View Single Post
  #1 (permalink)  
Old October 13th, 2021
Lord of the Rings's Avatar
Lord of the Rings Lord of the Rings is offline
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 536
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default MacOS security - Using legacy apps on Mac OS

First and foremost you will need to make a temporary System Preferences adjustment to download apps from anywhere: How to Allow Apps from Anywhere in macOS Gatekeeper (Big Sur, Catalina, Mojave, Sierra, High Sierra)

(This above step might need to be repeated depending on how much time has elapsed between downloading, installing and trying to open the app. I think the period is 20 minutes but might be less.)
After this you may wish to scroll down to the Open a Mac app from an unidentified developer paragraph half or (Big Sur) 2/3 way down this page.


Safely open apps on your Mac
Published Date: May 12, 2021
Published by Apple Support (their pages have a history of vanishing over time)


macOS includes a technology called Gatekeeper that's designed to ensure that only trusted software runs on your Mac.

The safest place to get apps for your Mac is the App Store. Apple reviews each app in the App Store before it’s accepted and signs it to ensure that it hasn’t been tampered with or altered. If there’s ever a problem with an app, Apple can quickly remove it from the store.

If you download and install apps from the Internet or directly from a developer, macOS continues to protect your Mac. When you install Mac apps, plug-ins and installer packages from outside the App Store, macOS checks the Developer ID signature to verify that the software is from an identified developer and that it has not been altered. By default, macOS Catalina and later also requires software to be notarised, so you can be confident that the software you run on your Mac doesn't contain known malware. Before opening downloaded software for the first time, macOS requests your approval to make sure you aren’t misled into running software you didn’t expect.

Running software that hasn’t been signed and notarised may expose your computer and personal information to malware that can harm your Mac or compromise your privacy.

The warning messages displayed below are examples, and it's possible that you could see a similar message that isn't displayed here. Please take caution if you choose to install any software for which your Mac displays an alert.

View the app security settings on your Mac

By default, the security and privacy preferences of your Mac are set to allow apps from the App Store and identified developers. For additional security, you can choose to only allow apps from the App Store.

In System Preferences, click Security & Privacy, then click General. Click the lock and enter your password to make changes. Select App Store under the header “Allow apps downloaded from.”

MacOS security - Using legacy apps on Mac OS-macos-big-sur-system-prefs-security-general-allow-app-store-dark2.png

Security preferences window with Allow apps downloaded from: App Store selected

Open a developer-signed or notarised app

If your Mac is set to allow apps from the App Store and identified developers, the first time that you launch a new app, your Mac asks if you’re sure you want to open it.

An app that has been notarised by Apple indicates that Apple checked it for malicious software and none was detected.

MacOS security - Using legacy apps on Mac OS-macos-big-sur-alert-app-checked.png

If you see a warning message and can’t install an app

If you have set your Mac to only allow apps from the App Store and you try to install an app from elsewhere, your Mac will say that the app can't be opened because it was not downloaded from the App Store.*

MacOS security - Using legacy apps on Mac OS-macos-big-sur-alert-not-app-store.png

macOS alert window: App can't be opened because it was not downloaded from the App Store.

If your Mac is set to allow apps from the App Store and identified developers, and you try to install an app that isn’t signed by an identified developer and — in macOS Catalina and later — notarised by Apple, you also see a warning that the app cannot be opened.

MacOS security - Using legacy apps on Mac OS-macos-big-sur-alert-unverified-developer.png

macOS alert window: App cannot be opened because the developer cannot be verified.

If you see this warning, it means that the app was not notarised, and Apple could not scan the app for known malicious software.

You may want to look for an updated version of the app in the App Store or look for an alternative app.

If macOS detects a malicious app

If macOS detects that software has malicious content or its authorisation has been revoked for any reason, your Mac will notify you that the app will damage your computer. You should move this app to the Trash and check "Report malware to Apple to protect other users",

MacOS security - Using legacy apps on Mac OS-macos-big-sur-alert-malicious-app.png

If you want to open an app that hasn’t been notarised or is from an unidentified developer *

Running software that hasn’t been signed and notarised may expose your computer and personal information to malware that can harm your Mac or compromise your privacy. If you’re certain that an app you want to install is from a trustworthy source and hasn’t been tampered with, you can temporarily override your Mac security settings to open it.

If you still want to open an app for which the developer cannot be verified, open System Preferences.*

Click image for larger version

Name:	macos-big-sur-alert-unverified-developer.png
Views:	13
Size:	17.0 KB
ID:	7046

Go to Security & Privacy. Click the Open Anyway button in the General pane to confirm your intent to open or install the app.

MacOS security - Using legacy apps on Mac OS-macos-big-sur-system-prefs-security-general-open-anyway2.png

The warning prompt reappears, and if you're absolutely sure that you want to open the app anyway, you can click Open.

MacOS security - Using legacy apps on Mac OS-macos-big-sur-alert-bypass-unsigned-app.png

The app is now saved as an exception to your security settings, and you can open it in the future by double-clicking it, just as you can any authorised app.

Privacy protections

macOS has been designed to keep users and their data safe while respecting their privacy.

Gatekeeper performs online checks to verify if an app contains known malware and whether the developer’s signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.

Notarisation checks if the app contains known malware using an encrypted connection that is resilient to server failures.

These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.

In addition, over the the next year we will introduce several changes to our security checks:
  • A new encrypted protocol for Developer ID certificate revocation checks
  • Strong protections against server failure
  • A new preference for users to opt out of these security protections

* If you're prompted to open the app in Finder and you're sure that you want to open it despite the warning, you can control-click the app, choose Open from the menu, and then click Open in the dialogue that appears. Enter your admin name and password to open the app.


* Open a Mac app from an unidentified developer - macOS Big Sur 11.0

If you try to open an app that isn’t registered with Apple by an identified developer, you get a warning dialogue. This doesn’t necessarily mean that something’s wrong with the app. For example, some apps were written before developer ID registration began. However, the app has not been reviewed, and macOS can’t check whether the app has been modified or broken since it was released.

To override your security settings and open the app anyway follow these steps:

1. In the Finder on your Mac, locate the app you want to open.

Don’t use Launchpad to do this. Launchpad doesn’t allow you to access the shortcut menu.

2. Control-click the app icon, then choose Open from the shortcut menu.

3. Click Open.

The app is saved as an exception to your security settings, and you can open it in the future by double-clicking it just as you can any registered app.

Note: You can also grant an exception for a blocked app by clicking the Open Anyway button in the General pane of Security & Privacy preferences. This button is available for about an hour after you try to open the app.

To change these preferences on your Mac, choose Apple menu > System Preferences, click Security & Privacy, then click General.

- Alternative: For those who are familiar with using Terminal, you can add an app to the Gatekeeper exemptions list prior to opening for the first time by using the following command (simply change the MyApp to whichever one you have installed):
Code:
spctl --add /Applications/MyApp.app
Code:
example:
spctl --add /Applications/WireShare.app
Then simply type in your password (note: you will not see anything typed) then press enter on keyboard.

- You might (I don't know) also need to make exemption for any actual installers or DMG's (Disk Image file.)
Code:
example: spctl --add ~/Downloads/WireShareOSX-v5.6.6.dmg
* Further information about enabling Mac OS to download (from 3rd party sites), install and open older apps can be found as PDFs here.


Firewall and modem-router considerations

After actually installing your application, you will obtain the best performance from the application if you do the following:
  • Add the application to the Mac OS firewall exceptions. Old instructions but same principle here.

  • If the application supports UPnP, ensure both the application's UPnP is enabled and ensure UPnP is enabled on your modem-router (UPnP is disabled by default on some models of modem-router.) UPnP can sometimes take a little while to kick into action.

  • If UPnP is either not an option or is not reliable, consider either forwarding a port or using port triggering which is a similar concept. If the application supports UPnP, you can potentially leave the app set to use UPnP and utilize that same port in the port forward/triggering procedure. Even port forwarding can sometimes take up to a minute to kick into action but is overall more reliable than using UPnP which can potentially fail mid-session during particularly long sessions.
    Steps (1) Setting a Static internal LAN IP Address (this step needs to be be done first before opening a port.) (2) Open Ports on Your Router (Using LimeWire as an example.) (3) Within the application you are using find the settings and connection section. For WireShare it is Advanced tab, then Listening Ports. Choose the identical port you chose to open the router’s port (or vice versa.)
    (A different port must be used for each application or each occurrence of an application on a LAN (local) network.)