By only checking a file’s code signature when you install it—and never again—macOS gives malware a chance to evade detection indefinitely.