What is com.apple.Dont_Steal_Mac_OS_X ?

Many users of Apple’s Mac OS X operating system have noticed a kext called com.apple.Dont_Steal_Mac_OS_X 7.0.0 – which is usually brought to users attention in crash reports that are generated to be sent to Apple.  So what is it and why is it there?

Well com.apple.Dont_Steal_Mac_OS_X 7.0.0 is included in the latest version of the OS X operating system (Mountain Lion).  It is also included in other version of OS X, with the “7.0.0” replaced with the major version of the OS X version being used.

In a nutshell, com.apple.Dont_Steal_Mac_OS_X  prevents OS X from being used on non approved Intel hardware – as OS X is licensed only for use of approved Apple Intel hardware.  Basically, it is one of the piracy prevention tools that Apple use.

Users, seem to be most concerned about the fact that this shows up on legal paid for versions of OS X on official Apple Intel hardware.  Do not worry about this, it is perfectly normal.

com.apple.Dont_Steal_Mac_OS_X  will appear on all versions of OS X, legal or otherwise.  Apple encrypt many of the fundamental parts of the OS X operating system which on legal hardware and software, is decrypted when you use it.  For example, the Finder is partially encrypted.  com.apple.Dont_Steal_Mac_OS_X decrypts these fundamental parts of OS X as you use them and as a user, it doesn’t have any impact.  That is unless you are using a pirated version of OS X and you are trying to use it on unofficial hardware.

If you have a pirated version of OS X or are using it on unofficial hardware you are likely to have been greeted with the following message from Apple:

Your karma check for today:
There once was was a user that whined
his existing OS was so blind,
he’d do better to pirate
an OS that ran great
but found his hardware declined.
Please don’t steal Mac OS!
Really, that’s way uncool.
(C) Apple Computer, Inc.

Obviously, as well, it will not decrypt the encrypted parts of OS X if it is pirated or being used on unlicensed hardware.

The implication that this kext only runs on pirated software / hardware is false.  It will run on all versions of OS X and is nothing to worry about for your law abiding user.  Next time you send a crash report, have a look at the details before sending it and you’ll see it sitting there.

The advice given on some sites about disabling this kext (or unloading it from memory) should not be followed – this will break parts of OS X, rendering it unusable.

So, in conclusion, there is nothing to worry about with com.apple.Dont_Steal_Mac_OS_X.  It is completely normal.  That is unless you are running a pirated version of OS X and / or using unlicensed hardware, in which case, you may have a bit of cause to worry.  Anti-piracy features are becoming more commonplace and more complex as time goes on and big software companies are likely to continue to develop new and more complex ways to protect their software and its commercial value.