This discussion actually applies to any software updater, signed or not, for a camera or anything. Because as the Sony fiasco shows, private keys can be stolen.
Even a signed app or updater does not preclude a version modified to contain malware by a hacker who cracks a stolen private key file. And then signs the app so that it looks legitimate*.
- Erase a drive, and clone the system to it. (see also How to upgrade your system/boot drive).
- Disconnect all drives including the original system drive. Or at least dismount the volumes (sophisticated malware can still infect at the driver level though).
- Boot off the clone.
- Download the updater, update the camera. Of course, infected firmware could still infect the camera, but the only solution to that is never to update firmware. And even then, really good malware might infect modifiable firmare RAM. Well, it’s all odds.
- Disconnect the clone.
- Reconnect previous devices, boot up.
- Ideally, physically destroy the clone drive (e.g hammer and saw, so to speak). Alternately (and carrying some risk), connect the clone drive (do not boot off it!) then using Disk Utility, erase it, then wipe all blocks (one pass secure erase). SoftRAID 5 also has an even better “Wipe” function.
Obviously if the update is for software you want on your computer, you’re out of luck—in it goes.
You want that software on your system—or do you? It is why MPG installs only absolutely essential software and loathes vendors deliver crapware and automated agents of various kinds. More software means more updates, each of which is a potential vector for compromise.
* That is why it is so critical that a vendor immediately revoke a certificate if there is any suspicion of the private key having been obtained, encrypted or not.
For that matter, a computer containing the private key that signs software should ideally never be connected to the internet. Certainly the private key should not be on a laptop taken for travel. But given reality, the password for the private key should be very long and complex.
Another option — virtualization
Mark A writes with an excellent suggestion of using virtualization via VirtualBox for the temporary bootable system:
I know this is obvious to you, being a software engineer like I am, but your readers may benefit from the understanding that a virtual hard drive can have its changes "rolled back" for free after such a potentially dangerous upgrade and restored to a condition ready for the next one.
Mac OS X is on the official virtualbox list of supported guest OSes. It's just a "normal" EFI-booted Intel OS. I believe Apple changed their license policy for hosting in a VM back in the Lion days.
There's the longer, hackier way ala https://www.robertsetiadi.net/install-os-x-virtualbox/
Or the way you suggest creating a pristine install and where I'd add a last step to clone the raw drive into a dmg image and then to a virtualbox image via https://www.virtualbox.org/manual/ch08.html#idp59618720 so something like
$ VBoxManage convertfromraw NewImage.dmg NewImage.vdi --format VDI
And a young geek's view (the kind my son would probably prefer rather than actually reading instructions) https://www.youtube.com/watch?v=Nod7cpxzxLc