View Single Post

Member Since: Mar 12, 2013
Posts: 6
Thor-HoG is on a distinguished road

Thor-HoG is offline
Originally Posted by MacInWin View Post
If you want to disable the sandbox protections, System Preferences, Security and Privacy, change the selection where it says "Allow applications downloaded from:" to whatever you want. "Anywhere" is the most open, but also most risky, as OSX gets out of the way of any install, including malware.
Hi MacInWin - I'm compelled to reply as this isn't exactly correct. This method does not turn off sandbox protection at all. During install, OSX examines the code-signing certifcate used to sign the app. Apple has their own for Apple developed apps. Other apps on the AppStore have a "non-Apple-but-official-App-Store" certificate. This is how you can tell OSX to install only Apple, or only Apple and App Store, or "anywhere." "Anywhere apps" have no restrictions on code signing certificates. While Apple requires all apps on the App Store to code specifically to the Sandboxing feature, that has nothing to do with "turning it off." You CAN'T turn it off. Even with "Anywhere" selected, every single App Store apps, and many Apple apps, will run in a Sandbox. Now, it's my experience that non-App-Store 3rd party apps have chosen not to use sandboxing, but again, that has nothing to do with disabling Sandbox. For instance, FireFox is not sandboxed. If you asked me, that's crap as any browser should be required to run in a sandbox, but oh well.. Safari doesn't either :/

FWIW, you can look at what apps are or are not sandboxed by adding the "sandbox" column to Activity monitor. Or not. It's depressing. On my box "root" only has a few out of 55 Sandboxed. Anyway, thought I would throw that out there.
QUOTE Thanks