move app revocation checks
This commit is contained in:
mfwmyfacewhen
GitHub
parent
e0d81ac98b
commit
6259f964f4
|
|
@ -129,12 +129,6 @@ macOS employs defense in depth by relying on multiple layers of software and har
|
|||
|
||||
macOS allows you to install beta updates. These are unstable and may come with extra telemetry since they're for testing purposes. Because of this, we recommend you avoid beta software in general.
|
||||
|
||||
### App Revocation Checks
|
||||
|
||||
macOS performs online OCSP checks using HTTPS encryption when you open an app to verify whether an app contains known malware, and whether the developer’s signing certificate is revoked.
|
||||
|
||||
We recommend against blocking these checks.
|
||||
|
||||
#### Signed System Volume
|
||||
|
||||
macOS's system components are protected in a read-only signed system volume, meaning that neither you nor malware can alter important system files.
|
||||
|
|
@ -149,6 +143,12 @@ System Integrity Protection makes critical file locations read-only to protect a
|
|||
|
||||
#### Application Security
|
||||
|
||||
### App Revocation Checks
|
||||
|
||||
macOS performs online OCSP checks using HTTPS encryption when you open an app to verify whether an app contains known malware, and whether the developer’s signing certificate is revoked.
|
||||
|
||||
We recommend against blocking these checks.
|
||||
|
||||
##### App Sandbox
|
||||
|
||||
macOS apps downloaded from the App Store are required to use the [App Sandbox](https://developer.apple.com/documentation/security/app_sandbox). You should avoid non-App Store software as much as possible.
|
||||
|
|
|
|||
Loading…
Reference in New Issue