A recent report says that Apple’s anti-malware tools have undergone a major overhaul over the last several months. Although unannounced, the Mac tools have gone fully preemptive and become as active as commercial anti-malware products.
Apple Implements Dramatic Changes in Anti-Malware Tools
Howard Oakley at the Electric Light Company has been tracking Apple’s anti-malware tools XProtect and Malware Removal Tool (MRT). He reports that these anti-malware tools have undergone dramatic changes since Apple first introduced them.
Apple started including the XProtect system service in 2009 with the release of macOS Snow Leopard. This system service downloaded and installed new malware definitions in the background between major macOS security updates. It protected Macs against the installation of known, in-the-wild malware, according to Ars Technica.
Another under-the-hood tool that Apple uses for fighting malware is the Malware Removal Tool (MRT). This tool works like traditional anti-malware software. It periodically receives definition updates from Apple to scan for and remove malware already present in Macs.
XProtect More Proactive in Scanning Malware
Since the release of macOS 12.3 Monterey, Oakley has been tracking a new XProtect.app feature. He said Apple started adding this feature in macOS Monterey, Big Sur, and Catalina. Oakley noted that XProtect.app scans for known malware much more aggressively than MRT.
During his tracking of XProtect.app, Oakley determined that it scanned for most known Mac malware at least once per day “during periods of low user activity.” He also noted that the scanning can be executed much more frequently. It seems that the scan frequency is determined on a case-by-case basis. Oakley also added that XProtect scanned for malware “every hour or two.”
Oakley concluded although Apple has not announced it, the new malware protection tool has already gone live. And that’s a big step forward to making the Mac even better protected against malware attacks.