Apple deprecating macOS kernel extensions (KEXTs) is a great win for security Apple kernel extension APIs to be deprecated in macOS 10.15.4 February 7, 2020 https://www.zdnet.com/article/apple...extensions-kexts-is-a-great-win-for-security/
Seems to be the same issue related to PatchGuard which was introduced in Windows Vista back in 2006. So apps won't be able to modify the macOS kernel anymore. On Windows it solved a lot of stability problems and of course it made "kernel-mode" rootkits mostly a thing of the past. https://us.norton.com/internetsecurity-malware-what-is-a-rootkit-and-how-to-stop-them.html
It is similar but different than PatchGuard. Apple makes hardware and software. On macOS you don't install drivers, because OS already has them built-in. Windows ecosystem is completely different in that regard and Microsoft must provide support to install 3rd-party drivers. These 3rd-party device drivers are executed in kernel-space. PatchGuard just provides some mitigation against modifications of certain other parts of kernel, but device drivers are still executed in kernel-mode. Malicious driver still may change a lot of system memory addresses and there are even ways to bypass PatchGuard. MacOS will completely remove ability to install anything in kernel-mode created by 3rd-party. Very easy step, but also very significant.
OK cool, didn't know about this. However, it sounds like so called "kernel extensions" have the same capabilities that drivers on the Windows OS have. So I'm guessing that's why Apple wants to get rid of them. It will make it harder for malware to bypass security tools. Correct, but PatchGuard does interfere with most techniques being used by malicious drivers, they simply can not modify most important parts of the kernel. And all drivers must be signed of course. At first I thought it was a dumb decision but I later changed my mind, it was actually a good thing.
New macOS 10.15.4 warnings are a shot across the bow for kernel extensions This shouldn't be a surprise to developers March 25, 2020 https://www.imore.com/new-macos-10154-warnings-are-shot-across-bow-kernel-extensions Kernel extension warning dialogs in macOS Catalina 10.15.4