Mac OS System Security Updates

I think you probably have figured out I take security on my Mac pretty seriously. I think Apple does as well as evidenced by their Xprotect malware protection built into the macOS. However, the ultimate responsibility for protecting our Macs lies with us.

Mac Security

There are tons of articles online these days about ways to secure your Mac from hackers, viruses and malware. I have taken several different steps over the years including using virus and malware checking programs. My latest foray into increased Mac security is adding a VPN to my network (see my VPN article). Along with all the things you and I can do to protect our Mac’s, Apple does have a few security things going for it. The fact that they control the certificates issued for software in the App Store is a big plus against installing infected software. One of the most useful things they have done in the last few years is to implement something called Xprotect into the Mac OS.


So what is Xprotect? It is Apple’s anti-malware feature built right into Mac OS. Here is a typical definition:

The built-in anti-malware protection on Mac OS X is known as “XProtect,” which is technically a feature built into “File Quarantine.” This feature was added back in 2009 with Mac OS X 10.6 Snow Leopard.

When you open an application downloaded from the Internet using a “File Quarantine-aware” application like Safari, Chrome, Mail, or iChat, you’ll see a warning message informing you the application was downloaded from the web along with the specific website it was downloaded from and when.
– via

Xprotect is somewhat limited, but it is helpful. However, you have to make sure this feature is activated. Go into System Preferences and click on “App Store:”


Once you are in this area make sure that “Install system data files and security updates” is checked:


If this box is checked, then any updates for Xprotect will be installed on your Mac in the background. A recent example of this is the DoK malware that just came onto the Mac scene. Apple revoked the certificate for this pernicious app in the App Store and updated Xprotect over the weekend. You did not see the update, but they did do it.

While you are in the App Store Pref Pane check some of the other settings. As you can see, I do not have “Install macOS updates” checked. I prefer to wait a bit after an update is released and I prefer to install the Combo Updater anyway.


You cannot be too secure on your Mac these days. Apple does a few basic things, but the main responsibility for securing your Mac is up to you.