Apple XProtect is now proactive with periodic malware scans

Posted:
in macOS
Rather than scanning for malware when a Mac is started or an app is launched, Apple has quietly added a feature whereby it scans whenever a Mac is idling.

Malware illustration
Malware illustration


Macs have famously been less prone to viruses than PCs, but all computers -- and all computer users -- are vulnerable to malware. Without explicitly announcing it, Apple has taken a further step to block and remove malware from the Mac.

According to Howard Oakley on his The Eclectic Light Company blog, Apple introduced what's called XProtect Remediator in March 2021, as part of its then latest macOS Monterey update.

It's an update to the long-standing XProtect system tool, which Oakley says "was mainly used to check apps... against a list of signatures of known malware."

Now XProtect Remediator "consists of executable code modules which both scan for and remediate detected malware."

Oakley says it is seemingly a replacement for Apple's previous Malware Removal Tool (MRT). And while searching Apple's support site for "malware" does surface references to the MRT, those references have been removed from the actual support documentation.

This XProtect Remediator is also not referenced in the support documentation, and XProtect is described as being for the removal of malware once detected. However, Apple does now say that XProtect also helps with the identification of malware.

"These scans should now be taking place on all Macs running macOS Catalina and later, with the current XProtect Remediator installed," says Oakley. "They're most likely to take place when your Mac is awake but doing little other than background tasks, such as routine backups, and receiving incoming email as it arrives."

Oakley describes this repeated system scanning as a "big step forward."

Read on AppleInsider
cornchip

Comments

  • Reply 1 of 7
    Endpoint protection services and software is an essential business that Apple is giving away to Microsoft and others.

    it is a glaring gaping hole in the Apple service portfolio and security services is currently MS fastest growing segment and one of the reasons Azure was not ignored in favour of AWS.

    A personal Microsoft 365 subscription includes Defender for MacOS.

    Apple releasing obsolete scanning features is not impressive for a company that has trust and privacy as part of the value prop.

    honestly - add another 5 dollars per month to AppleOne and include XDR like agents across the device family with iCloud as the management console. Ties well into the SMB push they are doing and MDM offering.

    Users of Apple devices not being targeted or at lower risk is not true. 

    This is a multi Billion dollar business in the waiting for Apple.
    edited August 31
  • Reply 2 of 7
    Endpoint protection services and software is an essential business that Apple is giving away to Microsoft and others.

    it is a glaring gaping hole in the Apple service portfolio and security services is currently MS fastest growing segment and one of the reasons Azure was not ignored in favour of AWS.

    A personal Microsoft 365 subscription includes Defender for MacOS.

    Apple releasing obsolete scanning features is not impressive for a company that has trust and privacy as part of the value prop.

    honestly - add another 5 dollars per month to AppleOne and include XDR like agents across the device family with iCloud as the management console. Ties well into the SMB push they are doing and MDM offering.

    Users of Apple devices not being targeted or at lower risk is not true. 

    This is a multi Billion dollar business in the waiting for Apple.
    Apple has a multi-layered approach to security - scanning for malware has many problems but if Apple keeps its malware signature files up-to-date and limits the effect on device performance by only scanning when the device is idle then that's about as good as it gets. The sandboxing and other features have been doing a pretty good job so far, and this is just a refinement that adds to the overall system.

    Frankly, I don't buy Apple devices to be nickel-and-dimed on features like security that should be part of the core product. It's part of the value proposition that Apple provides, so while it's great for Microsoft that they're getting paid more and more to fix problems with their own products and services I am of the opinion that faulty goods should be returned for a refund or be repaired at the vendor's expense.
    muthuk_vanalingamauxiogeorgie01sphericwatto_cobra
  • Reply 3 of 7
    Endpoint protection services and software is an essential business that Apple is giving away to Microsoft and others.

    it is a glaring gaping hole in the Apple service portfolio and security services is currently MS fastest growing segment and one of the reasons Azure was not ignored in favour of AWS.

    A personal Microsoft 365 subscription includes Defender for MacOS.

    Apple releasing obsolete scanning features is not impressive for a company that has trust and privacy as part of the value prop.

    honestly - add another 5 dollars per month to AppleOne and include XDR like agents across the device family with iCloud as the management console. Ties well into the SMB push they are doing and MDM offering.

    Users of Apple devices not being targeted or at lower risk is not true. 

    This is a multi Billion dollar business in the waiting for Apple.
    I think that approach would hurt Apple’s brand. It would suggest that without this $5 service, their operating system is not safe, and you need to pony up dollars to make it safe. 
    By offering it for free, they make it part of their value proposition and focus on productivity and content services, aka turning your computer or phone into a “vending machine of services and products”.
    georgie01watto_cobra
  • Reply 4 of 7
    Endpoint protection services and software is an essential business that Apple is giving away to Microsoft and others.

    it is a glaring gaping hole in the Apple service portfolio and security services is currently MS fastest growing segment and one of the reasons Azure was not ignored in favour of AWS.

    A personal Microsoft 365 subscription includes Defender for MacOS.

    Apple releasing obsolete scanning features is not impressive for a company that has trust and privacy as part of the value prop.

    honestly - add another 5 dollars per month to AppleOne and include XDR like agents across the device family with iCloud as the management console. Ties well into the SMB push they are doing and MDM offering.

    Users of Apple devices not being targeted or at lower risk is not true. 

    This is a multi Billion dollar business in the waiting for Apple.
    I think that approach would hurt Apple’s brand. It would suggest that without this $5 service, their operating system is not safe, and you need to pony up dollars to make it safe. 
    By offering it for free, they make it part of their value proposition and focus on productivity and content services, aka turning your computer or phone into a “vending machine of services and products”.

    Heck, if you wanted to be overly cynical you could say Microsoft either purposely "crippled" their OS security just so they could sale this service or the programmers they have are so poorly skilled they can't figure out how to have such a security feature built into the OS.
    georgie01watto_cobra
  • Reply 5 of 7
    cpsrocpsro Posts: 3,043member
    Can these scans be scheduled to not run when I'm doing performance testing or benchmarking?
    watto_cobra
  • Reply 6 of 7
    sphericspheric Posts: 2,274member
    cpsro said:
    Can these scans be scheduled to not run when I'm doing performance testing or benchmarking?
    From the article: "They're most likely to take place when your Mac is awake but doing little other than background tasks, such as routine backups, and receiving incoming email as it arrives."

    It seems they're not necessarily "scheduled" as such, but wait for idle time. 
    watto_cobra
  • Reply 7 of 7
    Let’s hope this privileged background daemon doesn’t get confused (or hacked) and remediate the wrong stuff! Reminds me of the time Google’s evil Keystone ran amok on some systems. 
    watto_cobra
Sign In or Register to comment.