Jamf Protect Series: macOS quietly keeps you secure

With an increase in macOS market penetration comes a new risk vector for enterprises of all sizes. Therefore, both the thinking that surrounds endpoint cyber-security and the products that are used to manage the risks require a step change.

August 24 2020 by

Mark Walker

Mac is finding its way into an increasing number of business environments, across nearly all sectors and industries. This is seen regardless of organisation size, from small businesses to large corporate enterprises. And this is not just Apple marketing; industry analysts are saying the same thing[1]. In the last five years statistics show that while it still dominates in terms of market share, the use of Microsoft Windows is globally in decline. Though some of this market loss will be attributable to the rise of mobility with devices running iOS or Android, it’s clear that the use of macOS has notably increased.

An observation can be drawn from this that employees are increasingly demanding to have an equity of experience in both their home and work lives. As employers have a harder time attracting the skillsets they require (particularly in this strange ‘new normal’ resulting from COVID-19); employee choice programmes are becoming more common. The logic is clear; people are naturally more productive on devices that they want to use and enjoy using. Contrary to the once-popular view in the enterprise that “Mac devices are just too expensive when compared with Windows devices”, the ROI on purchasing a Mac is very compelling[2] when you factor in staff satisfaction, productivity and retention.

With an increase in macOS market penetration comes a new risk vector for enterprises of all sizes. Many enterprises have, to date, been heavily based on Microsoft Windows technologies and have built up a variety of technology solutions and infrastructure to mitigate cyber security risks. However, macOS is a fundamentally different technology. Therefore, both the thinking that surrounds endpoint cyber-security and the products that are used to manage the risks require a step change.

There’s a common misconception that macOS isn’t vulnerable to malware, at least not to the same degree that Windows devices are. This is simply not true; macOS hasn’t been a focus for malware authors simply because it held a relatively smaller market share. As this changes, so does the focus of malware authors.

Fortunately, macOS comes shipped with a variety of technologies designed to protect against these threats from the moment you fire up your Mac.


Though Apple would prefer downloading applications from the App Store, this technology is used to validate third-party applications through a combination of three specific checks:

  • Is it signed with a valid developer ID signature?
  • Has it been notarized (scanned for known malware) by Apple?
  • Has the user been asked and positively approved the installation?


This is Apple’s own signature-based anti-malware solution, with the signature list being updated periodically. Working quietly in the background within macOS, most users (and IT teams) don’t realise it’s even there. XProtect scans files on execution (or download in certain cases), but it does not constantly check and monitor the filesystem. As a result, it’s light on system resources.

Malware Removal Tool (MRT)

This tool periodically scans macOS systems to remove identified malware using a signature-based approach. Apple updates the signature list periodically.

System Integrity Protection

This technology is designed to prevent potentially malicious software from modifying critical system files and folders. It works by restricting the root user account from modifying protected parts of macOS.

Depending on your organisation’s security posture, these built-in macOS protection mechanisms could be all you need. After all, layering on a traditional multi-vendor solution that is designed predominantly to look for Windows malware could be expensive and may negatively impact the unique Mac experience that users love — through background file scans, for instance.In future blogs in this series I’ll be looking further into the management of macOS security in the enterprise. The built-in macOS protection is good, so what can we do to gain visibility of what’s actually happening in our Mac estates? How do we integrate incumbent Windows estate management tools with macOS management? How do we handle the pace at which macOS malware is growing? Stay tuned for the next part of our Jamf Protect Series to learn more.

Ready to fully protect your devices?

Ensure your Apple devices are safe from threats with your trial of Jamf Protect.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.