Signed binaries don't stop malicious binaries. It can help prevent the spread of malicious binaries once they've been identified as malicious, but it does nothing to stop the initial mayhem.

I don't think that the signed binaries are intended to prevent malicious binaries but rather instead to create an evidence trail once an malicious binary has been submitted.

Since you have to sign with a key that you have payed apple to authorize. Apple has the payment details that connect you and the signed binary together. In addition the membership has licence conditions that in turn allow Apple to sue you.

The intent is a deterrent effect.

That’s not true. You can bypass that.

Well of course it can be bypassed, but it certainly doesn’t “step in” at some point either as was suggested. It blocks all unsigned binaries regardless of any damage they’ve caused.

Though this morning I realized I misunderstood the point of the grandparent here. He was saying you can have a signed binary that is still malicious. I thought they were talking about what apple does in the case of unsigned.

The fact that they are capable of that is an OS flaw. Signing and all the rest is repairing a leaky dam with chewing gum.

Our OSes all date back to a time when security simply was not such a concern. All binaries almost have root. A modern OS would be least-privilege all the way.

Btw web browsers show that it is possible to run untrusted code locally in a sandbox and do so fairly safely.