If you’re new to the Mac, be it this is your first machine or your switching from another system like Windows, you may be not be familiar with a number of Mac terms and phrases. This article series will helps serve as an intro into the Mac world and a quick overview of some more technical terms used in it. This article will be updated as new ones come out or we find others we may have missed.
Gatekeeper is a security Mac OS function that try to help prevent the launching of malware. Starting in Mac OS 10.7 Lion, and the being given functions and an interface in 10.8 and later, Gatekeeper enforces code-signing, meaning that developers have to get a certificate from Apple and use it to authenticate that the app is from a trusted developer, or is at least authentic. The first time an app is run, it is checked by Gatekeeper against known malware lists and that certificate is valid. If both of those come back clean, then the app is allowed to run.
If the app doesn’t have an Apple certificate, or the certificate is not valid, then the app will not launch with a warned message that is isn’t trusted. A user can willingly circumvent this by either Control-clicking/right-clicking the app’s icon and hitting “Open”; if you’ve already open the app and gotten the warning, then you can go to the System Preferences App, open the Security and Privacy Pane, and look under the General tab. At the bottom of the window, you’ll see the app that attempted to run and have an option to open it anyway. Either way, this will allow the app to run in the future without prompting, unless you reinstall the app or update it manually (meaning you go and download the updated version from the vendor directly and install the update on your own, typically not if the app updates itself). It’s in this section that users can change Gatekeeper to only allow apps from the Mac App Store or leave it at allowing App Store apps and apps from identified developers.
While it has increased security, the function isn’t without critiques, as apps are checked only the first time they are run or manually updated. Likewise it puts developers that can’t afford certificates potentially at a disadvantage in the market. These merits or faults of these arguments are beyond the scope of this writing at the time, but worth mentioning at least.
Kernel Extensions (KEXT):
Kernel extensions are a now deprecated way to extend the function of your Mac. The Kernel is part of the lowest level of the OS (think like a kernel of corn, like a seed/root). If your Mac needed to have extra functionality that required some very deep level function or access, a programmer might use a kext to put this function into your machine. Not every app needed to use a kext, simpler apps like Firefox or Office could get away with using the built-in functions provided by Apple to do their work. But some apps like printer and USB drivers, security apps like antivirus suites, VPN’s, etc. would need deeper level access to do their job and would use a kext to do this. Even apps like Dropbox might use a kext to show the syncing status on the icon of an individual file. However, these could cause security problems or even cause your Mac to crash if there was a problem or if the app using the kext had a problem. Since OS 10.9, Apple has been working to limit these problems, notify users of their use, and eventually to replace them with the System Extension functionality as described later in this article. Kext deprecation was completed with the release of 10.15.4.
Starting in Mac OS 10.14 “Mojave”, Apple began asking developers who sell or supply software outside the Mac App Store to get them notarized by Apple. This is an additional function on top of Gatekeeper. Essentially apps are sent to Apple who can sign that they are made or use a certain code base, are signed correctly, and don’t have any known malware in them. Essentially the apps are not explicitly endorsed by Apple if they are notarized nor condemned if they aren’t, rather it is a way for Apple to help their Mac users know that the apps that are notarized are not broken or will infect your machine.
By default this means that any apps that run on your machine will be checked against the notary service Apple provides before running, which means you need an Internet connection. However Apple provides a process called Stapling to help prevent this. Essentially once the app has been approved and notarized by Apple, developers can receive a metaphorical “ticket” to be “stapled” to their app, meaning the OS knows that this particular app and version are safe to run for the time being.
Recovery Mode is a mode with which to recover and repair your Mac. When you get a Mac, a partition is set aside on the drive that contains a safe version of the Mac that can be used to reinstall the OS, repair it, wipe it, and a couple of other functions. In Recovery Mode are the Disk Utility app for managing the disks and repairing them, “Restore from Time Machine Backup” to recover your Mac to a previous iteration from Time Machine, “Install macOS” that will help reinstall the version of Mac OS that you’re currently using, and a basic copy of Safari for which you can research help and navigate Apple support articles. You also have the ability from the menu bar to set and manage a firmware password, the Terminal, and a Network Utility for when you’re having networking trouble. This is very useful for when you need to repair your Mac or reset it.
This mode can be reached by holding down the “Command” and “R” keys at same time on starting up your Mac. If for some reason you’re having trouble with Recovery Mode, but your Mac can connect to Ethernet or WiFi, then you can hold down the “Command”, “Option” and “R” keys to enter the Internet version. You can also hold down the combination of “Shift”, “Command”, “Option”, and “R” to reload your machine with the version of Mac OS that came with your machine, or the closest version to it.
Root is the most powerful mode and account in the Mac’s system. It is typically only used in extreme circumstances or by very knowledgeable users. The account is disabled by default, but has the power to add, remove, copy, move, etc. any item within your Mac, and should only be enabled or used with extreme caution. It is also activated in the terminal with the sudo command, though to do so you need to at least be admin of the machine already.
Safe Mode/Safe Boot:
Safe Mode is a special boot mode in Mac OS that only runs the bare minimum need to run your Mac. It is commonly used when troubleshooting issues on the Mac, such as startup issues, kernel panics, etc. Third party utilities, like antivirus, cloud syncing apps, etc., and some drivers don’t start up when you activate your Mac. Certain visual flairs may be slower or not be run at all when the Mac is in this mode. It is activated by holding the “Shift” key while the Mac is turning on. Safe Mode runs some repairs during the boot up process, so it takes a little longer to get you to the login screen. It is commonly indicated on the login screen with the words “Safe Boot” in the top right corner of the menubar in red letters.
This is a term commonly used in the Apple community to refer to an application that is considered killed or soon to be dead because Apple added the signature feature of that app into the operating system’s native function. It comes from the “Sherlock 3” function added to Mac in version 8 that was a precursor to the modern day Spotlight. It added the ability to search for files across the web, which was previously a function many users added at the time via Karelia Software’s Watson application.
Signed apps is a security procedure for Mac apps that are available from outside the App Store. Signing apps allows developers to get through the Mac’s Gatekeeper system as coming from a legitimate developer, or at least a known good source, and that the file hasn’t been changed or modified in anyway since the developer published it. This can help prevent attacks where a malicious actor distributes malware under well known app name or hacks a legitimate developer’s website and sets up a malicious version of the real app that installs malware along with said app. This latter example has been the case with several apps, though not exclusively, on the Windows sides such as in the case of CCleaner in 2017. Applications don’t necessarily have to be signed in order to run on Mac, but unsigned apps will be blocked by Gatekeeper when they are run the first time, and users will have to allow the app to run by going to the “Security and Privacy” Pane in System Preferences.
Single User Mode:
Single User Mode is a special startup mode that causes the machine to act as a giant terminal/command prompt. It is commonly used in troubleshooting disk and startup issues. It is activated by holding down the “Command” and “S” keys on the keyboard.
See Notarized Apps.
System Extensions are the modern iteration of KEXTs. They allow for a safer way to extend the functionality of your Mac. For example, if you use a third-party cloud syncing like Dropbox, OneDrive, etc. then you may have the option to have it show syncing icons next to the files and folders you’re syncing. This is handled by allowing a system extension (specifically a Finder extension). There are also extensions for actions, photos, the Today view in Notification Center, the Share Menu, and more. You can find a list of these, as well as enable or disable any you need by going to System Preferences and opening the “Extensions” pane.
System Integrity Protection (SIP):
System Integrity Protection (SIP for short) is a security feature in Mac OS designed to prevent the interference of malicious files and applications with the Mac’s system files. Introduced in OS 10.11 “El Capitan”, Apple introduced this as a way to prevent or limit the damage a malicious application could do in the event of an infection. Apps are limited in the way they can access or change permissions to system level files and folder, things that the OS uses to run your computer but most users would never mess with. It also prevents unsigned system extensions, kernel extensions, and other deeper level applications from running. SIP is turned on by default and generally should be left on. It can be disabled by going into Recovery Mode, opening the Terminal from the Utilities menu in the menubar, and typing the following command:
Then reboot your machine. It can be reenabled by going back to the Terminal in Recovery Mode and typing in:
Then reboot the machine to complete.
Target Disk Mode:
Target Disk Mode allows you to connect 2 Macs together with one acting as an external drive. This is very useful for migrating data from an old Mac to a newer one, troubleshooting Macs, performing drive repairs, and recovering data. To do so, you will need 2 Macs and connect them with a Firewire cable or Thunderbolt cable. You can use Firewire-Thunderbolt adapters as well. Once you’ve connected them. Turn off the Mac that you want to act as the external disk, such as the older or problematic one, while leaving the other Mac on (the new/good one). Connect a keyboard to the old Mac if there isn’t one already connected. Turn the old Mac on while holding down the “T” key on the keyboard. Your Mac will start displaying either the Firewire or Thunderbolt logo, and you’ll see the old Mac appear on your new Mac as an external hard drive, typically labeled “Macintosh HD”. Note you will need to make sure the old Mac does not have a firmware password, and the internal drive isn’t encrypted. If either one of those is active, you’ll need to disable those otherwise it won’t work, and you won’t be able to access the old Mac’s drive.
Verbose Mode is a boot mode of Mac that allows you to see what’s happening and what’s getting launched when you turn on your Mac. Normally when you boot up your Mac, you’ll see the Apple logo and a loading bar, but if the Mac gets stuck while booting those don’t really help you much. Once activated at boot up, the Mac will instead display lines of information as each hardware or software service is loaded by the Mac for you to use it. Verbose Mode can be activated by holding down the “Command” and “V” keys as you turn on the machine.
If you click a link and purchase something through our articles, these may be affiliate links through which we earn a commission. Commission on products do not affect editorial ability or direction, and we try to add affiliate links to items we either do or would recommend and use ourselves. We do not take money or affiliate commissions from companies in exchange for reviewing their products.