Google’s Santa macOS malware sniffer goes open source

“Google’s Macintosh Operations team have been working on a security application destined for Apple’s OS X ecosystem and has managed to attract the attention of the open-source community in the process,” Charlie Osborne reports for ZDNet. “Dubbed ‘Santa,’ the tool is a binary whitelisting and blacklisting tool for macOS. The software consists of a ‘kernel extension that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in case of a block decision and a command-line utility for managing the system and synchronizing the database with a server,’ according to the project’s page.”

“‘It is named Santa because it keeps track of binaries that are naughty or nice,’ Google’s team says,” Osborne reports. “As noted by The Register, both individual and mass-deployments are being kept in mind, as the Santa platform allows admins to manage a single accepted-and-rejected binary database.”

Osborne reports, “The security software is hosted on GitHib for people interested in poking around the code or setting up initial installations.”

Read more in the full article here.

MacDailyNews Take: Certainly sounds like it could be a useful tool, especially for stopping people from downloading, trusting, and installing malware on their Macs.


  1. Speaking of ‘trusting’, MDN, we are talking about a Google product here. The most invasive, spying, personal data collecting company on the planet (not to mention known thieves).

    Do poisonous scumbags and betrayers turn altruistic overnight?

    Hardly likely, is it? 🙄

      1. You can’t show .html tags on WordPress? Can’t delete ones’ own comments either!

        I meant to apologise for something going wrong with
        (Without the spaces)
        What a day.

    1. Ok, so, Google making an antivirus for Macs is like condom free Friday’s at your local brothel. To think a company that could careless about viruses, email, video, search. All they care about is your personal and private info. They want to collect it in whatever way they can. Use google apps at your own peril and afterwards take a real good shower with some really strong soap. Not to mention what they would do if given that level of access to your Mac. These are not the people to trust at all. If you think they are then enjoy your very vulnerable relationship with Google. You may get a computer STD (Spyware Transmitted Disease.)

    2. Over reaction much. Google has deployed tens of thousands of Macs for inhouse development work so who better to secure their Macs than inhouse written Google software?
      Open sourcing it removes one more barrier to enterprise and ensures scrutiny by independent security hackers.
      How is that at all bad?

  2. They should start by blocking malware writers from peppering “Google analytics” throughout their Java crapware. My wife ran across that Java malware crap that opens a new page in Safari and asks you to call a number because your “MAC” (lol) has been compromised. I used sitesucker and other tools to trace the source and the page was filled with references to google (cookies, analytics, etc).

      1. Thanks for pointing that out (JavaScript vs Java). I see no need to differentiate and just say “java” since most don’t know the difference, and those that do understand the reference.

  3. MDN, the tool, in concept, might be useful, but who in their right might would trust Alphabet/Google with a macOS kernel extension?

    Kernel extensions can do some really nasty stuff, and the user would never know it is going on. Hell, kernel extensions can keep things happening even when the computer is asleep.

    There have been several cases over the last 18 years (though much more so in the last 14 years) where Google’s stated intentions turned out to be far from reality once the product or service became pervasive. Why would anyone believe this product will be different?

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.