undefined | Better HN

0 pointsAnthonyMouse4y ago0 comments

> I think the issue with pushing malware signatures to the client is that it is reactive rather than proactive - i.e. by the time you have identified a malware signature, it is already too late (which leads to an inevitable cat-and-mouse / whack-a-mole game).

But notarization is the same. Apple isn't vetting notarized apps before they're distributed. All it does is impose a cost on the developer, who could still for all you know be a member of the Russian mafia. Or any random developer who has had their machine compromised and then used to sign the compromising party's malware.

It doesn't get revoked until somebody identifies the code as malware. It's the same reactive process as malware signatures.

0 comments

zackees4y ago

Malware can change its signature and then it’s no longer on the exclusion list.

However if an inclusion list is used, then the malware changing its signature means that it loses the ability to execute.

AnthonyMouseOP4y ago

Except that approval is automatic so they just modify the signature and submit it to be included again.

j / k navigate · click thread line to collapse