Apple macOS Catalina: Plenty of new features and a spotlight on security

The current major release of macOS, Catalina was announced recently. As ever with Apple, the list of changes is very long and ranges from using an iPad as a second screen (SideKick) to the discontinuation of the iTunes app and new apps like ScreenTime, which are now also available for macOS as well as iOS. Not quite as glamorous, but just as relevant for macOS users are numerous changes and enhancements in terms of security. macOS is considered to be quite robust against classical attack vectors, not least because there are several factors that restrict how macOS flexible users can be in their software choices in comparison with Windows. The positive side effect is that the macOS security architecture is more resilient and less vulnerable to attack. macOS Catalina is now an entirely 64-bit operating system and can also be controlled by voice commands.

Here is a brief rundown of the most important new security features:

  • Catalina can now be run in a dedicated read-only volume. This means it is separated from all other data and cannot be overwritten by other processes.
  • DriverKit eliminates the need for hardware extensions to execute code in the macOS kernel. Drivers now run separated from the operating system like any other application.
  • Gatekeeper checks all applications for vulnerabilities before running them on macOS Catalina for the first time. While previous versions only checked the source of the app, the code is now verified.
  • As with other mobile operating systems, apps must now explicitly ask users for permission to access data in desktop, download and document folders. This also applies to iCloud Drive, folders from third-party iCloud storage providers, removable media and externally connected storage. Users must also give their OK before applications record keystrokes, take a screenshot, and make video recordings of the screen.
  • Mac devices with a T2 security chip now support Activation Lock. This means that a lost or stolen Mac can only be reactivated with the Apple ID credentials.
  • Thanks to the new FileProvider API, cloud storage providers can integrate their services into the Finder without a kernel extension. This means that providers like Dropbox can list their apps in the Mac App Store.

Apple's many changes and enhancements show how seriously the manufacturer from Cupertino takes security. New security updates have already been released since the official launch. Apple has also now opened its doors to some third-party developers when it comes to security. Although previously notorious for its restrictive developer access, Apple has been a reliable partner of NCP for years in the area of Virtual Private Network (VPN). This allowed NCP to present version 4.00 of the NCP macOS clients , which are compatible with macOS Catalina at the same time Apple launched the new version of macOS. The NCP macOS clients are certified by Apple and have been signed since version 4.0. As the new NCP macOS client is a 64-bit application, it is fully compatible with macOS Catalina.

The NCP Secure macOS Clients are highly secure communication software for use in any remote access VPN environment. They include an integrated dynamic personal firewall, data encryption, strong authentication (including fingerprint authentication), multi-certificate support and IKEv2 support with IKEv2 Redirect. The macOS keychain can also be used as a certificate store.

With its own efforts to make macOS as secure as possible right from the start, Apple sets a good example in an industry that takes a reactive approach to security far too often. Together with reliable, expert partners such as NCP, a Mac can become a highly secure computing device protected against the majority of attack vectors.