←back to thread

macOS unable to open any non-Apple application

(twitter.com)
2603 points mattsolle | 1 comments | 12 Nov 20 21:00 UTC | HN request time: 0.212s | source
Show context
pengaru ◴[12 Nov 20 21:34 UTC] No.25075395[source]
Champions of privacy, phoning home a hash of every executable your computer runs!
replies(3): >>25076352 #>>25080477 #>>25081710 #
hk__2 ◴[12 Nov 20 22:54 UTC] No.25076352[source]
> Champions of privacy, phoning home a hash of every executable your computer runs!

What’s the matter with privacy? That’s a basic signature check, and you can do so while preserving privacy by using salted hashes or a similar solution.

replies(4): >>25076567 #>>25077716 #>>25078140 #>>25079836 #
root_axis ◴[13 Nov 20 01:22 UTC] No.25077716[source]
A centralized repository of all your executable hashes is a high precision fingerprint.
replies(3): >>25078997 #>>25080245 #>>25081679 #
strogonoff ◴[13 Nov 20 04:49 UTC] No.25078997[source]
There are two major somewhat misleading bits of buzz around macOS “phoning home” all of our executables.

1: among Windows, macOS and Linux only Linux distros don’t do such checks, and most of end-user Linux installations are arguably secure in spite of this—mostly because they are very rare and thus not a priority target for malware.

2: this only concerns files you launch. If you wrap your binary invocation in a shell script, that shell script’s hash will be sent, not your binary’s.

replies(1): >>25079248 #
circularfoyers ◴[13 Nov 20 05:35 UTC] No.25079248[source]
What does the author of the operating system phoning home have to do with Linux not being a target for malware? It seems like you're mixing up two different issues with this.
replies(1): >>25079409 #
strogonoff ◴[13 Nov 20 06:04 UTC] No.25079409[source]
Phoning home in this case is done to check whether an app’s signed with a valid certificate. Not checking that opens user’s machine to attacks where malware successfully pretends to be an authentic trusted app, likely gaining access privileges (Keychain, etc.) granted to that app by the user previously.

Linux distros can arguably get away without these checks since their users are typically more aware of what they are launching, but importantly also because they are not as big a target due to smaller user bases.

replies(1): >>25081272 #
circularfoyers ◴[13 Nov 20 11:39 UTC] No.25081272[source]
Don't Linux distros accomplish these checks with GPG key signing, which don't need to phone home?
replies(2): >>25081765 #>>25082953 #
1. strogonoff ◴[13 Nov 20 13:10 UTC] No.25081765[source]
Does it ensure the executable you downloaded and granted access to is still the same and was not modified afterwards?

Another reason is that if a cert (or a cert in the chain) is known to be compromised it can be revoked—would the mechanism used on Linux give some equivalent of that, or one has to be rely on bug trackers or apply updates to ensure trusted signatures are up-to-date?