←back to thread

Catalina is checking notarization of unsigned executables

(lapcatsoftware.com)
361 points robenkleene | 1 comments | 23 May 20 09:42 UTC | HN request time: 0s | source
Show context
londons_explore ◴[23 May 20 14:00 UTC] No.23282990[source]
This must be a blacklist, since it doesn't block my own random scripts which it has never seen before.

If it's a global blacklist on apple servers, it should instead be downloaded to the client, and be a local blacklist.

Too big? Use a bloom filter. Now you only end up keeping less than one byte per blacklisted item. Update the bloom filter with an autoupdater. Any positive hit you can check against the server just incase it's a false positive.

replies(3): >>23283287 #>>23283550 #>>23283950 #
caf ◴[23 May 20 15:55 UTC] No.23283950[source]
Doesn't a blacklist also work only until the malware authors figure out how to randomize 8 junk bytes every time they serve an executable?
replies(2): >>23285266 #>>23285447 #
1. therein ◴[23 May 20 18:34 UTC] No.23285266[source]
Which they already do.