Skip to main content

Apple’s antivirus strategy for Mac has gone fully preemptive, but is that enough?

Apple made its Macs even better at fighting malware in recent years, but don’t relax just yet.

A recent blog post by Howard Oakley at the Eclectic Light Company details the changes Apple has quietly made in the past six months that mark a distinct change in strategy for protecting Macs, including spots where there are still holes of vulnerability, specifically for some older Macs.

Security and Privacy settings open on a MacBook.
Image used with permission by copyright holder

According to the post, the new malware protection on Macs is formidable, scanning files daily and even hourly in some cases, and automatically updating with new malware definitions as they come in.

“It has now gone fully preemptive,” Oakley wrote in the post. “As active as many commercial anti-malware products.”

There is a caveat, though. Your Mac needs to be running MacOS Catalina or later. Thankfully, most Macs out there in the wild can run Catalina, beginning with the 2012 MacBook Air and MacBook Pro. Only the iMac Pro from 2017 or later is compatible, however.

Mac malware protection used to be limited to the XProtect tool, which only passively scanned some files checking for malware against a list of pre-loaded known malware code. This often failed to find the newest threats because malware evolves so rapidly.

Then, in March of last year, Apple released the MacOS 12.3 update to Monterey. Hidden in the update, with no fanfare whatsoever, was a new XProtect Remediator anti-malware scanning tool. This tool is powerful at hunting down malware the moment new viruses are discovered by security watchers.

Your Mac is much safer today than it was a couple of years ago.

Part of the new scanning protocol includes a DubRobber scanner which performs scans lasting 15-35 seconds every hour, when the Mac isn’t being actively used. Every scan then adds an entry to a running log, which you can access via terminal by typing: ‘subsystem == “com.apple.XProtectFramework.PluginAPI”‘

This proves not only that the anti-malware is included in modern MacOS releases, but is alive and active. Your Mac is much safer today than it was a couple of years ago.

You shouldn’t rest on your laurels, however. Malware is an insanely profitable criminal business with low risk, which attracts all sorts of bad actors, from hackers in the basement to shadowy foreign government agencies. Definitions depend on an active community of digital security watchers , often volunteers with day jobs, who maintain databases of known malware code. These databases are used by programs like Microsoft Defender and Apple’s new XProtect Remediator to try and keep up with the threats.

Your Mac is a lot safer today thanks to this update and the hard-working heroes who hunt down malware across the internet. But you’re not completely safe.

Remember to never download files from strange sites on the internet, and especially never from a random email from someone you’ve never heard of. Keep smart on the internet and you’ll make the job much easier for your Mac.

Editors' Recommendations

Nathan Drescher
Nathan Drescher is a freelance journalist and writer from Ottawa, Canada. He's been writing about technology from around the…
A major era in MacBook history is finally over
A MacBook Pro 13-inch on a table.

We're living in a golden age for MacBooks.

The MacBook Airs are faster, thinner, and more accessible laptops than ever, while the Pro models have the best display, speakers, keyboard, trackpad, and battery life of any competitive laptop. They're on their A game.

Read more
Here’s why people are raising concerns about the M3 Pro MacBook Pro
The 14-inch MacBook Pro with M3 Max chip seen from behind.

I published my review of the M3 Max MacBook Pro earlier this week, and suffice it to say, I was pretty impressed. I'm fond of the Space Black color, and the GPU performance in particular blew me away.

But one configuration of the new MacBook Pro went a bit more under the radar -- the M3 Pro model. Apple wasn't keen on sending this exact unit out to reviewers, instead leading with its much stronger foot, the M3 Max. And while the M3 Max and Pro were a bit closer in performance in the M2 generation, this time around, it seems as if there's more of a disparity.

Read more
Here’s more proof that Apple is wrong about MacBook memory
The keyboard and trackpad of the MacBook Pro.

Apple has made some big claims about its unified memory over the past few years. That was made explicit this week when an Apple representative was asked why it has begun to sell an 8GB starting configuration of its new M3 Pro MacBook Pro, a laptop that's already been under scrutiny recently. The interviewee responded by saying that 8GB on a MacBook was equivalent to 16GB on a comparable system. But is that really true? It's been hard to test so far, but a recent video posted by Max Tech suggests that in practice, at least, it's not so simple.

M3 MacBook Pro 8GB vs 16GB RAM - How BAD is base model?

Read more