macOS has implemented code signing and only allowing apps from the App Store or trusted developers as default for quite a while now but people still find a way to turn it off or bypass it and then get infected by malware/spyware/adware. Because it's expected that you can run any app on a desktop/laptop platform though, they can't just fully restrict it, and it shows.
If "historical inertia" is the only thing keeping macOS a general purpose computing platform, that is extremely troubling. Because it means Apple will not hesitate to lock it down in the future if it's able (e.g. through subversion of notarization).
To me, this is one of the main reasons to fight for an open iOS: if people get accustomed to corporations revoking access to their software for arbitrary reasons, and if the technology exists allowing them to easily do so, then the gradual introduction of these measures to PC platforms will be met with a collective shrug.
> So suffice to say, their whole security scheme leaves a bit to be desired.
Indeed, but always was it so, and always will it be.
Also, that story is exactly what I mean when I say that what Apple does is, despite the flaws, still better than nothing: you can't pull a fake app hosted on its own website — you might not even be able to go after the host or the domain registry without a court order, and even then the country in which they are based may not be on good terms with your own and may not care about that order.
The analogy here would be using a headline of the police arresting a criminal to say "this shows that the idea of using a police force to prevent crime leaves a bit to be desired". Yes, and?
> you can't pull a fake app hosted on its own website
You can stop signing it, or register the hash of the program as malware. There, that's two easy ways to stop end-users from consuming harmful software.
> The analogy here would be [...]
It's more like if the police was trying to rationalize some ridiculous security system (say, drones) that didn't help catch criminals in the first place.
> You can stop signing it, or register the hash of the program as malware. There, that's two easy ways to stop end-users from consuming harmful software.
The first requires them to be signed in the first place. That violates the prerequisite of your point because your words were "they leave it on, and install malware/spyware/adware anyways" — so that's not a way to actually stop end-users from consuming harmful software, by your own words.
The issues with the App Store are "Apple is a gatekeeper that gets to say no and we don't like the set of reasons they've given themselves to be allowed to do that" and "Apple is a gatekeeper that charges money and we don't like that charge".
The right to stop signing some app, the right to register a hash as malware, both have the exact same capacity for mis-use if you regard Apple themselves (or any other gatekeeper) as being a threat to your freedom. Unless you turn off "run only trusted apps", but again that violates the prerequisite of your point, because then "stop signing it" has no effect.
And come on, hashes? Self-modifying code was a thing when my compiler only output for 68k/System 7.
> It's more like if the police was trying to rationalize some ridiculous security system (say, drones) that didn't help catch criminals in the first place.
It's specifically an example of them catching a bad actor and stopping them. "Pulls" is right in the headline.
macOS has implemented code signing and only allowing apps from the App Store or trusted developers as default for quite a while now but people still find a way to turn it off or bypass it and then get infected by malware/spyware/adware. Because it's expected that you can run any app on a desktop/laptop platform though, they can't just fully restrict it, and it shows.