By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated ' Gatekeeper' by Apple.
Software installed from a CD or other media is not checked.ģ. It only applies to software downloaded from the network.
This feature is transparent to the user, but internally Apple calls it 'XProtect.' The malware recognition database is automatically checked for updates once a day however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.Ģ.