Snippet: macOS Now Scans for Malware Whenever It Gets a Chance ☇

Howard Oakley for The Eclectic Light Company:

In the last six months macOS malware protection has changed more than it did over the previous seven years. It has now gone fully pre-emptive, as active as many commercial anti-malware products, provided that your Mac is running Catalina or later. This article updates those I’ve previously written about Apple’s new tool in the war against malware, XProtect Remediator.

Until XProtect Remediator arrived in macOS 12.3 last March, system tools for tackling malware were essentially limited to XProtect and MRT. XProtect was mainly used to check apps and other code which had a quarantine flag set, against a list of signatures of known malware, and can only detect. While Apple has broadened its scope to check more frequently, and continues to update those signatures every couple of weeks, they have their limits. MRT ran scans to both detect and remove (‘remediate’) known malware, most noticeably shortly after startup, but infrequently.

Back in 2013, I took a day job where one of my responsibilities was supporting college student computers, including Macs. That was about the first time I saw Mac adware/malware in the wild—apparently anyone will enter their admin password if they’re trying to get pirated movies and TV shows. While I got good at removing things manually and using some tools like the excellent, but defunct AdwareMedic, the work Apple has done behind the scenes in this area is amazing.