Apple is ramping up its fight against malware
Ensuring platform security is hard, but when a company the stature of Apple begins to ramp up protection of its ecosystem, every IT decision maker should pay attention. Unfortunately, this is precisely what’s happening: Apple is now updating fundamental protection at a faster clip than it’s ever done before.
That important revelation comes from Howard Oakley at the excellent Eclectic Light Company blog. He notes that in the six weeks ending Feb. 9 Apple, has updated a Mac security feature called XProtect five times — introducing 11 new rules to the service.
The entire report is worth a read, but one paragraph in particular stands out and should be seen as a warning to everyone in tech.
“Apple’s security engineers appear to be in the midst of a campaign against a combination of agile, sophisticated, and recent attacks. Adload, Genieo and Pirrit have long histories of evading static detection, and this is perhaps the first time that they have been put under such pressure. Apple must be playing the long game, in the hope that the three won’t be able to sustain the pace.”
Those rules within XProtect aim to protect against a dizzying array of malware families. The report explains that three of these families are new and sophisticated.
Without wanting to create undue alarm, the frequency of updates strongly suggests Apple is aware of new attacks and that its security teams are hustling to protect users.
This also hints that tech decision makers (and everyone is a tech decision maker if they use tech at all) should do anything necessary to ensure that their own perimeter and edge security is agile and robust.
In the current complex-threat environment, everyone should ramp up their security awareness. Apple users in the EU should be particularly alert, given Apple will soon be forced to reduce security on app purchasing there.
The move reflects awareness at the top of the tech industry tree. Who else recalls when Apple CEO Tim Cook in 2016 warned that hacking is getting more sophisticated?
XProtect is an important part of Mac security. It’s built-in antivirus tech that tries to identify and remove some types of malware by using YARA signatures, which the company describes as “a tool to conduct signature-based detection of malware.”
The software runs in the background each time an app is launched, an app’s file system is changed, or XProtect signatures are updated. If it detects any known malware, it will prevent the app from launching on a Mac. XProtect also includes technology to remediate infections once they are identified, even if already installed.
Apple’s own guidance states that XProtect, “includes an engine that remediates infections based on updates automatically delivered from Apple (as part of automatic updates of system data files and security updates). It also removes malware upon receiving updated information, and it continues to periodically check for infections. XProtect doesn’t automatically reboot the Mac.”
For most users, the only direct experience of XProtect is when they try to install software sourced from outside the highly secure Apple App Store.
Like Rapid Security Responses, XProtect is something Apple can update in the background. But the cadence of updates suggests Mac users should make sure they update their system software frequently, too.
To ensure your Mac is installing these XProtect updates, follow these steps:
Oakley’s report signs off with excellent advice for every Mac user to help them reduce their exposure to risk — that includes ensuring XProtect is active and that you are running the latest available system software.
He also advises that Mac users should never use torrented, cracked, or fake software, and that if they don’t trust the security and authenticity of any third-party software they should delete it. The author also strongly advises against crypto-related apps, warning that these can be high risk.
This is all common sense stuff, of course.
Logically, good security practice also extends to the other common-sense risk-avoidance techniques: avoid clicking links you don’t trust, don’t open messages you don’t recognize, update system software frequently, never use the same password twice, and so forth.
A regular virus check and investment in additional security protections, including use of Lockdown Mode if you are a potential target, also make sense.
If you are running a business and you aren’t yet confident in your current security protection, you cannot simply rely on Apple’s platform protection. If Apple is ramping up protection on a platform basis, you should see this as a strong sign that you absolutely must bolster your own fleet/device/infrastructure protection as well.
Think of the extent to which technology is used across your business and consider the protection available to each of your connected — or connectable — systems. You don’t want to join the growing list of silent victims of successful exploits, exfiltration, ransomware, and attack. And you should also insist your partners and suppliers are equally serious when it comes to security.
Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.