You still seem to be missing the point. This is about end users not developers.

This is a UI problem, not an API problem. You want to make a technical point, because you're a technical person, but you're missing the forest for the trees, because this isn't a particularly technical problem. This is a typical Apple problem of paternalism, Apple believing that Apple should take care of everything, and users shouldn't worry their pretty little heads about anything.

> I mean, in a perfect world all of this would be perfectly exposed to users and they would know every single action their computer takes.

We're not talking about "every single action", we're talking about the OS detecting malware on an end user's Mac and then... not bothering to tell them about this fact. Imagine if you went to the doctor for a physical, took some tests, the tests indicated you had an STD, and then... the doctor just gave you some drugs and didn't bother to tell you that you had an STD. That would be malpractice. You'd want to know. You'd need to know. Because one doesn't just "randomly get" either an STD or malware. How you got it (and especially who you got it from) is just as important as that you got it.

> Nobody says the system firewall runs in “complete secrecy” either even though it doesn’t warn you when it blocks connections.

1) You have to manually enable the firewall. It's disabled by default on macOS.

2) Unlike malware, you can just "randomly get" connection attempts from the internet. Attackers are probing everything. I can see that in my web server logs.

I make a simple claim: if macOS takes action to remediate malware then it ought to tell the user. Simple question: Do you agree or disagree with that claim?

All of the discussion about logging and endpoint security is because the author has determined in testing that macOS actually fails to tell the user when it remediates malware.

To follow my earlier analogy, this is like talking about how to do your own STD tests when your doctor neglects to tell you whether you got an STD. But you doctor should really tell you, and then you wouldn't need your own tests. But you seem overly focused on the tests rather than the telling.

I am fully supportive of keeping users informed of how their systems work, and I always will be. Many parts of Apple, and the software industry in general, don't care for this very much, so this is unfortunately not as universal as I would like it to be. There's a lot of places in their OS that Apple chooses to not prioritize this effort, or does a poor job.

It's important to note that "tell the user" is not actually all that simple, just like being the person who tells you your medical results doesn't just read out your blood test. Throwing up a "we detected 10 threats" notification is not relevant to most users. When a doctor sits down with you they are obligated (I believe legally?) to make sure you understand what the results mean, how confident they are of the conclusions, your risk factors that might have influenced what they found, and what your next steps are. The same applies to malware detection and remediation, except with "medicine" swapped with "computers" for things people don't really understand.

I work in this space on another platform, and the problems we regularly run into include things like:

* We aren't 100% confident that we've detected malware

* Users sometimes actually find malware to have some helpful functionality (e.g. photo filter app that uploads all your photos, not just the ones you hand it)

* Malware authors target mechanisms that we can provide feedback to users

* Saying you didn't find any malware can lead users to think there is no malware

* Users don't really know to do with "oh we found malware and fixed it for you"

…

There aren't impossible problems to solve (at least, I hope they aren't…) but they definitely require some thought. I don't quite know how Apple does malware scanning; my understanding was that they do a lot of signature matches which should help with "we are confident this is malware", but considering some of the behaviors described in the article ("macOS detected malware and didn't do anything?!") I suspect some of these are less reliable. In any case, I get the feeling that Apple has not prioritized notifying the user of this because they don't want to spent the time on it for whatever reason. They don't really want to keep it secret, hence the API for third parties to perhaps solve the problem for them, but they aren't doing it themselves. Perhaps they really should; I think it's fine to be upset about this. The specific complaint I had was that the author seemed to imply that Apple purposefully underdocumented the API and made it hard to use for normal people, when that wasn't the purpose of it at all.