MacOS Ventura bloatware removal?

Applications distributed by Apple with the operating system are unremovable because they are located on a read-only partition.

Since neither Apple, nor Apple product teams participate in these fellow-user supported communities, you can send feedback to the macOS product team, or contact Apple directly about your security build requirements. Apple has specific language in the license agreement for macOS about altering the operating system contents or reverse engineering that you probably don't want to get sideways with either.

macOS prevents modifications to its components, and to all pre-installed apps. This includes preventing somebody from loading a replacement or compromised built-in app.

Here is the platform security overview:

Apple Platform Security - Apple Support

For certifications and related, see the Apple Platform Certifications, as a starting point:

Apple Platform Certifications - Apple Support

Here is the US NIST checklist guidance for macOS Ventura (revision 1.1 is current, as of this writing):

https://ncp.nist.gov/repository

Here is the US NIST security guidlines for Ventura:

https://github.com/usnistgov/macos_security

Pragmatically, most folks get into trouble with password re-use and password compromises, with physical-access compromises, and with phishing and ilk. And with insider-related issues.

Having been involved with US DoD / US NCSC Class C2 and Class B1 evaluations and RAMPs starting in the era of the DoD/NCSC “rainbow books”, the clock app always did just sail through the security review process even at Class B1, so I’m not sure what might have changed here more recently. 😜

And if you do want a stripped-down version of macOS, log your feedback with Apple. That’s not us.

kgf3076 wrote:

Grabbed the checklist, now to find time to gather the info and read it.

The checklists may or may not help, as might blocking app access, but I’d doubt there will be means to expunge parts of macOS added anytime soon. If at all. No options here short of maybe disabling SIP too, and I would not recommend that.

BTW, (and you don't really have to answer) does Eisenhower Ave mean anything to you?

“And what kind of head of Security would I be if I let people like me know things that I'm not supposed to know? I know what I know because I have to know it, and if I don't have to know it, I don't tell me, and I don't let anyone else tell me, either.”

You can’t.

Theoretically, you could disable SIP and remove them while booted into another drive, but I don’t know if the OS will like creating a sealed snapshot of a modified system volume.

I can’t understand why things you never open are bothersome.

I hope it works for you, sometimes the simplest solutions work.

kgf3076 wrote:

Guess I'm going to have to give the people I work for that information. They sure will be surprised because they switched from OS-2 to MacOS a long time ago.

Better late than never, I say.

(something to do with safety from malware and better security than other OS's)

Why would you have any problems with malware in a closed, secure environment? I would have thought all the built-in Bluetooth, WiFi, Ethernet, and USB ports would have excluded Macs from that kind of environment in the first place.

There are even Solaris workstations here and there due to security concerns but they are being replaced slowly.

That sounds more reasonable.

But regardless, I'm not sure what you are asking here. When you are talking about use in a closed, secure environment, I have something pretty specific in mind. Of course, I wouldn't know what goes on in such places, but I would be surprised if Macs had ever been allowed in.

I'm also surprised that you would only start complaining about this in Ventura. There haven't been significant changes on this front for a couple of years. I checked the APFS partition layout in Big Sur and it's not that radically different than Ventura.

And if you had concerns, why not discuss it directly with your Apple reps instead of asking on a user-to-user discussion forum?

I still don’t understand the problem. If they don’t need them, they won’t use them. Or, tell them not to use them if they scare you.

You should buy hardware not designed for consumer use. You can install any of the Unix flavors to get most of the protection provided by macOS.

If you’re stuck blindly following the STIG, not much you can do unless the inspectors can be convinced to think rationally.

You should talk to Apple. My guess is they won’t be interested in supporting another version of the OS, but you won’t know unless you ask.

Apple builds devices and operating systems for consumer use. They are not designed or rated for secure environments.

For the apps you don't want the rank and file users to use try changing the Privilege for Everyone to No Access.