Slow Mac App Launches: Malware Scan or Hash Cache Miss?
2025-05-01
Blogger Jeff Johnson discovered last year that slow Mac app launches are due to malware scanning by the syspolicyd process. However, blogger Howard Oakley disagrees. Johnson uses spindumps to refute Oakley, showing the malware scan occurs during dlopen when loading dynamic libraries. Oakley claims the slow launches are due to SHA-256 hash cache misses for files in the Frameworks folder. Johnson argues Oakley's theory lacks evidence and ignores the fact that universal binaries contain two architectures, making Oakley's hash calculation time estimates inaccurate. The core of this debate lies in different interpretations of system logs and process snapshots, and differing understandings of caching mechanisms.
Development
Mac apps