Forum Question: OS X Malware Protection

I am new to the Mac and wonder what kind of things are built into Mountain Lion which protect you from Malware and/or malicious applications. So I’ve talked with seasoned Mac users and they’ve mentioned things like xProtect, Gatekeeper and File Quarantine protect you so there is no need for Anti-Virus. Well that’s fine and dandy but I don’t know what these things are. And just a FYI, I saw your video about keeping your Mac updated and disabling “open safe files after downloading” & and do understand that part. But what exactly are these 3 things that are supposedly protecting me in the background?
—–
Tito

Comments: 12 Responses to “OS X Malware Protection”

    9/2/12 @ 8:40 pm

    I’ve got a few resources for you. First, I’ve got this video on Gatekeeper:
    http://macmost.com/understanding-gatekeeper.html
    File Quarantine (AKA xProtect) is built-in malware protection that checks files you download to see if they match a list of virus definitions. Apple updates these definitions periodically. See http://support.apple.com/kb/ht3662
    Here’s a page I have that runs down additional steps to help you protect yourself.
    http://macmost.com/virus-and-malware

    Tito
    9/2/12 @ 9:32 pm

    Ah, I now understand. The links you provided were very informative. So File Quarantine is xProtect and Gatekeeper works in addition to File Quarantine. But I’d like to take it a step further here. If say I am installing Adobe Flash, I’ll get an alert asking, “Are you sure you want to open it?” then that’s File Quarantine working. But there is also “Automatically update safe downloads list” which I assume is Malware detection and is also apart of File Quarantine albeit a different function? So if I am downloading a malicious application it first has to go through Malware detection, then Gatekeeper, then File Quarantine when I get that alert “Are you sure you want to open it?” until finally an administrator password is required. So that’s 4 levels (steps) of protection there?

      9/2/12 @ 9:59 pm

      I would only call it two: Gatekeeper, then File Quarantine. But the result is the same.

    Peter
    9/2/12 @ 10:45 pm

    I have been using Sophos free antivirus for over 12 months. It works very well and is has all the expected auto updates.
    Thanks Garry for all that you do

    Nikka
    9/2/12 @ 10:57 pm

    Gary, I would like to ask you a different question on the matter of security. Will Mountain Lions full disk encryption, when enabled, protect the content of your files on your system from Malware or an actual piece of Spyware that was designed to infect the Mac? Or is disk encryption not designed for this sort of thing?

    Nikka
    9/2/12 @ 11:02 pm

    Sorry, let me clarify that. Will disk encryption, if enabled, protect the content of the files on your system from Malware or Mac designed Spyware (if there was to ever be such a thing) should the infection manage to somehow bypass Gatekeeper, File Quarantine and the requirement of an administrator password to install?

      9/3/12 @ 8:22 am

      No. Disk encryption is a completely separate thing. If your Mac gets stolen, it prevents the thief from being able to access your files. It does not help with malware protection.

    Nemo
    9/7/12 @ 1:27 pm

    Gary, could Installer requiring your administrator password be considered a third layer of protection if a malicious application manages to somehow bypass Gatekeeper and then File Quarantine? And also how does unchecking “open safe files after downloading” come into play when protecting a user? Is it that it prevents Malware from automatically running?

      9/7/12 @ 1:59 pm

      You could consider it a layer of protection, sure. Open safe files would not run apps (like installers) but would open files like .zip files. Good to have that turned off anyway.

    Bryan
    1/12/13 @ 11:24 pm

    Gary, it seems OS X takes a multi-layered approach in protecting the Mac from Malware. So help me to understand how this breakdown works. If you use Safari and visit a malicious website, you might get a warning from the “Warn when visiting a fraudulent website” option about the site being malicious that is if Google has already updated the list about the site.
    But if not and Malware downloads, but the option “Open “safe” files after downloading” is disabled then this will prevent malware from running, correct?
    But if Malware does run then this is where Gatekeeper comes in, then the xProtect function of File Quarantine after Gatekeeper. And I assume the Quarantine attribute (i.e. XXXX is and application downloaded from the Internet. Are you sure you want to open it?) will pop up if you bypass xProtects malware warning, correct?

      1/12/13 @ 11:34 pm

      Sure. That’s one way to look at it. I’m not sure I see the question in your comment. Do you have a concern?

    Bryan
    1/13/13 @ 10:44 am

    Well, no. I was having a debate with an IT friend of mine who happens to be an avid PC lover but a real Mac hater. Though he’s never used a Mac. Yeah, he’s one of those. And he kept on about the fact Macs should use AV software whereas I stated no they don’t so long as you keep it up to date, always have the latest version of OS X and follow all the rules of safe computing. Plus I explained the multi-layered approach to him about what Malware has to go through to infect your Mac.

Comments Closed.