Hacker News new | past | comments | ask | show | jobs | submit login

> they can simply turn off the security model or adjust it.

I'd very much like to know what this involves. I'll feel better knowing how it can be done. If you have a link that would be great!




There are multiple ways and levels. The easiest is gatekeeper, which lives in the security settings. Next is SIP, which is a deeper layer (also PKI based) which cannot be changed while booted (which is a very good security model). You can only change this preboot or in the recovery environment. At that point, you may choose to disable SIP completely, or just parts of it (done using the csrutil). For an easier preboot option, you can use something like rEFInd/rEFIt to do this whenever you feel like it from a small preboot application.

Security-wise, that can be problematic, and I suggest you turn on EFI password authentication so it's not something everyone can do to your machine. This means you can still change the SIP settings on-demand per boot using a USB stick with rEFInd on it, but doing that requires you to chain boot off of that USB drive and doing that triggers EFI protection and requires a password before you can do that. Normal boot would not require a password and lets you use the system as-is.


Google for macOS gatekeeper


DuckDuckGo is a better option with regards to privacy ;).

Since this is a topic on VPN software.


Oh, if disabling Gatekeeper is all it takes, then cool. I was worried there was some new system...




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: