OS Security Compromised - How Safe Is SoftRaid?
In order to use Softraid, Mac OS users are asked to alter the security policy on their computers and put their system in a "Reduced Security" mode. Recently my Mac was compromised and I am now asking myself, in an era where malicious attacks on computer systems are becoming increasingly common, just how safe is Softraid to use? I feel like this is a bit of an elephant in the room, but I admittedly know very little about the back end of a Unix system. I wish there was a way that Softraid could work in conjunction with the Mac's default security settings so users can retain the maximum amount of protection against malicious attacks. Can anyone speak to just how vulnerable we are making our Macs by using Softraid?
I would love to hear more details on what happened.
When you "reduce security", you are making it possible to install drivers, which are otherwise completely blocked.
The drivers must still be "code signed" by Apple.
The driver must be enabled by you in System Preferences/Security, where you see the name of the developer with the signed certificate (OWC/Other World Computing in our case)
this applies to every kernel extension, including all professional equipment, Anti-virus software, Virtual Machine solutions, etc.
I think this is actually an interim solution by Apple, as they have been promising for several years to move drivers into "user space", i.e, out of the kernel. So they locked the barn door, with all the driver developers inside, with no keys (solutions).
That is why this has to be done, until the transition is complete. We have done extensive investigations into the various malware/exploits in Apples security updates and have not seen any "Driver" exploits, the fixes in security all seem to apply to standard user interface holes/exploits. So I do not think you have anything to worry about.
Even if you accidentally downloaded some "share ware" that had malicious drivers in it, when it asked you do install a driver and "Approve" it in System Preferences, that is where you should be suspicious. (And if the drivers were not code signed, ie, they did not hoax apple, or stole another developers credentials, then you would not be given the option in any case.)
So macOS security is still pretty tight, even when you "enable" third party developers on Apple Silicon computers.
On intel, there was a bug in Catalina, where yes, SIP (System Startup Security) had to be disabled in order for SofRAID to run, but Apple fixed that bug in Big Sur. No one should be runnning with SIP disabled. Again, the SIP technology only works during the first 2 minutes during startup, and then all the normal security rules will apply.
MacOS is still the most secure operating system around. the biggest gripe many developers have is it appears the "security team" is running Apple development, not the experts in user interface, and user experiences and user interactions have suffered greatly by "not so well thought out" implementations of security protocols. they are "bolted on" ,without much thought to how it affects users, especially "prosumer" and professional (media, in particular) users who must make modifications to their systems, add extensive hardware, etc, to be productive on the Mac. They are the ones to suffer in this transition period.