undefined | Better HN

0 pointscageface1y ago0 comments

I could sort of see the justification for requiring notarization giving Apple a kill switch to shutdown malware. But if it's just turning into another kind of app review then we can't really say the Mac is still an open platform.

0 comments

idle_zealot1y ago

Notarization is not a reasonable implemetation of a malware kill switch. All you'd need for that is an Apple-published list of known-bad app ids that the OS could check itself against periodically. No, notarization is a control mechanism to impede the creation and distribution of any non-Apple-approved apps.

rekoil1y ago

App IDs don't really work for this purpose if Apple aren't in control of generating them, nothing is stopping a malware vendor from literally never reusing app IDs. Notarization is a reasonable implementation, and it can even require some form of developer identification, it just can't be very deep identification, an e-mail address is enough (along with IP and other metadata gathered during the process). That way they can disable all apps signed by one developer, and can more quickly react to malicious actors, without it becoming a problem for normal users.

Someone1y ago

> nothing is stopping a malware vendor from literally never reusing app IDs.

Or form using the ID of another vendor.

> and it can even require some form of developer identification, it just can't be very deep identification, an e-mail address is enough (along with IP and other metadata gathered during the process).

I expect the typical malware writer will easily find a way to have a unique “e-mail address (along with IP and other metadata gathered during the process)”.

Because of that, “That way they can disable all apps signed by one developer” will not be possible.

1 more reply

cagefaceOP1y ago

The requirement for a hardened runtime certainly supports this point of view.

j / k navigate · click thread line to collapse