Comment by antihero
4 years ago
The server is called OSCP which suggests to me that if we look at Apple in the most positive light - they sign and certify binaries as safe. If an app gets later reported as malicious, they need to revoke the certificate that has been used to sign said binary.
So when you open an app, how else are they going to check whether the certificate is still valid or whether it has been revoked?
Can anyone confirm whether this lookup applies to unsigned as well as signed binaries? As far as I know if I build a brand new binary with cargo, and run it, it doesn't do any checks.
Here's a wild idea: don't block executables from running.
Or if you do, only do it for a set of known bad ones, as antivirus products do.
Do not put a cloud service (or anything for that matter) between the users and their ability to run what they want.
Sure but how does that work? If a cert-revoked app is allowed to run, the damage is already done.
I think perhaps a better tradeoff would be if a revocation list could be synced hourly or so and the app could be checked sync locally and then asyncronously on open. And of course, always give the power user an option to ignore things.
Here's an idea: log all opened binaries somewhere and then every hour or so check them against the list.
Never block me from opening something, but warn me about bad stuff on a regular basis.
They could also keep the current solution and just use a CRL as a backup to OCSP to check the revoked certificates and update it every other hour...
Yes but with your solution if an app is malicious, and did malicious things, it now has a whole hour to fuck your shit up before being disabled.