Google hopes to sniff out OS X badware Google's Macintosh Operations Team has quietly been working on a whitelisting application for OS X . Code-named Santa, the software (currently described as pre-1.0) has an SQLite database holding a list of permitted and blocked applications; a userland daemon to check the database; a kernel extension to monitor for executions …
Yes.
But it does have some advantages over XProtect.
For example (and watch the downvotes now!), Apple often seem led by PR and marketing. Even in the face of uncontestable facts, they will often be slow to react "correctly". Many feel that this is because Apple are more concerned with their image than they are with, well, anything else.
Hence quite some time of "you're holding it wrong", or "maps work fine for us!", when the rest of the world is less than happy.
In security terms, that means that sometimes Apple has been well aware of an issue, but been a bit slow to send out an XProtect signature - often taking days.
So I'd guess that this is being done simply because Google wants to be able to secure its Apple clients on its own timescale, not on Apple's.
They might also want to secure some areas a bit more than XProtect can. XProtect only stops known threats that Apple recognises as threats. If Google decides to make a subset of machines more secure by locking down what can be run on them - possibly to meet some government or industry standard when working on a project - this tool would be very useful.
Apple often seem led by PR and marketing. Even in the face of uncontestable facts, they will often be slow to react "correctly"
That may be the case, although I've not seen real evidence of that. What I have seen is that their fixes work. Over the years there have been very few fixes that had to be "unfixed" later because they broke other things - there seems to be more thought and less blind panic in their approach to fix reported issues.
My problem is that Google has proven itself to be substantially untrustworthy when it comes to privacy, so I am *extremely* wary of installing anything of a company I feel I cannot trust. What if Google discovers a vulnerability to happens to assist them with the sort of data slurping Microsoft can only dream about? As this is by its very nature low level, what stops Google from turning it gradually into a spy system (of course, that will be sold as "helping" users)?
So thanks, but no thanks. It's not like they have a great track record when it comes to volume security: Google's Android has already shown they haven't got the faintest clue.
Huh. Interesting, might be a useful bit of kit once they polish it up to 1.0 release.
But, do the tools at Objective-See cover this territory already? Maybe not in one single tool, though. I'm thinking of Ostiarius, Block Block and Knock Knock.
Nice to see that more people are paying attention to MacOS security. That's a good thing. :)
Ford has invented a machine called a 'car', to replace your horse and cart!
Really El Reg, this is not news. Google has been working on this for a number of years, as you can see from the git project check-in dates. They also did a presentation with Q&A on how they manage their own Mac estate, which included this tool, amongst others and freely available for all to watch. The presentation can be seen here:
https://www.usenix.org/conference/lisa13/managing-macs-google-scale
Well when Google has a fleet of over 42,000 Mac's deployed this makes sense. I wonder if any of the other companies with large scale Mac deployments will be itching to use this tool, Facebook have over 13,000 Macs, and IBM have more than 50,000 . I only have a few hundred Mac's deployed, but i will watching this one with interest.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
