, security researcher and developer Jonathan Zdziarski released a tool called Little Flocker that could protect Macs at the file level. Much as a firewall analyzes and blocks network traffic, Little Flocker locked down the file system and allowed only authorized applications access to only approved files.
Little Flocker was too complex to manage for average users, but it quickly became a darling among Mac security experts.
[…]
When Zdziarski took a job at Apple in 2017, he sold Little Flocker to the security vendor F-Secure, which released it as Xfence. Zdziarski’s job change started the clock ticking on when we might see similar capabilities built into macOS. With macOS 10.14 Mojave, Apple has added file-level protections, plus some additional security enhancements. And you know what? Mojave is running into the same usability issues that users of Little Flocker endured.
I had never heard of this functionality. It seems like one of those things particularly Apple ought to be good at to integrate in a user-friendly manner.
“I had never heard of this functionality. It seems like one of those things particularly Apple ought to be good at to integrate in a user-friendly manner.”
Apple is awesome at limiting, downgrading and simplifying.
But per-file firewall is as simple as it gets if it’s to be usable. It’s basically hard problem to solve, nothing like the stuff Apple is famous for.
I doubt it. Whatever your security model is, it basically exists on a line:
One the left side is effectiveness, and the right side is convenience. Any security model exists on that line somewhere. The more convenient, the less effective, and vice-versa.
Creating an effective security model that is also convenient, I think, is something that simply wont happen. I think the two qualities are mutually exclusive.
There’s a difference between a general rule like that and special cases.
For example, a game can be pretty effective without access to the filesystem outside its little sandbox and an office suite can be pretty effective if you add something like Android Intents or Flatpak Portals to offload the file picker to trusted code.
Just generally applying the rule could lead you to the conclusions that Windows is less effective for end users than DOS because applications can’t do raw hardware manipulation.
Conversely, it’s a lot more involved and inconvenient to retrofit protections onto a DOS application which wasn’t designed with them in mind.
Edited 2018-09-13 02:02 UTC