Apple quietly revamps malware scanning features in newer macOS versions

Apple quietly revamps malware scanning features in newer macOS versions

Enlarge (credit: Apple)

Macs don't have visible anti-malware software built-in, at least not in the same way that Microsoft does with Windows' highly visible Defender software. But Apple began to include rudimentary anti-malware protections with macOS versions with Snow Leopard in 2009. Called "XProtect," this system service downloaded and installed new malware definitions in the background in between major macOS security updates, mostly to protect against the installation of known, in-the-wild malware.

Since then, Apple has added multiple anti-malware features to macOS, though they're not always branded that way. Gatekeeper, app notarization, System Integrity Protection, the Signed System Volume, and access controls for hardware and software are all, one way or another, about proactively protecting system files from being tampered with and making sure that installed apps do what they say they're doing. Another under-the-hood tool, the Malware Removal Tool (MRT), acts more like a traditional anti-malware scanner, periodically receiving definitions updates from Apple so that it could scan for and remove malware already present on your system.

Howard Oakley at the Eclectic Light Company makes a habit of tracking updates to XProtect and the MRT, and he maintains several utilities that check the versions of your definitions (as well as your installed firmware and other Mac esoterica that Apple regularly updates but rarely mentions). And he says that Apple's anti-malware tools have undergone a dramatic but mostly silent change over the last few months.

Read 5 remaining paragraphs | Comments



Apple quietly revamps malware scanning features in newer macOS versions

Enlarge (credit: Apple)

Macs don't have visible anti-malware software built-in, at least not in the same way that Microsoft does with Windows' highly visible Defender software. But Apple began to include rudimentary anti-malware protections with macOS versions with Snow Leopard in 2009. Called "XProtect," this system service downloaded and installed new malware definitions in the background in between major macOS security updates, mostly to protect against the installation of known, in-the-wild malware.

Since then, Apple has added multiple anti-malware features to macOS, though they're not always branded that way. Gatekeeper, app notarization, System Integrity Protection, the Signed System Volume, and access controls for hardware and software are all, one way or another, about proactively protecting system files from being tampered with and making sure that installed apps do what they say they're doing. Another under-the-hood tool, the Malware Removal Tool (MRT), acts more like a traditional anti-malware scanner, periodically receiving definitions updates from Apple so that it could scan for and remove malware already present on your system.

Howard Oakley at the Eclectic Light Company makes a habit of tracking updates to XProtect and the MRT, and he maintains several utilities that check the versions of your definitions (as well as your installed firmware and other Mac esoterica that Apple regularly updates but rarely mentions). And he says that Apple's anti-malware tools have undergone a dramatic but mostly silent change over the last few months.

Read 5 remaining paragraphs | Comments


August 31, 2022 at 08:25PM

Post a Comment

Previous Post Next Post