Once you load a malicious extension made by a sufficiently capable programmer, you might as well just reinstall your box and hope for the best (who knows where it could hide some magic to ensure it survives a full new install). By default Mavericks requires kernel extensions to be signed now which IMHO is a good thing.Īs they run inside kernel space, there's nothing a malicious kernel extension can't do to your system and additionally, they get to completely hide themselves from user space applications (that includes the Apple malware removal tool) and other kernel extensions. Keep in mind that by enabling kext-dev-mode, you're turning off quite an important security feature of 10.10.