hit
counter

Recently, I noted a couple of new kinds of tools that would be available for macOS that go beyond Apple’s built-in support to block malicious activity and protect your files. Since then, I’ve tested one of the packages extensively, Little Flocker, and am taking a delighted hard look at another, BlockBlock.

Apple errs on the side of reducing problems for the majority of its customers, who don’t want to manage a computer: they want to use it. For instance, across several releases of Mac OS X, Apple had a series of three radio buttons in the Security & Privacy system preference pane that control which apps could launch by default. You could limit to App Store apps only, good for inexperienced users, kids, and perhaps parents; App Store and Identified Developers, which added software that had a registered Apple developer attached who had used Apple’s processes to sign the app cryptographically to show it hadn’t been tampered with and identify its origins; and Anywhere, which allowed all unsigned software to run.

In macOS Sierra, Apple removed Anywhere from the list. You can still select an app and right-click, and then click Open, get a warning, and click to bypass it. But for average users who don’t know that workaround, this prevents them accidentally installing software of unknown provenance.

Does it take some control away from a user? Yes. Does it enhance security overall for many users? Also, yes.

Little Flocker and BlockBlock go far beyond that, but anyone reading this column likely wants more assurances about what’s running on their Mac than what Apple provides and controls, especially if you need to install unsigned software, as I do. Some programmers find Apple’s oversight and control insufferable, or prefer to not pay the $99 a year membership fee and hop thru the hoops.

A pun with a purpose

I described Little Flocker in a previous column, noted above, at which point the software was still in its alpha stage of development, and I was too nervous to run it routinely. As it went into beta and now into version 1.0, I’ve been running it full time on my main office Mac (which I updated to Sierra just before Apple dropped the official release), and providing feedback to its developer, security expert Jonathan Zdziarski. (He’s been a guest on the Macworld podcast and we plan to invite him back soon.)

Little Flocker is to apps opening files what the network-watching utility Little Snitch (from Objective Development) is to apps accessing the local network and the Internet. Now that I’ve used its stable 1.0 version for a while, I can more generally recommend it to those willing to go through the training stage and learning curve. (It’s just $10 for five-computer personal license and $20 for a single-computer business license.)

The app isn’t designed like anti-malware software to prevent ransomware and other local-file manipulating horrors from infecting your computer. There are so many potential vectors for that, and the barn door is always shut after the cow is out. Instead, it restricts apps to modifying only specific file paths, or accessing particular extension types (like .mp3).