Amaya Toman At this year's RSA Conference, security expert Patrick Wardle unveiled a new software tool that uses Apple's GameplayKit platform to help protect Mac users from malware and suspicious activity.
The task of GamePlan, as the new tool is called, is to detect suspicious activity that could reveal the possible presence of malware. It uses Apple's GameplayKit to analyze its conclusions and findings. The original purpose of GameplayKit is to determine how games behave based on rules set by developers. Wardle took advantage of this feature to create custom rules that can reveal potential problems and details of a potential attack.
The functioning of the GameplayKit can be explained using the example of the popular game PacMan - as a rule we can mention the fact that the central character is being chased by ghosts, another rule is that if PacMan eats a larger energy ball, the ghosts run away. "We realized that Apple had done all the hard work for us," admits Wardle, and adds that the system developed by Apple can also be effectively used for processing system events and subsequent warnings.
macOS Mojave has a malware monitoring function, but GamePlan allows you to set very specific rules regarding what the system should look for and how it should respond to findings. It can be, for example, detecting whether a file is copied to the USB drive manually or whether this activity is performed by some software. GamePlay can also monitor the installation of new software and allows you to set very detailed rules.
Wardle is a security expert with years of experience in the industry, for example he recently pointed out how a bug in the Quick Look feature on macOS could potentially be used to reveal encrypted data. The release date of the GamePlan is not yet officially known.
It could be interest you
Source: Wired
