Jump to content

Recommended Posts

I thought it strange that I was requested to approve Malwarebytes for Mac install because it was not an identified developer with Apple. Is this really true?

When I looked at the SSL Cert for the support.malwarebytes.com webpage it didn't reference Malwarebytes.com anywhere except as an ALT DNS name with a whole bunch of others. I also thought the main Malwarebytes.com should be coming up with the green padlock just like an EV certificate from Apple.

MB2.thumb.png.21ca1bf902fa651d08528c3b9f162ee8.pngMB1.thumb.png.977487745c15a74b5df1d70595651f64.pngMB3.thumb.png.fe7352e6edfbbd596a7835a546424e95.pngMB4.thumb.png.87e276d9fcda4825cbd6828d7ed88c81.png

 

Link to post
Share on other sites

Malwarebytes for Mac is definitely signed with their Apple Developer ID as shown by RB App Checker Lite. Not sure why your computer would say it isn't.

I suspect that having a standard certification rather than an EV is simply a matter of expense, but Malwarebytes may have other reasons. I just checked a dozen different security related sites and only Sophos and ClamXAV use an EV cert. Even SAN's Internet Storm Center and the US CERT government site use standard certificates.

 

Screen Shot 2018-05-12 at 3.20.21 PM.png

Link to post
Share on other sites

Both the installer and all the installed executables are definitely signed, using an official Apple developer certificate. If macOS is saying it's from an unidentified developer, then either there's a glitch with your system or the downloaded file itself is not good. Make sure to download the installer directly from here:

https://malwarebytes.com/mac

As for the certificate for the support.malwarebytes.com site, that site is run for us by Jive.

Link to post
Share on other sites

Thank you for the replies. I am glad to hear the ssl certs are good.

I downloaded the RB App Checker Lite from the App Store and ran both the package and the application through App Checker Lite. In the first screenshot I notice these differences: The signing times are different, The Gatekeeper assessment is missing and the application is not sandboxed. The second screenshot has some more info about the package. I see there is an alert about an OSerror and also see that there are other files which have an executable permissions that perhaps they shouldn't have.

Any feedback about why these differences are here?

 

MB5.thumb.png.8aec5adffa79bf9ed818ff6930cd77c6.png

MB6.thumb.png.838ee4858df78f0cf06c261461a9c47e.pngMB7.thumb.png.7dace1de74b377f8080fbe8148c5cbed.png

Link to post
Share on other sites

7 hours ago, deadeye said:

The signing times are different

You and I live in different time zones.

Quote

The Gatekeeper assessment is missing and the application is not sandboxed.

At the time of the assessment, I had not yet launched the app, so it was still quarantined (subject to Gatekeeper evaluation) and sandboxed.

I have no idea what that folder is. I cannot even find it within the .pkg using Pacifist or Suspicious Package. So no comment on that one, other than to say it isn't unusual to find that a few individual pieces of a bundle are unsigned. Not being a developer, I'm not sure how Xcode allows that to happen.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.