“With the advent of Intel-based Macintosh computers, Apple was faced with a new requirement: to make it non-trivial to run Mac OS X on non-Apple hardware. The ‘solution’ to this ‘problem’ is multifaceted. One important aspect of the solution involves the use of encrypted executables for a few key applications like the Finder and the Dock. Apple calls such executable apple-protected binaries,” Amit Singh writes for Mac OS X Internals.
“Note that besides hindering software piracy, there are other scenarios in which encrypted binaries could be desirable. For example, one could turn the requirement around and say that a given syst m mus not run any binaries unless they are from a certain source (or set of sources). This could be used to create an admission-control mechanism for executables, which in turn could be used in defending against malware. In a draconian managed environment, it might be desired to limit program execution on managed systems to a predefined set of programs—nothing else will execute. In general, a set of one or more binaries could be arbitrarily mapped (in terms of runnability) to a set of one or more machines, possibly taking users, groups, and other attributes into account,” Singh writes.
Singh takes a look at how apple-protected binaries work in Mac OS X in his full article here.