The risk of launching malware a second+ time seems substantially less than the privacy leak caused by more frequent checks.

Zoom isn't malware, Apple did not revoke Zoom's Developer ID certificate, and indeed Zoom still exists on the Mac.

Zoom had a serious uninstaller bug, but that's all it was, and it's not relevant to the current discussion.

Incorrect - zoom exposed a serious vulnerability, and Apple shut it down, using another mechanism but nonetheless the same effect.

It’s relevant because you argue that there is no value to having the ability to do this.

It is also a problem which occurred every time the app was launched. Something you have dismissed as a non problem.

https://www.theverge.com/2019/7/10/20689644/apple-zoom-web-s...

> using another mechanism

> It’s relevant because you argue that there is no value to having the ability to do this.

No, I did not. We haven't talked about that other mechanism, so I've said nothing about it here either positively or negatively.

> Something you have dismissed as a non problem.

I said "Zoom had a serious uninstaller bug". So no, I did not dismiss it as a non problem. It just has nothing to do with Developer ID certificate OCSP.

Please stop putting words in my mouth or completely warping the words that I do say.

No warping going on.

You said “But if you have a cached OCSP response for the cert of a malware author, then you've already launched their app, so it's probably too late.”

I.e. once you have launched the app, the damage is done.

This is not the case, and the Zoom situation is a clear counterexample. Even if a problematic app has been launched one or more times, it is still worth preventing subsequent launches if you can.

It doesn’t matter what mechanism is used to prevent the subsequent launch. This applies to any mechanism including OCSP. The Zoom example is a refutation of the particular point you made, a point which dismisses a real security concern.

It demonstrates that there is value in Apple having the ability to prevent harmful software from running, no matter how many times it has already been run.

> This is not the case, and the Zoom situation is a clear counterexample.

I was talking about MALWARE. As I said before, Zoom is not malware, so no, it's not a counterexample.

This is my last reply to you. You're clearly not interested in having a good faith conversation, you continue to misinterpret me and want to score "internet points" or something. I'm done.

Accusations of bad faith are unhelpful, especially in a technical discussion like this.

Zoom is not malware in that as far as we know it isn’t Zoom’s intent to cause harm.

However in this instance it exhibited a behavior which many forms of malware exhibit - opening an insecure or exploitable port. It was shut down because it was behaving the way some malware behaves.

It’s a perfectly reasonable example of using these types of mechanism to mitigate a real security issue.

You can’t seriously be claiming that malware never opens ports, or that malware always does all of its harm on the first run.

Therefore the use of the distinction ‘malware’ is arbitrary and irrelevant.

The mechanism is useful to protect against vulnerabilities, regardless of whether the vulnerabilities were intentional or not.