 I shouldn’t have to explain the logic behind universal code signing, even if that includes malware, but apparently I do: 1) If all non-malware is signed, then Mac users never have a reason to bypass Gatekeeper (e.g., the right-click song and dance). In fact, Apple could make the process even more difficult than it is now. 2) If Mac users never get into the habit of bypassing Gatekeeper, then malware is incentivized to be signed too, otherwise it’s more difficult to distribute. 3) … 5 comments
That’s why it’s beneficial to give out free code signing certificates to all Mac developers, with lenient terms. Currently, not all non-malware is signed, because some developers can’t or won’t sign up for the Apple Developer Program, either because of the cost or because of the highly restricted terms associated with the App Store, which is inseparable from the Developer ID program. Malware authors and scammers have already been paying for Apple Developer accounts, and indeed putting their software in the crApp Store as well as distributing externally on the Mac. The price has never been a barrier, because crime does pay! Price is only a barrier for some honest developers. The very fact that Apple had to add notarization on top of the preexisting Developer ID certificates proves that the price of the certificates wasn’t a barrier for malware. The negative side effect of the price is that it incentivizes honest developers and users to practice riskier behavior, i.e., releasing and using software that it totally unsigned.  I'm not against code signing as a concept, but I very much despise the way Apple implemented it by trusting itself and no one else whatsoever. There are no provisions made for people who don't trust Apple. Let me self-sign my apps like it's done on Android. Let me as a user add signing certificates used by developers I trust, let me make my own decisions and take my own responsibility. |
Gregory's Server
3) It’s much easier for Apple to monitor and control signed software. Malware authors have to sign up for a developer account. Apps have to be uploaded to Apple for a malware scan before distribution to be notarized. Apple can revoke Developer ID certificates and notarization tickets at any time.
…