[PopsiclePete]

I feel like there's some over-reaction here. You pretty much have to either: 1. allow blanket access to all executables 2. perform some sort of validation/verification

Most people are not as technical as the people on this site, and we know that blanket access to all executables is not a great idea. MacOS is not immune to malware.

Having executables be signed means the signature has to be checked and the certificate has to be checked to see if it hasn't been revoked. I don't see how to do that without "phoning home" and checking, tbh.

I mean yes Apple could enable some expert setting or something for developer/expert types where you can say "trust me I know what I'm doing" but a lot of people who don't know what they're doing will enable that and then malware will run rampant again.

It's a shitty situation. But I'm not going to go down the paranoia rabbit-hole of assuming this is done to spy on me. At least not yet.

[Joeri]

They could use bloom filters and inherited trust to avoid having to send the signature of every executable to the internet. And there really should be a switch to turn this off for people who don’t want to be treated like children and will accept the risk of malware. Make it something on the command line and I guarantee no regular user will enable it.

[PopsiclePete]

There's probably a middle ground but you know that within a day of making it optional, the various "Clean my Mac" utilities will have an option to disable it and soon enough instead of 99% of people having it enabled, 75% will have it dibbled. And then some malware hits and spreads like wildfire and the same people who were so adamant on disabling it are now complaining that Apple isn't doing enough to protect them and woowee Macs are just as insecure as Windows.

Speaking of Windows, they also moved to a "we know what's best for you" model with Windows 10.

Definitely a "damned if you do, damned if you don't" situation.

I understand why "power users" feel frustrated but also understand the company's POV. A story like "Macs are invulnerable to this latest ransomware attack" looks pretty good to investors; the random complaints of nerds and power users go mostly unnoticed.

I bet $100 this latest scandal will not affect Apple's bottom line nor will anyone care within a month - there'll be other reasons to be outraged over on Twitter.