I know we've recently had heated discussions if Apple's Gatekeeper is a useful tool for keeping out malware or of it's a nefarious spy operation or maybe just a new anti-competitive way to lock out 3rd party apps that don't pay 30% for App Store distribution. It was rarely mentioned, but Windows has kind of the same with SmartScreen, for the same stated purpose of security.

But much more important than Apple's or Microsoft's evilness level, I believe we should have a discussion about what to do about malware which is code-signed. It's not difficult to imagine that a determined criminal can find at least one badly secured 3rd party developer whose code-signing certificates can be abused.

This is not hypothetical, for example see this Microsoft postmortem: https://blogs.microsoft.com/on-the-issues/2020/12/13/customers-protect-nation-state-cyberattacks/ which is about this attack: https://www.solarwinds.com/securityadvisory

Modern software will update itself all the time and it's sending back and forth data to clouds all the time, so there are very few heuristics left to go by to determine if a given piece of code-signed application downloading executables and uploading data is a useful app like WhatsApp or a malware to be stopped.

What's your take?