With Notarization, Apple Moves to Greatly Reduce Malware on Macs

2 minute read
| Editorial

Notarization is an automated code scan service for Mac developers that looks for malicious code and blesses it if none found. In a future version of macOS, the Gatekeeper will look for that notarization. This is a good thing.

C++ code

At Computerworld, Greg Keizer reports:

Apple will soon make a code review mandatory for all applications distributed outside its own Mac App Store by new developers, a first step towards requiring all Mac software to pass similar reviews.

The process won’t make user’s perfectly safe, but it’s a step in the right direction. Author Keizer quotes Chet Wisniewski, a principal research scientist at Sophos.

“It’s not a perfect process, but without [such safeguards] the criminals don’t have to try very hard.”

Innocence Lost

And that brings up a related point. Modern users have shown themselves to be all too trusting of software. Or else too easily manipulated by advertising claims. In fact, the time has long since come and gone when users had any visibility whatsoever into the workings of modern app code.

When I was a UNIX apprentice at The Oak Ridge National Laboratory, decades ago, the UNIX gurus wouldn’t install any software on their Sun/SGI/DEC workstations that didn’t come with source code. They would compile it theselves and were astonished that I blindly installed apps on my Quadra 700.

But in those days, it was almost certainly safe to do so. Nowadays, it’s not.

I approve of this process. Years ago, I stopped installing curiosity apps, that is, apps from new or unfamiar developers that looked cool and did something neat. I definitely have a preference for the Mac App Store when the need arises. But as a tech writer, I’ve found that a lot of tasks that appear to require a 3rd party app can be conducted with the resources available within macOS.

When the day comes that no one can write softare for the Mac and get it to run without Apple’s review and approval, I’ll be very happy indeed.

Trust is gone because the temptation to do iffy things on the customer’s machine, in secret, is just to great. The internet offers so many tempting business models that reward unscrupulous code. This is sad because there are so many well-known and trusted developer heroes who write superb, trustworthy code. (I’m using one here: BBEdit from Bare Bones Software. There are many, many more Good Guys.)

With the gradual escalation of Notarization in the future, Apple has put all Mac developers on notice. Daddy’s home.

3
Leave a Reply

Please Login to comment
1 Comment threads
2 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
3 Comment authors
Paul GoodwingeoduckCudaBoy Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
CudaBoy
Member
CudaBoy

Gatekeeper will allow downloading of non signed non App store Apps all day long and this “notarization” is just another layer of very small improvement. In no cases has Apple definitively stated Gatekeeper or Macs per sé are safe or even safer than a PC – but if you read their corporate BS it reads like they are. Also as I’ve stated besides the WindTail.A, and many other Malwares on Macs that weren’t discovered until months after they were in Macs – and maybe in yours now – you can easily get Malware from your browser w/o even downloading anything… Read more »

geoduck
Member
geoduck

So your tl:dr is everyone is lying, nothing works, nobody is trustworthy, so f-it don’t even try?

Paul Goodwin
Member
Paul Goodwin

But the Macs are more secure than PCs if for no other reason than there are far less malware producers focused on the Macs. Also, without any 3rd party protection, the Macs are far more secure.