On August 23, 2021, Apple pushed out an update for XProtect and other security systems that, among other things, rejects any code signed with certificates issued by Symantec. The slow process of distrusting Symantec certificates began in 2018. Those mistakes led to an investigation, and what was found was highly concerning.Īs a result, it was widely agreed that trust for Symantec certificates should be gradually phased out. An important part of being a certification authority is trust, and Symantec made some big mistakes as a CA. However, Symantec CA played a bit fast and loose with the rules, which is never good for a CA. What’s wrong with Symantec?Ī few years ago, Symantec offered CA services. It turns out, they made a really poor choose of CA to obtain their certificate from: Symantec. However, not everyone does, and some companies will use certificates obtained from third parties to sign their apps.Ĭitrix did exactly this, and the decision has come back to haunt them. In the case of Mac apps, you’re really supposed to get your certificates directly from Apple. This time around the chain of trust has been broken again, but the problem isn’t the certificates, it’s the CA that vouches for the certificates.Ī CA is an trusted organization that issues certificates.
Why is malwarebytes for mac free software#
The HP software on people’s Macs didn’t change but the chain of trust that vouched for it was broken, so it began to trigger alerts as if it was malware. In the HP incident, HP revoked the certificate it used to sign a lot of its printer software. An organization proves its ownership of that secret key using a digital certificate, and that certificate’s authenticity is vouched for by a certificate authority (CA). In simple terms, code signing relies on a chain of trust: Signing is performed using a secret key.
:max_bytes(150000):strip_icc()/018-remove-adware-mac-4582393-0b6f159de3724427b48d3669f4e67946.jpg "why is malwarebytes for mac free")
(For a primer in code signatures and certificates, see our previous coverage of the HP incident.) If they’re not, they can’t be considered 100% safe. Code signing is a really important security feature, and all apps really ought to be signed. If an app is signed by the company that created it then you can be sure you’re using an unadulterated version of the software. What is code signing, you ask? In short, it’s a cryptographic way to validate that an app has not been tampered with. What’s causing the warnings?Īs was the case with a similar issue affecting HP printers last year, it’s all about code signing. (It’s almost like Citrix is trying to make its apps sound shady!) Other companies are also seeing an impact to older apps, such as An圜onnect’s vpnagentd. Among them are two other Citrix apps, ServiceRecords and AuthManager_Mac. Unfortunately, the name “ReceiverHelper” fits right in. All of these adware names are pretty generic, revealing nothing about what they’re actually supposed to be doing. There has been a fair bit of Mac adware going around lately with odd two-word names, like StandardBoost or ActivityInput. Not only is macOS apparently saying that it is, but the name is highly suspicious. Of course, if you thought that this was malware, we’d have to forgive you. Only some older versions of the software are causing problems. Not all Citrix software is being flagged as malicious, fortunately. It is a component of Citrix, which is legitimate software made by the company of the same name.
If you’re one of the affected folks, the good news is that this isn’t malicious at all. An Apple Gatekeeper alert about ReceiverHelper Is ReceiverHelper malware?
0 kommentar(er)
