Eliseote

Q: Is El Capitan checking for virus/malware infections in the system?

Is El Capitan checking for virus/malware infections in the system?

There is so much discussion about iMac not needing virus scanners, because is well protected. On the other hand Trojans seem to get their way into a system via weak points in the browsers or other applications. Is there a way to know the healthy status without having to pay for a subscription and loading the system with external scanners and controllers that extra load the system?

iMac (27-inch, Late 2013), OS X El Capitan

Posted on May 31, 2016 12:26 PM

Close

Q: Is El Capitan checking for virus/malware infections in the system?

  • All replies
  • Helpful answers

Previous Page 2
  • by Linc Davis,

    Linc Davis Linc Davis Jun 1, 2016 7:22 AM in response to Eliseote
    Level 10 (208,037 points)
    Applications
    Jun 1, 2016 7:22 AM in response to Eliseote

    If you expect any software—no matter what it is, no matter where it comes from, and no matter who told you to use it—to protect you or rescue you from the consequences of unsafe computing practices, then you are at higher risk than you would be without that software. The only safety from malware attack lies in safe computing.

  • by MadMacs0,

    MadMacs0 MadMacs0 Jun 1, 2016 10:36 PM in response to JimmyCMPIT
    Level 5 (4,801 points)
    Jun 1, 2016 10:36 PM in response to JimmyCMPIT

    You are mostly correct that the original version of MRT was limited to Flashback removal, but they added a few other bits of malware in latter versions.  It was originally included in OS X Security and Java Updates along with the standalone described in the document you found.  It was a one time scan for known files installed by Flashback (and others later on) which would inform the user if it found anything, but silent if not, and deleted itself after that scan.

     

    The new MRT that is included with El Capitan has not been documented by Apple anywhere that I have been able to find, which is not unusual for matters that involve security.  For that same reason, I am reluctant to provide all of the detail in what I have been able to figure out.  Best that malware developers not have too much information and attempt to defeat it.

     

    As far as I can tell, the new version of MRT performs the same actions as the original, i.e. it looks for selected malware/adware files in known locations, removes them and notifies the user.  The major difference is that it performs these scans at each startup, rather than one and done.  It is updated in the same manner as XProtect when you have "Install system data files and security updates" enabled in System Preferences->App Store.  The current version is 1.8 which was available on or about April 28.  To see if you are up-to-date check <Option>-->System Information->Software->Installations and look for "MRT Configuration Data".  Updates tend to come out when XProtect adds a new malware/adware signature since XProtect looks for installers and MRT looks for files already installed.  I have a pretty good idea what it's looking for, but again I will only say they bear a strong resemblance to files installed by some of the most recent software on the XProtect list.

  • by Leopardus,

    Leopardus Leopardus Jun 2, 2016 1:33 AM in response to JimmyCMPIT
    Level 4 (1,122 points)
    Desktops
    Jun 2, 2016 1:33 AM in response to JimmyCMPIT

    Stop pop-up ads in Safari - Apple Support

     

    See the last paragraph, it holds the key

     

    Leo

  • by Leopardus,

    Leopardus Leopardus Jun 2, 2016 2:02 AM in response to Kurt Lang
    Level 4 (1,122 points)
    Desktops
    Jun 2, 2016 2:02 AM in response to Kurt Lang

    Very interesting and enlightened, thank you Kurt!

     

    Leo

Previous Page 2