For security-conscious Mac users, Christmas has come early this year, with reports of Google's Macintosh Operations Team developing a new whitelisting and blacklisting system for the Mac OS.
According to the developers' GitHub page, the system earned its merry moniker “because it keeps track of binaries that are naughty or nice.” The Register was among the first to report on the tool, which is designed for both individual users and group deployments.
The nascent system, not yet a version 1.0, has two admin modes: “Monitor,” which runs all binaries except blacklisted ones, and “Lockdown," which runs only whitelisted binaries. It offers event logging functionality, as well as certificate- and path-based rules. To prevent sabotage by a bad actor, key components of the tool – a kernel extension that monitors for executions, a userland daemon that makes execution decisions, and a GUI agent – will confirm that all of their signing certificates are identical before communicating with each other.