Comment by strogonoff
4 years ago
There are two major somewhat misleading bits of buzz around macOS “phoning home” all of our executables.
1: among Windows, macOS and Linux only Linux distros don’t do such checks, and most of end-user Linux installations are arguably secure in spite of this—mostly because they are very rare and thus not a priority target for malware.
2: this only concerns files you launch. If you wrap your binary invocation in a shell script, that shell script’s hash will be sent, not your binary’s.
What does the author of the operating system phoning home have to do with Linux not being a target for malware? It seems like you're mixing up two different issues with this.
Phoning home in this case is done to check whether an app’s signed with a valid certificate. Not checking that opens user’s machine to attacks where malware successfully pretends to be an authentic trusted app, likely gaining access privileges (Keychain, etc.) granted to that app by the user previously.
Linux distros can arguably get away without these checks since their users are typically more aware of what they are launching, but importantly also because they are not as big a target due to smaller user bases.
Don't Linux distros accomplish these checks with GPG key signing, which don't need to phone home?
2 replies →