Software Update insecurity
Just as we don’t all want to drive automatic vehicles, some of us prefer to download and install updates when we choose, rather than leaving it to the Software Update pane to decide. There are hidden dangers in that; going fully manual with all the pane’s settings disabled can fail to detect updates to macOS’s built-in malware protection, leaving your Mac at risk.
Unless you check for and install those using other means, such as the softwareupdate command or the free app SilentKnight, every Mac should run with the last item, and install security responses and system files (or similar) enabled in Software Update. That still gives you control over whether and when macOS updates are downloaded and installed, and should stop your Mac being left with out-of-date security protection.
Share certificates across Macs
Q Howcan I share security certificates in my iCloud Keychain?
by OLLIE HAVILAND
A You don’t appear to be able to share secrets of your own choosing, apart from internet and other passwords, using the keychain shared in iCloud. That isn’t because of any limitation in the keychain, but the fact that you can’t add your own keys or certificates to the keychain that’s shared.
Macs have two types of keychain: the login keychain, that’s normally used to store our own certificates and secure notes uses an ancient format, is stored in our Home Library’s Keychains folder, and can’t be shared in iCloud. The