Hacker News new | ask | show | jobs
by Closi 1879 days ago
> You can get practically as much security by pushing malware signatures to the client without the massive privacy overreach

I think the issue with pushing malware signatures to the client is that it is reactive rather than proactive - i.e. by the time you have identified a malware signature, it is already too late (which leads to an inevitable cat-and-mouse / whack-a-mole game).
3 comments
fiddlerwoaroof 1879 days ago
So, my take has been that Apple’s been doing a long push to switch incrementally from a Unix user/group/ACL security mode to a capability model: the various entitlements, things like PowerBox not having an API, notarization, etc.

The big issue I’ve always had with capability security (as implemented here and in Fuschia) is that, while it is a better security model in many ways, it’s also a lot easier to use against developers and power users, especially when you depend on PKI to implement your unforgeable tokens.

link
mmis1000 1879 days ago
And it does not even work in every case even signature is successfully identified. For example. If the malware already take down the network in some way. There is just no chance for apple to push the malware signatures and fix to client anymore.
link
AnthonyMouse 1879 days ago
> I think the issue with pushing malware signatures to the client is that it is reactive rather than proactive - i.e. by the time you have identified a malware signature, it is already too late (which leads to an inevitable cat-and-mouse / whack-a-mole game).

But notarization is the same. Apple isn't vetting notarized apps before they're distributed. All it does is impose a cost on the developer, who could still for all you know be a member of the Russian mafia. Or any random developer who has had their machine compromised and then used to sign the compromising party's malware.

It doesn't get revoked until somebody identifies the code as malware. It's the same reactive process as malware signatures.

link
zackees 1879 days ago
Malware can change its signature and then it’s no longer on the exclusion list.

However if an inclusion list is used, then the malware changing its signature means that it loses the ability to execute.

link
AnthonyMouse 1878 days ago
Except that approval is automatic so they just modify the signature and submit it to be included again.
link