Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Patrick Wardle teams up with ex-Apple researcher to boost Mac security for all

DoubleYou founders believe Mac needs better security

Two long-standing Mac security experts have formed DoubleYou, a firm that aims to develop security tools that other Mac developers can incorporate into their systems.

The new company was started by, and is named after the last initial of, noted security expert Patrick Wardle. Together with Mikhail Sosonkin, he plans to release modular security apps that can protect against one or many components of malware.

"Instead of building, for example, a whole product from scratch, we really took a step back," Wardle told TechCrunch, "and we said 'hey, how do the offensive adversaries do this?'"

"Can we basically take that same model of essentially democratizing security but from a defensive point of view, where we develop individual capabilities that then we can license out and have other companies integrate into their security products?" he continued.

Sosonkin calls this "an off-the-shelf catalog approach," with developers able to buy in whatever security elements their app needs. As well as saving each developer time, Wardle and Sosonkin argue that this makes Mac security better because the same options can be available to all developers.

At present, DoubleYou does not have the catalog of security elements it proposes. The founders say that catalog will definitely include a core module that analyzes running processes to block unrecognized code.

Plus its founders do have Wardle's other firms to draw on. For more than a decade, for instance, Wardle has already been developing macOS security tools through his non-profit Objective-See Foundation. Those tools include around a dozen separate security modules such as OverSight, which detects malware attempting to use a Mac's microphone or camera.

"Maybe in a way, we are kind of like foolish idealists," said Sosonkin. "We just want to catch some malware. I hope we can make some money in the process."

Wardle started out as an intern at NASA for the summer of 2005, and then joined the National Security Agency for almost three years. He later founded his own company, Digita Security in 2018.

Mikhail Sosonkin has been working in security since June 2004, and his career includes time with Amazon and Amnesty International, as well as teaching for the NYU Tandon School of Engineering. He also spent two years as Security Researcher at Apple from 2019.

Also in 2019, Patrick Wardle sold his Digita Security firm to Jamf, and stayed with the company for the next 18 months.



5 Comments

Diletante 6 Years · 12 comments

This could be a very interesting collaboration. Wardle’s tools are interesting in the way that they detect various types of malware but they currently require too much user involvement which can make them false-positive fire hoses. If AI could be used to filter that torrent to those alerts I really need to examine more closely, that would be a big win.

welshdog 22 Years · 1898 comments

Diletante said:
This could be a very interesting collaboration. Wardle’s tools are interesting in the way that they detect various types of malware but they currently require too much user involvement which can make them false-positive fire hoses. If AI could be used to filter that torrent to those alerts I really need to examine more closely, that would be a big win.

Not sure I understand your point about the Objective See apps. I have a number of them and they work well.

michelb76 8 Years · 700 comments

welshdog said:
Diletante said:
This could be a very interesting collaboration. Wardle’s tools are interesting in the way that they detect various types of malware but they currently require too much user involvement which can make them false-positive fire hoses. If AI could be used to filter that torrent to those alerts I really need to examine more closely, that would be a big win.

Not sure I understand your point about the Objective See apps. I have a number of them and they work well.

BlockBlock for example pops up for about everything, even things that are just fine (this is expected behaviour). As a regular user it's very difficult to determine what is a false positive and what isn't. If they can make this (more) foolproof for the average user, it would be great.

Diletante 6 Years · 12 comments

welshdog said:
Diletante said:
This could be a very interesting collaboration. Wardle’s tools are interesting in the way that they detect various types of malware but they currently require too much user involvement which can make them false-positive fire hoses. If AI could be used to filter that torrent to those alerts I really need to examine more closely, that would be a big win.

Not sure I understand your point about the Objective See apps. I have a number of them and they work well.

As per Michelb76, too many false-positives, RansomeWhere is better but every single alert has been a false-positive.