Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Mac researcher and developer Howard Oakley has written about XProtect and MRT modifications that appear to be on the horizon.
The built-in malware and virus protection program for macOS, called XProtect Remediator, has received an upgrade from Apple. Version 147 of the update was made available for macOS Catalina and later on October 16. The standard installation process for XProtect Remediator is automated.
The change was initially reported by Howard Oakley on his blog. Regarding XProtect upgrades, Apple doesn’t provide security notes, and Oakley observes that it’s unclear exactly what has changed.
You may check if the update was installed on your Mac by using the System Information program, which is located in the Applications folder’s Utilities section. After the app launches, locate and choose Installations under the Software section in the left column. If the list is arranged by Software Name, you may click the header to flip the list or scroll to the bottom to view the item for “XProtectPayloads.” The list will be displayed in the window’s main area. The most recent version is 147.
Although Oakley has built two applications, SilentKnight and LockRattler, that verify if macOS security has been updated and if the operating system’s fundamental security features are functioning, you may use them to force the installation of the update, even though it should install automatically. Oakley’s website offers free downloads for these tools.
Make sure to check out Oakley’s blog, which offers a fantastic combination of painting-related pieces and technical Mac information. As a seasoned Mac developer, Oakley has created several excellent Mac tools.
A brief introduction to macOS security features first. A few built-in malware defenses are included on Macs:
When a user tries to start an app, Gatekeeper verifies that it: a) originates from a registered Apple developer ID; b) hasn’t been altered; and c) is free of known viruses.
For macOS, Apple’s built-in malware detection program is called XProtect. It searches your Mac’s data for matches between the “signatures” of known viruses.
A Mac can remove malware from an infected machine using MRT, which stands for Malware Removal Tool.
Despite what you might read or hear from nasty Apple supporters on Reddit or Twitter, the quick answer to this question is “no.”
To begin with, there will inevitably be problems on every computer system, even macOS. Occasionally, these defects affect the security components of the system, creating exploitable weaknesses. For instance, a Mac 0-day that was uncovered last year allowed malicious actors to produce malware that got around Gatekeeper. “Apple-approved malware” was the consequence of an error in the App Notarization procedure.
The built-in security mechanisms on Macs have additional restrictions in addition to obvious weaknesses. In short, Apple only ever intended XProtect to offer extremely rudimentary security for a Mac. We go into more detail about them in Is XProtect Enough to Keep You Safe? As such, it provides appropriate defence against recognized dangers. However, it doesn’t receive as many updates as third-party Mac security solutions, which are supported by devoted malware research teams that aggressively seek new threats.
Although his blog article on MRT is worth reading in its whole, we’ll highlight the important points here:
According to Oakley, Apple released “what appeared to be a new app with a familiar name, XProtect.app” in March. He claims that this was “a structured suite of executable tools kept in an app bundle” rather than “an actual app.” Apple has been adding new modules and modifying the XProtect.app.
He claims that XProtect Remediator, a new program, would incorporate MRT’s malware cleanup capabilities. It appears that Apple is treating malware on macOS more seriously, as seen by its all-in-one Mac protection package. The additional programs in the XProtect.app bundle, many of which seem to target more recent and advanced Mac malware types, lend more credence to this view.
Oakely summarizes the situation by saying that “macOS is about to change its anti-malware tools for the better.”
In summary, the recent updates to XProtect and MRT reflect Apple’s commitment to improving macOS security. While XProtect continues to detect known threats, and MRT aids in malware removal, these tools are evolving to address more advanced risks.