I'm sorry if this was answered elsewhere, but can someone explain me how this works when you don't have internet connection? I assume you can still launch apps without internet connection. So then, what stops bad actors to just either block connection to ocsp or straight up turn off your connection entirely when running malware?

Through the very mechanism people are complaining about today.

If your machine is offline then it switches to a fail-open system and uses its cache to verify the binary and if it's not in the cache then it skips the check and allows it.

If your machine is online then it switches to a fail-closed system so that if you can't reach the servers because of something malicious then it blocks.

So that seems like more of an analytics system to me than a protection system, if it can be circumvented so easily.

I think the philosophy is that you're not too often acquiring new software while offline so the usability trade-off isn't as bad as it seems.

So is checking for security certificates good or bad, now?

If you've suffered inconvenience from having checks but not suffered inconvenience from no checks, then it's bad.

If you've suffered inconvenience from no checks but not suffered inconvenience from having checks, then it's good.

Since this check is currently done _unencrypted_ (as lapcatsoftware said in his post), I'd say it's objectively bad.