[jolux]

XProtect has a wider scope than notarization, though, and its detection rules are different. Notarization and XProtect are both focused on stopping malware but they don't actually operate on the same principle, notarization happens in the cloud before deployment (to stop malware from being deployed) and XProtect happens continuously in the operating system (to stop malware from running), checking for malicious signatures. That functionality intersects with notarization, but it's not equivalent.

[AnthonyMouse]

It operates based on the same principle. There is a list of known-malicious software and you reject that software. If the bad software is known, they can both reject it. If it isn't known, neither of them would.

Defense in depth requires one of the measures to catch things the other one wouldn't.

[AnthonyMouse]

People seem to be having trouble with this, so let's go to the ogre analogy.

Defense in depth is layered, like an onion.

Combining automatic certification with fingerprinting is layered, like a cake. It's not the same thing.