Apple Has Made Major Updates to macOS Malware Protection in 2022

[MacRumors]

Apple has made notable updates to macOS malware tools over the course of the last six months, according to updates tracked by Howard Oakley at Eclectic Lighting Company (via Ars Technica).

"In the last six months, macOS malware protection has changed more than it did over the previous seven years," writes Oakley in a blog post published this week. Malware detection on the Mac is now "fully pre-emptive" and as active as "many commercial anti-malware products."

Specifically, at around the time that macOS 12.3 Monterey was launched, Apple quietly introduced a new XProtect Remediator tool for its XProtect service that checks for malware in the background. XProtect Remediator more frequently looks for malware and fixes it if malware is detected.

Apple previously used the Malware Removal Tool (MRT) and XProtect, but XProtect was limited to checking apps and code against a list of known malware and MRT ran infrequently. Apple's new solution is more aggressive and offers more protection. Xproduct Remediator is available on Macs running macOS Monterey, macOS Big Sur, and macOS Catalina, but it is not available on Macs running older versions of macOS.

The new XProtect feature is updated regularly and it runs at least once per day, but sometimes even more frequently. For some malware checks, it runs as often as every hour or two, and it is able to identify a range of malware, such as Adload, DubRobber, Pirrit, SnowDrift, Trovi, and more.

Scans are most likely to take place when the Mac is awake but not in active use, and is primarily doing background tasks like backups and receiving email. Oakley says that the new malware protections represent a "big step forward" for those who are running the most recent versions of macOS, with more information available in Oakley's full blog post.

Article Link: Apple Has Made Major Updates to macOS Malware Protection in 2022

 

[max2]

Thank you Apple!

 

[TheDailyApple]

This is good to hear. As Macs get more popular, there is going to be more and more malware targeting them.

 

[Apple Knowledge Navigator]

Great. But what they really need are major performance updates and bug fixes.

Oh, and the old Finder icon is still dotted around the system! I mean c’monnn!

 

[HiVolt]

I guess Mac users can't feel superior anymore, computer comes with Anti Malware...

 

[icanhazmac]

Specifically, at around the time that macOS 12.3 Monterey was launched, Apple quietly introduced a new XProtect Remediator tool for its XProtect service that checks for malware in the background. XProtect Remediator more frequently looks for malware and fixes it if malware is detected.

Many thanks Apple but why quietly? Scream it from the rooftops!

Unless of course this would be another reason for idiot politicians to look into anti-trust behavior because MalwareBytes might complain.

 

[genovelle]

Better than needing antivirus software. Malware usually requires someone to do something stupid to get infected.

 

[VineRider]

I wish Apple was more forthcoming about what their anti-malware engines were actually doing, and when....I wish they would log the scans, log the definition updates, give the user some idea of the protection being offered.

 

[TheDailyApple]

I guess Mac users can't feel superior anymore, computer comes with Anti Malware...

Built-in security has always been a plus for an operating system. The things users hated (and still do) is trashy third party anti-virus programs that slow your computer down, get in the way, and generally make a nuisance of themselves. Ever since Windows 10 was released, Defender has been sufficient for anyone with good internet practices. Both operating systems still need extra security for people with bad security practices or who need extra protection, but their built in systems are sufficient for most. The thing Mac users hated about previous versions of Windows (Vista and earlier) was that a trashy third party antivirus was practically a necessity.

Oh, and if you had read the article you’d know that Macs already had anti-malware built in. The point of the article is that it’s gotten better.

 

[Mr. Dee]

I still have a third party Antivirus installed on my Mac, Norton, since I get it as a benefit through work. I always thought AV should be built in functionality of the operating system. Its only on Windows I no longer use third party AV's, but it looks like Apple has stepped up its game. I might just remove Norton.

 

[sdf]

Ever since Windows 10 was released, Defender has been sufficient for anyone with good internet practices.

Our corporate environment insists on Sophos for Windows. I'm not honestly sure why, but given that I have no influence I just try to tolerate it. It's definitely a crankier bear than Defender.

 

[reyesmac]

Maybe they know something we don't know and are putting something in place to prevent bad actors around the world from doing some attack that could tarnish their image with its users. Maybe in 10 years you'll need an internet connection for verification to even be allowed to install an app at all. Thats after you'll need to scan yourself to verify your identity, location, account balance and social status to be allowed to interact with the computer in the first place.

 

[applefanboysince93]

I still have a third party Antivirus installed on my Mac, Norton, since I get it as a benefit through work. I always thought AV should be built in functionality of the operating system. Its only on Windows I no longer use third party AV's, but it looks like Apple has stepped up its game. I might just remove Norton.

I’m fairly certain that Malwarebytes was causing kernel panics on my Mac and in my experience third party antivirus are the mostly likely types of software to do that. I uninstalled it and the random restarts nearly ceased immediately. I didn’t even have Malwarebytes in an active state (Scanning was turned off, etc) so, it can be tricky.

 

[brunerd]

I wish Apple was more forthcoming about what their anti-malware engines were actually doing, and when....I wish they would log the scans, log the definition updates, give the user some idea of the protection being offered.

Back in the day I know a big blue company that wanted more logging from Apple about XProtect and I think their Professional Services might have been employed to do this, it may have been mentioned by the CIO at a Jamf Nation. Who knows there might be logs, you just have to know the magic incations to get `log` to spit out something resembling them. I think this is on purpose, perhaps to be able to offer something "good enough" for most and for those that need more, they can find a 3rd part solution that offers that level of detail. Apple really doesn't want to be in the anti-malware business, it's hard enough to get feature requests for core features, I doubt they'd want to hear all the asks for anti-malware!

 

[LV426]

It strikes me that if ever there was a problem requiring the help of a machine learning algorithm, this is it!

 

[rpmurray]

I wish Apple was more forthcoming about what their anti-malware engines were actually doing, and when....I wish they would log the scans, log the definition updates, give the user some idea of the protection being offered.

There's really not much protection going on, which is why they don't give this information. The other reason is that not all security updates make it to the earlier macOS that are still supported.

 

[iStorm]

Many thanks Apple but why quietly? Scream it from the rooftops!

Unless of course this would be another reason for idiot politicians to look into anti-trust behavior because MalwareBytes might complain.

Yeah, I thought it was a little comical that they announced it quietly. I mean, Apple doesn't need to announce everything they do, or even announce it at all. Who knows...maybe they already implemented CSAM quietly (or will) since there was so much of an uproar last year.

 

[rpmurray]

It strikes me that if ever there was a problem requiring the help of a machine learning algorithm, this is it!

Actually I wish Apple would try to get in front of this by using machine learning to check for the bugs and quirks in code that gives the malware an opening. Most malware gets in by exploiting things like buffer overflows and such. How hard could it be to train an AI to look for those kinds of things?

 

[rpmurray]

Yeah, I thought it was a little comical that they announced it quietly. I mean, Apple doesn't need to announce everything they do, or even announce it at all. Who knows...maybe they already implemented CSAM quietly (or will) since there was so much of an uproar last year.

I believe that Apple may already be trialing CSAM in the OS. I mean, it may explain why the photoanalysisd process occasionally goes off the deep end and grabs a lot of resources slowing everything down. Even when you don't have many photos on your drive.

 

[polyphenol]

Having dealt with lots of different third-party anti-virus/anti-malware products on Windows (and a couple on macOS), I hate them all with a vengeance.

When protection is, effectively, built into the OS, you know that every developer will have had to deal with it.

When protection is one of a dozen, or more, products, you cannot realistically expect developers to have dealt with more than a small proportion.

Please can I have back the hours I have spent trying to identify why some software is not working on some machines - but is fine on others. Eventually finding that removal of anti-malware fixes it. But on the adjacent machine all is well with it installed.

(And removal of anti-malware software can be harder than getting rid of some actual malware.)

 

[LV426]

Having dealt with lots of different third-party anti-virus/anti-malware products on Windows (and a couple on macOS), I hate them all with a vengeance.

When protection is, effectively, built into the OS, you know that every developer will have had to deal with it.

When protection is one of a dozen, or more, products, you cannot realistically expect developers to have dealt with more than a small proportion.

Please can I have back the hours I have spent trying to identify why some software is not working on some machines - but is fine on others. Eventually finding that removal of anti-malware fixes it. But on the adjacent machine all is well with it installed.

(And removal of anti-malware software can be harder than getting rid of some actual malware.)

Tell me about it. I used to do enterprise software for a living, with customers making millions of page hits per day. Being a fairly large enterprise, they had an infosec department. Voila, one day an update to AV software on all our database servers started quarantining files that fuelled the database engines. Result: a bad day all round for a lot of people. Glad I’m out of that business, too much stress dealing with random problems caused by somebody else.

 

[djam]

Many thanks Apple but why quietly?

Apple have traditionally used Mac's "virus free" nature as a selling tool. You don't want to change that perception if you don't have to.

 

[russell_314]

I don't use any type of security software on my computers, Mac or PC. The best case scerio is it's slowing down your computer and eating battery and worst case is it creating new vulnerabilities. No anti virus or anti malware software can fix PEBKAC issues.

 

[velocityg4]

Better than needing antivirus software. Malware usually requires someone to do something stupid to get infected.

Malware is a blanket term for malicious software. All computer viruses are malware but not all malware are viruses. For modern computing a malware scanner is a more accurate descriptor than antivirus. As antivirus software scans for more than just viruses.

 

[snek]

What else going on the the background that I'm not aware of?