> I kept thinking to myself "Microsoft is going to boot Firefox from Windows" before realizing that MS doesn't have that sort of power (compared to say Apple).
Actually, when it comes to Windows and macOS, Microsoft has about the same power as Apple does when it comes to limiting what software can and can't run on their operating systems.
Defender on Windows works like Gatekeeper does on macOS. Defender gets to decide what runs or doesn't run on a Windows system, using a similar approach to Gatekeeper.
Both Apple and Microsoft require developers to regularly buy certificates to sign the software they intend to distribute to macOS and Windows users, and they require developers to remain in good standing with either company. Unsigned software is treated as if it is radioactive by both operating systems, and macOS on M1 Macs goes one step further by deprecating unsigned binaries entirely.
If Apple or Microsoft want to, they can revoke a developer's certificates, and any app that was signed with them will be prevented from running by Gatekeeper or Defender. They can also choose not to renew a developer's certificates, preventing apps from running when the certificates they were signed with expire.
To 99.9% of users, apps signed with revoked or expired certificates will be portrayed as either being broken or malicious by macOS or Windows.
Actually, when it comes to Windows and macOS, Microsoft has about the same power as Apple does when it comes to limiting what software can and can't run on their operating systems.
Defender on Windows works like Gatekeeper does on macOS. Defender gets to decide what runs or doesn't run on a Windows system, using a similar approach to Gatekeeper.
Both Apple and Microsoft require developers to regularly buy certificates to sign the software they intend to distribute to macOS and Windows users, and they require developers to remain in good standing with either company. Unsigned software is treated as if it is radioactive by both operating systems, and macOS on M1 Macs goes one step further by deprecating unsigned binaries entirely.
If Apple or Microsoft want to, they can revoke a developer's certificates, and any app that was signed with them will be prevented from running by Gatekeeper or Defender. They can also choose not to renew a developer's certificates, preventing apps from running when the certificates they were signed with expire.
To 99.9% of users, apps signed with revoked or expired certificates will be portrayed as either being broken or malicious by macOS or Windows.