Is there a way to disable the incessant password requirement?

Joined
Nov 2, 2012
Messages
387
Reaction score
2
Points
18
Your Mac's Specs
M3 iMac, 24 GB RAM, 10 core GPU
Every move I make seems to trigger the pop-up with a request for my Apple password.
It's annoying, just like Vista demanded a password. Change something in Preferences...password, please. When I download an update, (eg, Flash), again with the password. Update to my A/V...password.

I know it's for my own protection against something detrimental, but this boarders on the absurd. However, why would a legitimate app such as Flash, etc., trigger a red flag?

This was a big criticism with Vista, but is Apple getting a free pass here? Maybe I'm getting old...
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15
Go to:

- Apple Menu
- System Preferences
- Security & Privacy
- "General" tab

Also check your "Sharing" preferences.

Check your settings here. It may help with some things.:)

- Nick
 
M

MacInWin

Guest
Get rid of whatever A/V you downloaded. Don't need it. As for PWs, OSX asks for your PW whenever you are changing an application. And with the new Sandboxing function, it asks for it for any software trying to install from an unknown (to Apple) source, i.e., third-party websites. If you want to disable the sandbox protections, System Preferences, Security and Privacy, change the selection where it says "Allow applications downloaded from:" to whatever you want. "Anywhere" is the most open, but also most risky, as OSX gets out of the way of any install, including malware.

Flash is a resource hog. I don't have it installed, nor do I have Java. Both have security holes you can drive a truck through.
 
OP
D
Joined
Nov 2, 2012
Messages
387
Reaction score
2
Points
18
Your Mac's Specs
M3 iMac, 24 GB RAM, 10 core GPU
OK, that helped a bit, or I should say time will tell. Thank you. I clicked the "download app from anywhere" option without a password.

Anti virus (Avast) is here to stay. I know "it's not needed" but I hate surfing naked and don't buy for one minute that Macs are bullet proof in any aspect.
 
M

MacInWin

Guest
You don't like "surfing naked" so you install pretty-much useless A/V software but you disable the OSX security feature that would prevent any malware from installing without your permission?

I went the other way. No A/V until I hear about a real virus for Macs (there have been zero of these to date), but I keep my security pretty tight. I just loosened it up to allow the identified developers. I don't mind typing in my password to verify that I really do want to install something. I did kill Java and Flash, too many holes in them for my comfort level.
 
OP
D
Joined
Nov 2, 2012
Messages
387
Reaction score
2
Points
18
Your Mac's Specs
M3 iMac, 24 GB RAM, 10 core GPU
I'm after an easy Mac "experience", not to jump though hoops.

By the way, the only time I've been asked for a password I knew 100% of the time it was for, and from, a legitimate source, hence my rant about passwords.
 
M

MacInWin

Guest
Yep, I only have to enter the PW when I install something I know about, too. But I also have the confidence that nothing is installed that I don't know about. With that protection turned off, you won't be able to say that.

EDIT: But that is your call. Just different approaches, that's all.
 
C

chas_m

Guest
That password requirement (which ONLY comes up when you are a) installing new software or b) making changes to the system, so you really shouldn't be seeing it much at all) is THE REASON Macs don't have viruses.

You've opted to go with a resource-sucking piece of crapware and turning off all security on your Mac because you're too lazy to *occasionally* put in your admin password?

I think I'm beginning to understand why viruses are so rampant on the PC platform ...
 
OP
D
Joined
Nov 2, 2012
Messages
387
Reaction score
2
Points
18
Your Mac's Specs
M3 iMac, 24 GB RAM, 10 core GPU
Well now.

Like I said, every single time I've been prompted to enter my password it was for a recognizable action. So, by disabling the password requirement I am getting rid of the annoyance, risk free.

Anti virus. It can suck all the resources it wants as I have an abundance of RAM (8G) and free disc space (475 GB). Is the A/V necessary? I don't care as it costs me nothing monetarily or in resources so I don't see why not, just in case.
 
M

MacInWin

Guest
The A/V does cost resources. I takes cycles of the CPU and your time while it's doing its thing.

Here's the analogy. OSX provides protection to keep a burglar out of your house. It stops people that are suspicious, giving you the chance to decide to let them in, while permitting access to your known friends. You have disabled that protection, but hired a guard to shoot that burglar once he's in the house. That burglar needs to be fed, and he frisks every visitor, friendly or not, delaying arrival of friends.

Why not let OSX do what it does and not add unneeded delays?
 

Raz0rEdge

Well-known member
Staff member
Moderator
Joined
Jul 17, 2009
Messages
15,745
Reaction score
2,071
Points
113
Location
MA
Your Mac's Specs
2022 Mac Studio M1 Max, 2023 M2 MBA
Bottom line, your computer, you can do as you wish. Getting rid of the password requirement is a risk that you seem to be willing to take, and hoping that the A/V will catch potential threats is a gamble. While there aren't any virus' for OS X, giving ANY application free reign to install itself can definitely lead to all sorts of issues...

But, good luck with that..
 
Joined
Jul 15, 2011
Messages
90
Reaction score
0
Points
6
Location
Florida
Your Mac's Specs
2010 imac, 2011 13" mbp, Ipad mini, Ipad air
The A/V does cost resources. I takes cycles of the CPU and your time while it's doing its thing.

Here's the analogy. OSX provides protection to keep a burglar out of your house. It stops people that are suspicious, giving you the chance to decide to let them in, while permitting access to your known friends. You have disabled that protection, but hired a guard to shoot that burglar once he's in the house. That burglar needs to be fed, and he frisks every visitor, friendly or not, delaying arrival of friends.

Why not let OSX do what it does and not add unneeded delays?

I love this analogy :D
 
Joined
Mar 12, 2013
Messages
6
Reaction score
0
Points
1
Disable password requirement

If you want to disable the sandbox protections, System Preferences, Security and Privacy, change the selection where it says "Allow applications downloaded from:" to whatever you want. "Anywhere" is the most open, but also most risky, as OSX gets out of the way of any install, including malware.

Hi MacInWin - I'm compelled to reply as this isn't exactly correct. This method does not turn off sandbox protection at all. During install, OSX examines the code-signing certifcate used to sign the app. Apple has their own for Apple developed apps. Other apps on the AppStore have a "non-Apple-but-official-App-Store" certificate. This is how you can tell OSX to install only Apple, or only Apple and App Store, or "anywhere." "Anywhere apps" have no restrictions on code signing certificates. While Apple requires all apps on the App Store to code specifically to the Sandboxing feature, that has nothing to do with "turning it off." You CAN'T turn it off. Even with "Anywhere" selected, every single App Store apps, and many Apple apps, will run in a Sandbox. Now, it's my experience that non-App-Store 3rd party apps have chosen not to use sandboxing, but again, that has nothing to do with disabling Sandbox. For instance, FireFox is not sandboxed. If you asked me, that's crap as any browser should be required to run in a sandbox, but oh well.. Safari doesn't either :/

FWIW, you can look at what apps are or are not sandboxed by adding the "sandbox" column to Activity monitor. Or not. It's depressing. On my box "root" only has a few out of 55 Sandboxed. Anyway, thought I would throw that out there.
t
 
C

chas_m

Guest
Sandboxing is, as you say, a basic level of protection -- both from unstable apps causing system crashes and from malware trying to extend its reach. But sandboxing shouldn't be mistaken from the kind of protection setting it to "only allow installs of apps from the Mac App Store or signed Apple developers" does.

Updates will quickly change the number of apps you have that honor the sandboxing thing over the next [couple of] year or so. Developers don't really have much choice in the matter. Most people will leave the security settings on their default or the middle choice.

PS. I don't know what version of Safari you're using, but yes it is sandboxed. The *application* will read "no," but Safari Web Content (the WebKit engine) will read "yes."
 
OP
D
Joined
Nov 2, 2012
Messages
387
Reaction score
2
Points
18
Your Mac's Specs
M3 iMac, 24 GB RAM, 10 core GPU
I guess it's all a moot point as I got the pop-up prompt for my password for the anti-virus "data base update." I did check to make sure the box was still ticked for "anywhere" in Preferences > Security, and it was.

My iMac is protecting myself from myself!:Evil:
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
559
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
For instance, FireFox is not sandboxed. If you asked me, that's crap as any browser should be required to run in a sandbox, but oh well.. Safari doesn't either :/
Why? I think you might be overestimating the capabilities of sandboxing. It's not bullet proof (in fact it can be easily circumvented as it was in 2011 and 2012) and by no means offers protection against catastrophic failure. A more effective solution, and one that all browsers have now done, is process and plugin isolation.

Developers don't really have much choice in the matter.
They certainly do and Apple can be thanked for this. Since Apple limits the types of applications that can be put on the MAS and makes you pay to get a signed certificate, there will always be a glut of applications that require the "anywhere" permission. Although I don't represent the majority of independent developers, the software I make won't be going on the MAS nor will I pay Apple the $99 to gain the privilege of attaining a certificate.

This is nothing against Apple (until they remove the "anywhere" option) but rather to suggest that there will always be a group of people, and I'd say of a significant size, that need to install and run unsigned non-MAS software.
 
Joined
Mar 12, 2013
Messages
6
Reaction score
0
Points
1
Was: password requirement Now: Sandboxing

But sandboxing shouldn't be mistaken from the kind of protection setting it to "only allow installs of apps from the Mac App Store or signed Apple developers" does.

I don't understand. The only reason selecting "App Store and Apple" has any value at all is because App Store apps must have an Apple code-singing certificate. The only reason the code-signing cert distinction has value is because App Store devs must implement sandboxing in their apps. Interestingly enough, Apple's apps don't have to be sandboxed at all.

That's the only reason the "App Store and Apple" setting, as opposed to "Anywhere" has any value.

So my question is, what other security benefit do you think one gets by not selecting "Anywhere"?

t
 
Joined
Mar 12, 2013
Messages
6
Reaction score
0
Points
1
Why? I think you might be overestimating the capabilities of sandboxing. It's not bullet proof (in fact it can be easily circumvented as it was in 2011 and 2012) and by no means offers protection against catastrophic failure. A more effective solution, and one that all browsers have now done, is process and plugin isolation.

I never suggested it was "bulletproof." Nothing is, and I never expect it to be. Regarding Firefox (and others) plug-in sandboxing, that's all and good. Security in depth is the best way to do. However, I disagree that is it "more effective" than sandboxing. An hierarchical "sandboxing" as FF does with plug-ins works well when the plug-in is behaving well, and when the OS has been written to properly handle *any* possible breach. Sandboxing on the other hand, requires that the sandboxed app itself explicitly identifies only the required access to the sandbox engine in code. This gives you *two* layers of protection. An attack against the app will have to bypass the apps explicit code, and then it will have to bypass the wrapping sandbox.

Further, there are any number of attack vectors via browser exploits. I say again, ALL browsers should be written to sandbox requirements if they want to be responsible for security. Plug-in isolation would only apply to a plug-in, not to the million other vectors out there.

t
 
C

chas_m

Guest
They certainly do and Apple can be thanked for this. Since Apple limits the types of applications that can be put on the MAS and makes you pay to get a signed certificate, there will always be a glut of applications that require the "anywhere" permission.

True, but I think you're overestimating the number of people who will ever change the default settings on the security of ML going forward. Even I don't -- I will turn it off *temporarily* to download a specific thing I know I need, but then put it back on again. I like to think I'm not very gullible but I can envision some social engineering of the right sort tricking me someday.

Although I don't represent the majority of independent developers, the software I make won't be going on the MAS nor will I pay Apple the $99 to gain the privilege of attaining a certificate.

My dev years are long behind me (until I get a killer idea I guess) but I always felt that the cost of being a registered Apple Developer was modest compared to the money you were likely to make off their infrastructure (not to mention deductible). If you're not making money on said software you have a point but if you are I think "giving back" a bit is a good idea.

Let me be clear about this: I'm referring to the membership in the Dev program, NOT having to sell from the MAS store, your point about that is well-taken.

This is nothing against Apple (until they remove the "anywhere" option) but rather to suggest that there will always be a group of people, and I'd say of a significant size, that need to install and run unsigned non-MAS software.

Not of significant size IMO (at least compared to the number of people who do not need to ever run unsigned software), but yes there will always be some.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top