Sophos Mac Big Sur
- Sophos Vpn Mac Big Sur
- Sophos Central Big Sur
- Sophos Endpoint Protection Macos Big Sur
- Sophos Mac Big Sur Pro
- Sophos Endpoint Big Sur
The latest operating system from Apple, macOS11 Big Sur, has arrived and it brings with it a few significant architecture modifications. In this article, we will take a look at these changes, as well as some of the things you might consider doing to automate much of the deployment of Intercept X on macOS.
These changes started to appear with macOS Catalina (10.15) – Apple is beginning to deprecate the use of system wide kernel extensions in favour of user space system extension APIs. This allows software like network extensions and endpoint security solutions to extend the functionality of macOS without requiring kernel-level access.
Look at Sophos Central Endpoint: How to deploy Sophos on a Mac via the command line for instructions. Managed by Enterprise Console Copy the Sophos Installer.app installer and the Sophos Installer Components directory to a preferred location, for example, the Desktop. Open Terminal and change the directory to the one containing the installer. Additional Sophos Setup Steps for macOS Big Sur macOS Big Sur (11.0) includes additional software security on the hard drive. Additional steps are needed when installing Sophos Anti-Virus to allow access to all areas of the hard drive (for scanning, etc.).
Sophos Advisory: MacOS 11 'Big Sur' is not supported (Central and On-Premise Endpoint). Sophos Advisory. Sophos Community Moderator. (I'm referring to Sophos Home which is not in their list but absolutely is not ready for Big Sur, a multitude of installer problems.it's entirely un-installable). Incoming SSH connections will fail if running Sophos Home v10.0.1a1 + MacOS 11 Big Sur We have identified a possible root cause for this issue.
An interesting third party review of some of the most significant changes in the last decade Apple have recently introduced can be found here. Sync for mac nokia.
Unfortunately, we didn’t have a GA version of Intercept X for Mac available on the first day of release. The good news is that we now have an Early Access Program (EAP) available in Central, whereby customers can nroll devices running macOS11 in order to receive a pre-release version of Sophos Endpoint v10.0.2.
TIP: As you can appreciate, we don’t typically recommend using EAP (pre-release) software on a production system. If you would like to prevent users from upgrading to BigSur AND if you or your customer are using Sophos Endpoint, then it’s worth noting that the SophosLabs have added an Application Control detection for the Big Sur installer. This means that you can control its rollout by blocking the application – the installer is classified as a “System Tool”.
Most of you are probably aware of the process on how to join an EAP and then enroll devices, however if you would like some info on this process click here. Typically, we don’t make EAPs available to Sophos Central MSP accounts, however given that some customers may be purchasing new Apple hardware that comes pre-shipped running Big Sur, we have extended the EAP to MSP customers too.
About new hardware, the following Macintosh models (at the time of writing) use the new Apple M1 ARM-based system chipset:
- MacBook Air (M1, 2020)
- Mac mini (M1, 2020)
- MacBook Pro (13-inch, M1, 2020)
Sophos Intercept X for Mac does not natively support this new chipset; however, it can be made to work using a piece of backwards compatibility software called Rosetta 2. This software needs to be installed on the Mac before joining it to the EAP and it updating to 10.0.2. More info on this process is also covered in the EAP community post above.
On testing the deployment of Intercept X on a brand new macOS11 device, I found the installation routine quite user intensive with several prompts required to allow permissions etc. before a complete protected state could be achieved.
There are several things that can be done to reduce these prompts, specifically using an MDM provider (such as Sophos Mobile or JAMF) to essentially pre-trust extensions using the Sophos ‘Teams ID’ of 2H5GFH3774. This is a trusted ID that is used in the development of Sophos code, to automatically whitelist our software:
I found that this configuration made the deployment of Intercept X for Mac on macOS Catalina and older, virtually ‘silent’. There were still some prompts that required user interaction when deploying on Big Sur, however this will still down on the amount of interaction required without any applied MDM settings.
Sophos Vpn Mac Big Sur
Our wonderful professional services team have also created a number of scripts to use with JAMF to automate deployment on Macs. Info on this can be found here.
Expect to see some more information in the new year, once a GA version of 10.0.2 for Mac is available, on how to automate the deployment further.
As is typical for Apple’s developer conferences, on Monday it started hyping the privacy and security goodies it’s got in store for us in a few months.
Sophos Central Big Sur
During the pre-taped keynote at Apple’s Worldwide Developers Conference (WWDC), the company promised to pump up data protection even more with gobs of new features in its upcoming iOS 14, macOS Big Sur, and Safari releases.
(Here’s the complete keynote transcript, courtesy of Mac Rumors, if you don’t have a spare 1:48:51 to listen to the opening for Apple’s first-ever, all-online WWDC.)
Pretty please stop the ad tracking
The big ones include the option for users to decline apps’ ad tracking. More specifically, we’ll be given the option to “Allow Tracking” or “Ask App Not to Track.” As Wired’s Lily Hay Newman points out, “asking” sounds a lot more dubious than “blocking.” But Apple makes it decisive in its notes to developers, where it says that the permission is a must-have for developers, not a nice-if-you’re-in-the-mood.
Katie Skinner, a user privacy software manager at Apple, said during the keynote that this year, the company wants to help users to control ad tracking:
We believe tracking should always be transparent and under your control. So moving forward, App Store policy will require apps to ask before tracking you across apps and websites owned by other companies.
Sophos Endpoint Protection Macos Big Sur
Developers will also be required to cough up data on exactly what third-party software development kits and other modules they’ve incorporated into their apps, what those components do, what data they collect, who they share it with and how it will be used. Think of the charts like nutrition labels, Apple said on Monday: they’re a way for developers to transparently share security and privacy details.
Apple isn’t the first to think about labels that could give us a heads-up about what a chunk of code is up to. Last month, Carnegie Mellon University presented a prototype security and privacy label based on interviews and surveys, the focus of which was the shabby state of security in the Internet of Things (IoT).
Sophos Mac Big Sur Pro
IoT devices, App Store apps, fill in the blank: why not label them all? Git download for mac. One caveat is that we actually have to trust developers to a) be candid about what they’re up to, rather than b) lying through their teeth. Unfortunately, developers all too often choose option B. For example, sometimes they try to manipulate Google’s security by removing suspicious code before adding it back in to see what trips detection systems, and then we wind up with ad fraud apps hiding in the Play Store.
Another of many examples: in March, Google and Apple had to hose down their app stores to cleanse them of apps that secretly install root certificates on mobile devices – certificates that enable a popular analytics platform to suck up users’ data from ad-blocker and virtual private network (VPN) mobile apps.
The long privacy road
Just like iOS 13 last year, Apple’s upcoming iOS 14 mobile update – expected in the autumn with the release of new iPhones and iPads – is yet another step in the company’s long privacy march.
Since at least 2015, Apple CEO Tim Cook has drawn a distinction between how the company handles privacy versus the tech companies that “are gobbling up everything they can learn about you and trying to monetize it.” Apple, which makes its money selling hardware, has “elected not to do that,” he’s said.
Apple was already working on taking control of ad trackers when it released iOS 13 last year, bringing with it the ability to see what apps track you in the background and offering the option of switching them off. Ditto for iPadOS. The new feature came in the form of a map that displayed how a given app tracks you in the background, as in, when you’re not actually using the app. Giving us the ability to ask that we not be tracked in iOS 14 is a logical next step.
Sophos Endpoint Big Sur
In other security-positive news, the Safari upgrade will also start checking any passwords you store in the browser and can alert you if any have been compromised in a data breach. It won’t share those passwords with Apple.
Happy talk
Of course, it’s worth noting that Apple’s much-vaunted privacy technologies sometimes fall flat on their faces. Case in point: in January, Google researchers published a proof-of-concept analysis of how the Intelligent Tracking Prevention (ITP) in Safari could actually leave users exposed to a slew of privacy issues, including, ironically, being tracked.
But even if we have to take Apple’s privacy and security news with a grain of salt, there’s a lot of meat on Apple’s upcoming privacy and security enhancements.