Comment by Spivak

4 years ago

Through the very mechanism people are complaining about today.

If your machine is offline then it switches to a fail-open system and uses its cache to verify the binary and if it's not in the cache then it skips the check and allows it.

If your machine is online then it switches to a fail-closed system so that if you can't reach the servers because of something malicious then it blocks.

2 comments

Spivak

Reply
ehsankia  4 years ago

So that seems like more of an analytics system to me than a protection system, if it can be circumvented so easily.

  • Spivak  4 years ago

    I think the philosophy is that you're not too often acquiring new software while offline so the usability trade-off isn't as bad as it seems.