In the last six months macOS malware protection has changed more than it did over the previous seven years. It has now gone fully pre-emptive, as active as many commercial anti-malware products, provided that your Mac is running Catalina or later. This article updates those I’ve previously written about Apple’s new tool in the war against malware, XProtect Remediator.
Apple has been slowly building out its anti-malware and antivirus tools in macOS, and it has remained mostly quiet about it – understandable considering how bad tech press would have a field day with stories about Apple effectively turning macOS malware protection into a regular antivirus scanner.
Is most Mac malware still based on social engineering, like those fake Flash installers?
bubi,
I’ll say “probably”. There’s tons of social engineering to get the attackers invited through the front door…but mac is no stranger to exploits either. For example…
https://arstechnica.com/gadgets/2022/08/apple-releases-macos-12-5-1-and-ios-15-6-1-for-actively-exploited-vulnerabilities/
Without tools to detect rootkits, users can be in the dark about the marlware running on their system. So I applaud apple providing this, even though it contradicts the widely held (but ultimately wrong) belief that mac users aren’t vulnerable to malware.
I think both Microsoft Defender and Apple’s system prove that scanning anti-virus software works just fine as long as it’s first-party and integrated.
I’ve never had any performance issues on either system due to scanning. Unlike third-party anti-virus software which has been a never-ending source of hassle and problems.
torb,
I know what you mean, although I recall that in some of those cases microsoft themselves were at fault for why 3rd party AV was breaking or unable to work well. I vaguely remember reading about the problems, I’ll try to find the article again. For better or worse Microsoft has the advantage because they won’t break/block their own A/V software.
It does make sense that the maker of the OS has major advantages in creating services that run on them. Then again, the onedrive client and sync engine took many years and different versions to get up to par with third party syncing tools. You’d think the company that makes the OS would have been able to out perform third party competitors.
As I recall, they ended up changing the filesystem itself (not sure if it was the driver/on-disk structures or one of the abstraction layers above that) in the OS to support the current iteration of OneDrive – something third party vendors obviously can’t as easily do.
That makes sense. A lot of the current onedrive sync issues I see were it’s forever stuck on specific files requires a chkdsk run to fix.
It’s definitely much better then it used to be, we moved a lot of users from folder redirection with offline files to onedrive and it’s so far been OK if a bit slow. In years past it was very unpleasant to support users with onedrive and I dealt with quite a few issues of lost data.
(Duplicate post, removed)
“I’ve never had any performance issues on either system due to scanning. Unlike third-party anti-virus software which has been a never-ending source of hassle and problems.”
Then you’ve never tried to run node.js on Windows without a Defender exception…
And with all this enabled the war is still lost.