Researcher sheds light on inproved macOS malware protections


Ars Technica details new information from a security researcher on how Appl has been improving macOS malware protection. Howard Oakley at the Eclectic Light Company follows improvements to the systems running behind the scenes within macOS.

"In the last six months macOS malware protection has changed more than it did over the previous seven years," Oakley writes. "It has now gone fully preemptive, as active as many commercial anti-malware products, provided that your Mac is running Catalina or later."

Examining the activity of the XProtect app on a Mac with sleep disabled, Oakley determined that it is scanning for most known Mac malware at least once per day "during periods of low user activity." But it can scan much more frequently than that, and the scan frequency appears to be determined on a case-by-case basis. Oakley observed XProtect scanning for malware called DubRobber "every hour or two." In contrast, MRT was run "infrequently" and "most noticeably shortly after startup."

Apple began fighting malware at the OS level with Xprotect system introduced in 2009. Since then, Apple has improved the system and added additional components to protect and monitor Macs.