Firewall...Radio Silence...

Recently, about a month back, I had added 'tags' to my applications using Finder:

These are basically apps that I have blocked using Radio Silence.

Can this process of adding a file tag alter the app in any way that excludes it from Radio Silence block list?

I thought File tags are just a reference/ filter that Finder alone uses to reference/ keep track of a file/ app. This in no way should modify the file/ app in any way. Is this true or is my understanding not correct?

I have removed and re-added all the apps again. Is there any other way to check if Radio Silence is doing its job properly or not?

As someone with very limited knowledge about these things, I play it safe. I have added every app to the 'Block Incoming Connections' feature with the built-in firewall. I wish Apple had provided 'block outgoing connections' too. But Apple is Apple.

Configuring Radio Silence is simple. Open the app, click on 'Block Application', and then browse to the Applications folder and select the app you want blocked.

Developer hasn't responded in over a week. But is my understanding of file tags correct?

I am certainly not assuming what you mentioned, because if I did, I wouldn't be seeking help in a user forum.

A company makes a product for a market, not just for an individual. They didn't custom make this Mac for me based on my requirements. They have just made a product with their own interests in mind, and I as a consumer have my own requirements, usage behaviour and therefore a custom made solution that addresses those.

Would you be just as comfortable leaving your car in an isolated, desolated place just as you would when you park your car in your garage? The car is the same, and with the same built-in security.

Or would you be just as comfortable leaving your car in the open sun as you would parking it in shade?

Apple doesn't guarantee my Mac against any malware, spyware, ransomware, adware, etc. It is not a matter of trust because we don't have a security contract here. Our transaction is strictly a sale-purchase one, and at the most a warranty for the hardware. Zero warranty/ guarantee for data!

Very interesting links. Thanks for sharing.

I see all the Apple articles have all spoken about the strengths. There is no mention of weaknesses, vulnerabilities, etc. All these exist for sure, and that's why we see updates, which almost always include the security aspect.

This is a cat and mouse game. And leaving everything on the maker is both irresponsible, and dangerous. Because in the event of a disaster, the maker has nothing to lose.

Today, the biggest (or most widespread) type of malware is one that steals your data. It may be totally harmless for your files, but spies on you and uploads your data. I am aware the built-in solutions are great, but not foolproof.

Blocking internet access completely for apps that don't need to connect to the internet is one sure shot way to ensure your data remains only in your device. But there is no built-in mechanism to ensure that.

As someone who installs from outside the AppStore too, I prefer taking additional precautions. That's not to say I would install random stuff and/ or from random sites. Yet the fact that any installed application is completely cut-off from the outside world, severely limits the damage it can do, especially those that by itself aren't of the virus/ ransomware kind.

I should have the option to decide on that. Preferably a built-in one.

Hello John,

Read your other post that was shared by Bob. Lovely post.

I did take note of point 2 where you mentioned that looking for an app as a solution is ineffective. My question is:

What other choice do I have?

And as with your comment here, all 3 suggestions are independent of each other, and can't coexist. Basically not a practical solution.

You need your machine to be always connected, but not necessarily so for ALL your apps. I want my mail to connected 24x7, but there is no reason my video player or calculator need to access internet. Likewise, I want my file manager to have access only to devices on my local network for file transfers and backup/ sync, but not be able to connect to the internet.

I'm sure this is a very basic requirement, but most users don't care for. Unfortunately, a simple solution that is built-in doesn't exist either.

You are overstating the built-in security here, and understating the risks/ potential risks.

For someone who uses his laptop just for office work and/or just sticks with the Store apps, no additional precautions may be required. But for others, who form the most majority, and who like to try different apps (again, I am not talking about random stuff/ random sites), some additional security tools may be required (just in case), and these unfortunately aren't an option with the built-in tools.

I may allow internet access for my apps so they can check for updates. But I have absolutely no idea if that is all they do. May be they are uploading my files along with performing their updates (if at all). We are talking of permissions abuse here.

We have plenty of apps that have been removed from Google Play Store, Apple AppStore where they managed to bypass the security checks and get listed. And these are mobile platforms which are probably more secure than the Desktop platforms.

And as with reputed apps, we also know many of those are paid reviews, paid ratings, we have no idea if the files are hosted securely, no idea if the apps do just what they claim to do and not anything more. Besides apps may see a change in owners, new approach to the products (some well known softwares are known to have started bundling junk), and any combination of the above and more. A normal user (even an experienced one) does not keep track of everything, and possibly can't. In the end its a money game.

You are right that I need someone knowledgeable to explain these things better. I have acknowledged that anyway. But you can't tell me/ imply that my concerns are baseless.

I sent him an email last week, but got no response.

Trying to see if it could be some system/ other configuration that I missed.