Malware is not an exclusive threat to PCs. Macs can also become infected. For this reason, there are different third-party security solutions, such as Bitdefender, Intego, Malwarebytes or Avast, among others. What not many people know is that Apple computers have, for more than a decade, had a integrated antivirus called XProtect.
XProtect has been running silently in the background since it landed on Mac OS Unlike Windows Defender, there are no icons in the menu bar, nor do we have an application to manually perform system scans.
How does XProtect work on macOS?
The Apple ecosystem has a variety of protection measures, and XProtect is one of them. If we focus on macOS, the Mac operating system, Apple tries to avoid the malware from the App Store. The company reviews the applications so that no malicious software lives in its store, but let’s be honest, we don’t always use the App Store.
Computers have always given us the freedom to install any compatible external software. To address the issue of external threats, Apple has a certification mechanism, where developers who do not use the App Store to distribute their applications can obtain a trusted certificate for macOS.
Apple does not take this task lightly. Scans the applications and grants the certificate only when it cannot find known malware. Once this instance is passed, developers receive a certificate that they can attach to their application so that the target system can verify it, even when it does not have an Internet connection.
At this point we find another of the protection measures. This is Gatekeeper, which looks for that certificate in the application that the user is trying to open or install. If the program does not have the corresponding certificate, the system warns users that they are trying to use software that cannot be verified.
Since not all developers go through the certification processwe can ignore that message to use the application in question. Sometimes we will have to allow the installation of applications from the App Store and well-known developers from System settings > Privacy and security > Security > Allow applications from…
XProtect is responsible for preventing the execution of malicious software.
If for any reason the protection measures mentioned above have been violated, XProtect is responsible for preventing the execution of malicious software for the first time or detecting malware that has been executed on the computer. This integrated antivirus uses YARA signatures that are automatically updated periodically.
XProtect comes into action at three key moments: when opening an application for the first time, when modifying an application in the file system, and when updating security signatures. If you detect known malware, blocks it immediatelynotifies the user and offers the option to send the software in question to the recycle bin.
XProtect’s scope does not end there. Apple has improved the system to address problems that certain infections can cause. Once malicious software is removed, the built-in antivirus continues to scan for threats using a behavioral analysis engine. Of course, it does not have the ability to restart the computer.
How do you update macOS built-in antivirus?
XProtect updates automatically. However, you can Buy if the system is installing the updates automatically. To do this, click the apple icon in the toolbar and then go to System settings > Software Update. Then tap the information icon under Security Answers.
In the Automatic Updates category make sure the Install security responses and system files switch is turned on.
So am I completely sure now?
Although macOS has a solid security system, it is important to clarify that no system is 100% secure. In the world of cybersecurity it is often said that what is sought is to increase the level of difficulty for cybercriminals. And we achieve this in many ways. Integrated system tools are only part of this.
The security features of the applications themselves, our security practices and, if necessary, third-party security tools also come into play. The level of difficulty varies according to the needs of each user. For example, iPhones and Macs have long been able to activate Isolation Mode.
This is an extreme solution, but it is a good example of what it means to put higher barriers. This mode limits the functionality of applications, web pages, and certain system features. As a result, we obtain a more protected system, but much less useful than in its standard configuration.
Images | Apple | Jakub Żerdzicki | Screenshot
In WorldOfSoftware | The Bank of Spain warns of malware capable of “capturing banking credentials.” His name: TrickMo
