During the Epic Games trial, Apple Senior Vice President of Software Engineering Craig Federighi accepted that macOS malware protection was not as strong as iOS because of the existence of third-party app stores.
He said, “Today we have a level of malware we don’t find acceptable on the Mac” and “it’s an endless game of whack-a-mole malware” on Mac because of the openness and flexibility of its operating system.”
However, a new report by Electric light reveals that Apple has strengthened macOS malware protection in the past months more than it did in the last seven years on Mac running on macOS Catalina or later.
Apple uses XProtect Remediator for “pre-emptive” macOS malware protection
Apple introduced XProtect Remediator in macOS 12.3 as a new system tool to scan and remediate detected malware. The previously used XProtect and MRT had their limits;
XProtect was mainly used to check apps and other code which had a quarantine flag set, against a list of signatures of known malware, and can only detect.
MRT ran scans to both detect and remove (‘remediate’) known malware, most noticeably shortly after startup, but infrequently.
Now with XProtect Remediator, the macOS malware protection has gone “fully pre-emptive”, active like many commercial anti-malware tools.
XProtect Remediator consists of executable code modules which both scan for and remediate detected malware. At present, these include the following:
- Adload, an endemic Trojan known for downloading unwanted adware and PUPs
- DubRobber, a troubling and versatile Trojan dropper also known as XCSSET
- Eicar, a harmless standard test for anti-malware products
- Genieo, a browser hijacker acting as adware
- GreenAcre, an Apple internal name
- MRTv3, referring to Apple’s original malware remediator
- Pirrit, malicious adware
- SheepSwap, an Apple internal name
- SnowBeagle, an Apple internal name
- SnowDrift, spyware first identified by ESET
- ToyDrop, an Apple internal name
- Trovi, a cross-platform browser hijacker
- WaterNet, an Apple internal name
The report assures that the new macOS malware protection is live and active on compatible Macs. And scans for malware likely take place when the computer is awake but just performing background tasks like routine backups or receiving emails.