upvote

points

by ibash10 hours ago |
comments
upvoteby enoch20904 hours ago|
next
[-]
You better delete all third-party applications for they are having full disk access.
reply
upvoteby coldtea4 hours ago|
parent|
[-]
Hello, 2010s called.

In 2026, applications, third or even first party, don't need to have full-disk access, and are not given either. They see a jailroot environment. I give full disk access to the terminal app, and a handful of others. 90% of them, nope.

At least that's the case in macOS, I'm pretty sure Windows can do that too. Linux of course has had such capability since forever, but I guess most distros you need to manually take care of it.

reply
upvoteby andersa1 hours ago|
parent|
next
[-]
Sadly, Windows cannot do that. Every installed program has full disk access by default. It's very, very difficult to make it not so.
reply
upvoteby 0x07345 minutes ago|
parent|
prev|
[-]
AppContainer (e.g. used in uwp or msix)
reply
upvoteby eneveu2 hours ago|
parent|
prev|
next
[-]
Interesting. Do I get this sandboxing out of the box when I install apps with Homebrew? Or do I need to do something specific?

Would love to enable this for all apps, and add exceptions for the ones that need more access.

I installed Lulu and BlockBlock recently, and want to do more to harden my Mac.

reply
upvoteby cassianoleal1 hours ago|
parent|
[-]
This hardening is enabled by default with Gatekeeper. That includes Homebrew apps, unless you disable it.

When an app tries to access something outside of its sandbox, you get a notification asking to approve or deny. Full Disk Access I think needs to be explicitly given on System Settings (Privacy & Security -> Full Disk Access).

reply
upvoteby graynk2 hours ago|
parent|
prev|
next
[-]
In the scenario where you take care of it yourself the rogue plugin would not be an issue either.

I have no idea how to do that in Windows though.

reply
upvoteby finghin3 hours ago|
parent|
prev|
[-]
I've never tried to do this or similar in Windows (obviously easy in unix-like environments) but I'm going to bet it's far more trouble than it's worth for 99% of users
reply
upvoteby jon-wood2 hours ago|
parent|
[-]
On macOS at least those 99% of users are probably installing from the App Store, where apps are sandboxed by default and need to explicitly ask for access to paths outside that sandbox. Even when not installed from the App Store a permission dialogue is popped if an application tries to read from sensitive paths like your photo library.
reply
upvoteby silon4251 minutes ago|
parent|
[-]
For real security, operation should only be allowed after 24h of cooldown.
reply
upvoteby stingraycharles8 hours ago|
prev|
next
[-]
These types of problems usually only get fixed when it’s too late.
reply
upvoteby cromka7 hours ago|
parent|
[-]
"Sorry we got caught" reactiveness.
reply
upvoteby redsocksfan451 hours ago|
prev|
next
[-]
[dead]
reply
upvoteby yard20105 hours ago|
prev|
[-]
Lol it's a social engineering attack. What are you talking about. Don't run programs you don't trust, especially when being asked to do so by strangers on the line.
reply