macOS now scans for malware whenever it gets a chance

Topic

New Reply

https://eclecticlight.co/2022/08/30/macos-now-scans-for-malware-whenever-it-gets-a-chance/

In the last six months macOS malware protection has changed more than it did over the previous seven years. It has now gone fully pre-emptive, as active as many commercial anti-malware products, provided that your Mac is running Catalina or later…

Until XProtect Remediator arrived in macOS 12.3 last March, system tools for tackling malware were essentially limited to XProtect and MRT. XProtect was mainly used to check apps and other code which had a quarantine flag set, against a list of signatures of known malware, and can only detect. While Apple has broadened its scope to check more frequently, and continues to update those signatures every couple of weeks, they have their limits. MRT ran scans to both detect and remove (‘remediate’) known malware, most noticeably shortly after startup, but infrequently…

These scans should now be taking place on all Macs running macOS Catalina and later, with the current XProtect Remediator installed. They’re most likely to take place when your Mac is awake but doing little other than background tasks, such as routine backups, and receiving incoming email as it arrives.

For those running these recent versions of macOS this represents a big step forward. It also dispels any doubt as to whether this new malware protection has gone live yet: it’s both alive and scanning actively already…

3 users thanked author for this post.

bassmanzam, BobbyB, OscarCP

Reply | Quote

Replies

Nice of Apple to do this (as it has been doing to some extent since “Mountain Lion” with “Gatekeeper” that, I understand, is still around and coordinating security-related tasks such as those of Xprotect and MRT), but don’t trash your AV just yet.

For one, the new version of Xprotect (“Remediator”), according to the article linked by Alex above, scans only for 13 malware bugs. So I still use and shall continue using Intego’s “Virus Barrier” (that runs in background all the time) and “Malwarebytes”, the free version. I scan by hand (i.e. “on demand”) the system with both once every day, before ending the last session of the day.

Because, although the following is from 2020, and so before the current upgrade of Xprotect, it seems like a fair question to ask just how much have things changed since then:

https://www.securemac.com/blog/is-xprotect-enough-to-keep-you-safe

Quote (emphasis is mine):

“It’s pretty clear that XProtect is only intended for basic protection against well-known threats. In the past, XProtect was notorious for going long stretches without any significant updates to its malware definitions — and even now, it still isn’t updated with the regularity of third-party malware detection tools. On the one hand, that makes perfect sense, especially when you consider that these third-party tools are backed by dedicated malware research teams whose job is to study the state of Mac malware in real time. But it also means that XProtect may fail to detect new malware families, or variants of older malware that have been altered just enough to fool its detection rules.

In addition, many Mac threats inhabit something of a “gray area” in terms of whether or not they’re actually considered malicious by Apple; and also in terms of how seriously they’re taken as threats. This can include things like Potentially Unwanted Programs (PUPs), adware, and cryptocurrency mining software. While these may not be considered “top priority” threats for the Apple security teams that update XProtect, they’re definitely not anything you want running on your system. They can be annoying and resource-intensive, for one thing. But beyond that, there is evidence that they can also lead to more serious issues that impact user privacy and security.

Lastly, XProtect is designed to be a fairly simple, single-use tool. Third-party malware detection apps, on the other hand, provide additional functionality and features that many users find helpful. Some examples include full-scale malware removal (not offered by XProtect, although macOS does come with a basic malware removal tool called MRT); the ability to schedule and conduct regular system scans (as opposed to only scanning files at download time); as well as privacy and performance features like tracking cookie blacklists and cache cleanup.“

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

bassmanzam, BobbyB

Reply | Quote