|
|
|
|
|
|
by AnthonyMouse
1881 days ago
|
|
|
> I think the issue with pushing malware signatures to the client is that it is reactive rather than proactive - i.e. by the time you have identified a malware signature, it is already too late (which leads to an inevitable cat-and-mouse / whack-a-mole game). But notarization is the same. Apple isn't vetting notarized apps before they're distributed. All it does is impose a cost on the developer, who could still for all you know be a member of the Russian mafia. Or any random developer who has had their machine compromised and then used to sign the compromising party's malware. It doesn't get revoked until somebody identifies the code as malware. It's the same reactive process as malware signatures. |
|
|
However if an inclusion list is used, then the malware changing its signature means that it loses the ability to execute.