Malware, Network Security

Checking it twice: Google developing whitelist/blacklist tool for Macs


For security-conscious Mac users, Christmas has come early this year, with reports of Google's Macintosh Operations Team developing a new whitelisting and blacklisting system for the Mac OS.

According to the developers' GitHub page, the system earned its merry moniker “because it keeps track of binaries that are naughty or nice.” The Register was among the first to report on the tool, which is designed for both individual users and group deployments.

The nascent system, not yet a version 1.0, has two admin modes: “Monitor,” which runs all binaries except blacklisted ones, and “Lockdown," which runs only whitelisted binaries. It offers event logging functionality, as well as certificate- and path-based rules. To prevent sabotage by a bad actor, key components of the tool – a kernel extension that monitors for executions, a userland daemon that makes execution decisions, and a GUI agent – will confirm that all of their signing certificates are identical before communicating with each other.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.