If you’re running macOS and love your system safe and secure, there’s a good chance you’ve heard of Objective-See. This team of security pros builds tools that keep your Mac free of malware and unwanted programs. One of their powerful tools is BlockBlock—a handy app that watches your system like a hawk. But sometimes even good security measures can throw a wrench into your daily routine. This is the tale of how BlockBlock stopped legit auto-updaters and how a clever fix brought harmony back to your Mac.
TL;DR: BlockBlock is a tool that stops unauthorized programs from sneaking into your Mac at startup. But it was a little too strict and accidentally blocked legit auto-updaters. That meant popular apps couldn’t update themselves. Objective-See fixed it with a smart solution: the signed-updater allowlist. Now updates work again—without sacrificing security!
What Is BlockBlock?
BlockBlock is an app created by security expert Patrick Wardle and his team at Objective-See. It watches key areas of your Mac like:
- Startup scripts
- Launch agents
- Kernel extensions
- Login items
BlockBlock’s job is simple: see something trying to auto-start? Ask the user. That way, sneaky malware can’t just add itself to your system without your knowledge. It’s like a bouncer for your Mac’s startup party.
When Good Tools Get a Little Too Strict
Everything was going great—until BlockBlock got a big update. That update made it even stricter. It now flagged any new item added to auto-start, no matter where it came from.
The problem? That included apps you trust. Like Microsoft Teams. Like Zoom. Even Google Chrome. All of them have auto-updaters that install updates without bothering you. But BlockBlock didn’t know they were your friends. It saw them as suspicious. So it blocked them.
The result? Apps stopped updating. Silent updates didn’t run. And worst of all, users didn’t always understand why. It looked like the app itself was broken.
Why Auto-Updaters Matter
Auto-updaters are more than just handy—they’re crucial for security. Here’s why:
- They fix bugs you didn’t know you had.
- They patch security holes fast.
- They keep malware from sneaking in using known exploits.
When auto-updaters stop working, your apps stay stuck in the past. And that can leave your system vulnerable.
The Catch-22: Security vs. Convenience
When people found out BlockBlock was the reason updates weren’t installing, some weren’t happy. But it wasn’t really BlockBlock’s fault. After all, its job is to protect you from unknown, stealthy programs.
The issue was this: How can BlockBlock tell good auto-updaters from bad ones?
Imagine you’re managing a nightclub. You don’t want random folks sneaking in through the back door. But what if the delivery guy also uses that back door? You don’t want to block him, right? That’s exactly the problem BlockBlock faced.
The Signed-Updater Allowlist to the Rescue
Objective-See thought hard about it and came up with a genius idea: a signed-updater allowlist.
This is a special list that contains known and trusted updaters. These are auto-updaters that:
- Are cryptographically signed by a well-known developer
- Behave in expected, safe ways
- Only update apps with your permission or in clear system-approved ways
When BlockBlock detects a new startup item, it checks the allowlist. If the item is on the list, it lets it through. If not, it warns the user like it always has.
This means the system remains tight, but friendly to well-behaved guests.
How the Allowlist Works in Real Life
Let’s take Google Chrome as an example. Chrome has a tiny helper app called Keystone that manages updates. Before, BlockBlock would see Keystone trying to add itself to auto-launch on boot and go, “Whoa! Not so fast!”
After the allowlist? BlockBlock sees Keystone is signed, trusted, and on the list. It gives it a nod and lets it do its thing—no popup, no warning.
Pretty smooth, right?
How to See the Allowlist on Your Mac
BlockBlock lets advanced users dive into the allowlist settings. If you’re curious, you can even see the list from the terminal or in the app itself. But don’t worry—you don’t have to touch anything. BlockBlock updates the list automatically with each update.
You can also add your own entries if you’re a power user. For example:
/Applications/YourCoolApp.app/Contents/MacOS/UpdaterAdd that to a local allowlist, and BlockBlock will remember it’s safe.
Who Decides What Goes on the List?
The folks at Objective-See have taken on the job of managing this list. They review updaters carefully before adding them. They look at:
- How the updater works
- If it’s signed by a developer with a good reputation
- If there’s any history of abuse or weird behavior
This way, only genuine, useful updaters get through. Malware authors can’t sneak onto the list.
The End Result: Peace of Mind AND Seamless Updates
Thanks to the signed-updater allowlist, BlockBlock users now have the best of both worlds.
They get:
- Strong protection against unauthorized auto-start programs
- Fully functional auto-updaters for trusted apps
- No confusing popups for known good software
It’s a win-win.
Why This Matters for Regular Users
You don’t have to be a cybersecurity wizard to benefit from tools like BlockBlock. Anyone who uses a Mac can install it and be instantly safer. And thanks to the signed-updater allowlist, you don’t even need to deal with complicated configuration or unexpected problems.
Everything happens behind the scenes—quietly, smoothly, and smartly.
Takeaways
- BlockBlock is great at stopping sneaky programs that try to auto-run without your permission.
- But it used to block even trusted app updaters like Zoom or Chrome accidentally.
- The solution was a signed-updater allowlist that lets verified, signed updaters run without interference.
- Now, your apps stay updated AND your Mac stays safe. Hooray!
Wrapping Up
Security isn’t just about saying “no” to threats. It’s about saying “yes” to the right things while keeping the wrong ones out. BlockBlock had a bit of learning to do—but thanks to Objective-See’s clever work, it learned quickly.
With the signed-updater allowlist, your Mac can still get its updates on time, and BlockBlock can keep doing what it does best: stopping shady software in its tracks.
If you’re curious or want to try it for yourself, check out Objective-See’s tools. They’re all free, open-source, and made by people who just want your Mac to be awesome and safe.
Stay secure and stay updated!