macOS High Sierra Automatically Performs Security Check on EFI Firmware Each Week

[Cougarcat]

Apple could easily charge more for macOS than Microsoft charge for Windows 10 as macOS is far superior and matured platform that has undergone many years of development whilst there has been little change in the GUI. Run OS X 10.4 Tiger alongside macOS High Sierra and the similarities are plain to see.
Apple have had no train wrecks as Microsoft did with Windows 8 as the macOS (OS X) interface has remained constant.

Equipment does not necessarily to be costly to run macOS that is merely a myth.

I don’t think you understand what I was responding to. I was responding to the assertion that the lack of upgradability and repairability creates demand for hackintoshes, and I replied that the cost of Apple hardware is also a significant (if not greater) factor, especially when their cheapest Mac is hopelessly outdated. If you want something <$1000 you either have to choose to be ripped off, or you build a hack.

Whether Apple chooses or not to release MacOS stand-alone is a different topic.

 

[techwarrior]

This was apparently introduced in 10.12.4 Betas, I have seen it pop up a few times in the last year. So, likely the impact won't differ from later versions of Sierra, it seems to just collect info and send it, but not stop the Mac from operating. Presumably, this informs Apple of the culprit and they contract the vendor. Probably to recommend driver\kext updates to properly support Apple standards. Perhaps the only difference is weekly runs vs just when you reboot.

In Beta releases, the DB of supported HW was not kept up as it is in GA versions, so it was not uncommon to see this warning.

 

[Marx55]

"Apple will then be able to analyze the data to determine whether it has been altered by malware or anything else".

Does it mean that such macOS High Sierra automatic checks of Mac's EFI firmware against Apple's database will detect any malware, or only the ones modifying EFI?

 

[leman]

Can anyone explain what the vulnerability is that is so great that every Mac in the world now has to report back to Apple weekly.

What are you talking about? Who says anything about "reporting back weekly"?

[doublepost=1506364553][/doublepost]

What threat exactly?

External hardware gets direct access to your PCI-E bus. This is exploitable.
[doublepost=1506364651][/doublepost]

Does it mean that such macOS High Sierra automatic checks of Mac's EFI firmware against Apple's database will detect any malware, or only the ones modifying EFI?

macOS already has a malware protection built in (has had it for years). This particular tool is checking for firmware modifications, if I understood it correctly.

 

[sd70mac]

I wonder how this will affect rEFInd. http://www.rodsbooks.com/refind/index.html

 

[zantafio]

It's been reported that a very loud "Fuuuuuuuuuuudge!!!" has been heard in the Fort Meade, Maryland area.

 

[BWhaler]

Smart. Well done Apple.

 

[tpham5919]

Thats what we love about Apple
Silently providing us goodies that other platform users can just dream of

Not sure if serious. Isn't it similar to secure boot in windows 8 and later?

 

[Vjosullivan]

What are you talking about? Who says anything about "reporting back weekly?"

From the original post, first sentence... "macOS High Sierra automatically checks a Mac's EFI firmware against Apple's database of "known good" data".

 

[Defthand]

This.

This is another example how MacOS is Apple’s best effort in the company’s history. It evolved from a hobbyist/ entertainment product to a serious tool (From playing Pong to delivering the first digital spreadsheet tool—that’s right, Excel wasn’t first). MacOs is the standard of excellence that veteran Fanboys compare the rest of Apple’s products and services to, and why we are irritated when those products don’t live up to expectations.

 

[leman]

From the original post, first sentence... "macOS High Sierra automatically checks a Mac's EFI firmware against Apple's database of "known good" data".

And what in this sentence suggest that it calls home?

 

[techwarrior]

And what in this sentence suggest that it calls home?

User's choice. The FW check will run weekly (presumably also following reboot). If an anomaly is detected, the user has the choice to send a report to Apple.

My guess is, a developer's certificate would be on file and cross reference to the report. Apple would presumably contact the dev and request that they modify the software to comply with their security standards, and revoke the dev's certificates if they refuse.

Best to keep Gatekeeper enabled and only install exceptions from developers with a good reputation just to be on the safe side.

 

[leman]

User's choice. The FW check will run weekly (presumably also following reboot). If an anomaly is detected, the user has the choice to send a report to Apple.

Thats beside the point. I was responding to @Vjosullivan who is claiming that this feature will automatically report the computer configuration to Apple on regular basis. Which is obviously in contrary to Apple's description of the feature.

(BTW, there is no such thing as "report to dev" here — there eis no third-party firmware on a Mac. I think you are conflating the new firmware check and the already existing malware scanner).

 

[dlopan]

Exactly! That's precisely what I would be worried about - well, if I had a Hackintosh. If Apple is willing to go as far as checking for a legitimate EFI, they may very well be willing to kill Hackintoshes to try to increase sales of legitimate Macs. Though, if they go that far, I think most Hackintoshers will go to Linux.

As it is, I'm already preparing to switch to Linux. I looked into making a Hackintosh over a year ago, and it just looks like a lot more work than it was worth, both in setup and maintenance. There are a lot of different hacks that you have to do, and the part selection is pretty limited - you have to check tonymacx86.com for part compatibility. Linux doesn't have quite the same level of hardware compatibility as Windows, but it does much better than MacOS in that department. I expect that that's at least partly due to the fact that unlike MacOS, installing Linux on "PC hardware" doesn't violate a EULA.

What I like about Linux is that it combines some of the strengths of MacOS and Windows. Like MacOS, it's pretty secure and (as far as I know) is only susceptible to Trojans & it has a similar Unix-like foundation - in fact, it was actually created for the purpose of serving as an open-source alternative to Unix. On the other hand, Linux has a much larger part selection than MacOS, which makes it more like Windows.

I don't have a hackintosh but with Apple getting rid of time machine server I think it's time to switch to Linux if possible. I need to backup multiple Macs in a similar way of time machine. High Sierra worked fine but server 5.4 is a disaster as is usual with Apple wanting to get rid of something.

 

[Aetles]

Spoken like a government. This is probably not to fight malware but to fight hackintoshs.

Take off your tin foil hat and read something about EFI hacks, like for instance An alarming number of Macs remain vulnerable to stealthy firmware hacks. The threat is real and once the EFI is hacked it is difficult or even impossible to detect. Therefore an outside integrity check performed regularly is a good thing. They are not always out to get you.

 

[coolfactor]

That alert doesn't give me much confidence. It doesn't indicate what issued the alert. It looks fairly generic. Is this really a feature of High Sierra?

I updated to High Sierra last night on my 2013 MacBook Air, and other than a problem during the initial re-boot where my iCloud sign-in seemed to be stuck, everything is running great and SO smooth and fast.

A hard reboot fixed that initial boot-up problem, luckily.

 

[styk]

I don't have a hackintosh but with Apple getting rid of time machine server I think it's time to switch to Linux if possible. I need to backup multiple Macs in a similar way of time machine. High Sierra worked fine but server 5.4 is a disaster as is usual with Apple wanting to get rid of something.

If your gripe is time machine server being removed in High Sierra server, consider getting a NAS with that function built in. I have a Synology 4 drive box which acts as a storage server as well as a Time Machine server. I am backing up 4 Macs with High Sierra on them with this setup.

 

[Swift]

Huh, I wonder what this will mean for Hackintosh?

Nothing. The only thing they did was sue a COMPANY that was making Hackintoshes. The judge agreed. It's nothing against hobbyists. If that dialogue shows up on your machine, choose not to send the info to Apple. It's not there for Hackintoshes, which have different firmware etc. entirely. It's for Macs, which, for some reason that Apple can't make out, hasn't been installing firmware on updates. If you have a real Mac, you want the information to go to Apple, so they can be aware of some nasty things that have popped up, and make sure they're fixed. Thunderbolt, keyboards, there are firmware hacks. On non-Mac hardware, the same kind of hacks often exist, but the hacks are different. There you're on your own. But Apple is not going to make things crash and brick on you. It's not a significant business for them. <1%, I'd imagine. Why have the bad publicity of screwing up guys who are devoted to making Hackintoshes?

 

[Dr.SL]

The database's library will be automatically and silently updated so long as security updates are turned on.

Security updates turned on, where is such setting?

 

[Msivyparrot]

Yes...where is the security setting???