About a month ago I wrote an article ” This might sound controversial, but resist that big MacOS update, for now!” In that article I warned about the changes that Apple where bringing to the operating system of macOS with the move from 10.15 to 11, one of the biggest of these is the removal of direct access to the system kernel.
While from a purely security centric point of view this sounds like a great idea, as you are restricting the ability of any software to jump onto the system and access machine changing instructions, it poses a serious implication to the world of vendor support for macOS.
At the time I warned of this impending change, however when writing that article, it was difficult to really clarify how big an impact Big Sur was going to have on 3rd Party software. However, in the last few days it is starting to become a lot clearer.
Since initially testing the Beta on a development machine, as we do every year at Planet IT to ensure we can successful support for our client’s businesses, we initially noticed that a number of software products stopped;
- Encryption Management software
- Virtualisation Applications
- Container Applications
- And the list goes on….
When this initially happened, as an Authorised Apple Reseller, we were already a few weeks into testing, ahead of the companies who make the software
Because of this, when writing my previous article warning of the risk, I wasn’t too harsh on any single software vendor, just in case they got their act together and updated the software to move from direct kernel access to the now Apple approved API access.
Late last week along with many customers I received the below from Sophos;
“Dear Sophos Customer/Partner,
Please note that the current version of Sophos SafeGuard is not compatible with the upcoming release of Apple macOS 11 (Big Sur) and will not function correctly. We strongly recommend that customers do not upgrade any macOS clients running Sophos SafeGuard to macOS 11 (Big Sur) at this point. Doing so may have undesirable effects including:
Device Encryption – SafeGuard may in some cases not be able to retrieve FileVault recovery keys, meaning that machines might not be recovered if users forget their password
File Encryption – SafeGuard may in some cases not be able to encrypt and decrypt files transparently. Please note that no data is at risk of being lost as manual encryption and decryption of files will still be available
We intend to issue a Service Release of Sophos SafeGuard that will resolve these incompatibilities. In the meantime, we recommend you do not upgrade the operating system and wait for this Service Release instead.
For the latest information, please see this article. This article will be regularly updated with the latest information.
Your Sophos Team
This began to answer a question that had been burning in my mind, are these vendors ready?
The answer is no!
Sophos is not alone in having issues with macOS 11, but they are, to their credit, the first to publicly admit it. Their suggested action is to not upgrade to macOS 11 Big Sur when it becomes publicly available (expected in the next 10 days), however that is easier said than done as Apple will force you to update with-in a matter of weeks anyway.
We expect to see a number of issues with additional software as a wider group of user uptakes the new software and unfortunately this year more than ever software vendors are slow to resolve the issues and adjust to the new way of working.
So our advice remains simple, HOLD OFF!
I know we usually recommend keeping all devices up to date, but please don’t rush to upgrade your device this time. If you use it for work in any way, you are going to want to stay on the latest secure update of 10.15 MacOS Catalina for a while.
As with this update we are going to continue to monitor the situation and we will let you know as soon as it’s safe to make the jump and we hope to publish a granular list of unsupported major applications as soon as the public release of Big Sur occurs.
We know this goes against the usual advice you might hear from us or other IT experts, so in the meantime if you would like to discuss with myself or any of the highly skilled team here at Planet IT about how to keep your business operating, secure and safe in the changing world of the Mac you can reach us using the contact details below;