![]() Just because passwords or any other form of security protection aren’t perfect, you don’t give up and use easily guessable passwords, do you? I know that a good lockpicker could probably unlock my front door in less than a minute or two, but do I leave the house unlocked to spare them the bother? Notarization is but one layer of security among many, which are only needed because we, being human, still can’t seem to resist tempting offers like a Flash Player update six months after Adobe finally killed it.Īnother argument against notarization which seems popular is that it gives Apple a ‘kill switch’. Like every other security measure, notarization cannot provide perfect protection, but acts as a filter, and a very effective one at that. ![]() So what’s the point of notarization if we can’t fully trust apps which have been notarized? However, other software which isn’t notarized or supplied from the App Store will take the more circuitous route through Gatekeeper checks when first run only after it has been downloaded from the Internet, or copied across using AirDrop, which also sets the quarantine flag.īut every few weeks, we hear about more malware which Apple has happily notarized, and told us that it has checked for malicious software and found it to be wholesome. Another more complicated class of software are plug-ins for other apps, which have to be notarized, otherwise the user may have to explicitly approve the plug-in through the General tab of the Security & Privacy pane (when they’re quarantined). There are some small but important exceptions to this, kernel extensions in particular, which are required to be notarized on both Intel and M1 Macs. Code signed using a developer certificate, whether or not it’s notarized, can be run without penalty on all Macs.Code signed using ad hoc rather than Apple-issued certificates can be run without penalty on all Macs, including natively on M1 Macs.Completely unsigned code can still be run without penalty on Intel Macs, and on M1 Macs only in Rosetta 2.Nor has Apple announced any change in rules over the signing or delivery of software. Although Apple makes this a rule for developers, users aren’t limited by it in any meaningful way: downloading and using an app which isn’t notarized involves a small detour on the first run, but that doesn’t seem set to change in macOS 12. Under current rules, all third-party developers of software for macOS are supposed to deliver their software through the App Store, or to notarize it before distributing it independently. This article explains what’s happening, and considers whether it’s benefiting the user. One of the most pervasive changes in macOS security, notarization of apps, is set to change again this summer.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |