Slashdot Mirror
Many Mac OS Users Not Getting Security Updates
AmiMoJo writes "According to security company Sophos, around 55% of home users and 18% of enterprise users have updated to Mavericks, the latest version of Mac OS (10.9). Unfortunately Apple appears to have stopped providing security updates for older versions. Indeed, they list Mavericks itself as a security update. This means that the majority of users are no longer getting critical security patches. Sophos recommends taking similar precautions to those recommended for people who cannot upgrade from Windows XP."
Since you know, the switch ads told me Macs don't get viruses or other bad stuff
I don't want every update they send out. I wait to see if the updates make things worse (and there are updates for all sorts of software on every platform that can make things worse instead of fixing an issue).
I'm woking in a large university where you find a larger percentage of Mac and Linux systems. It's hell keeping all operating systems updated properly. Researchers get grants to do something then spend $2million on the custom systems build on a particular version of an OS. Now it's 5 years later are still using the old OS because it would cost another $1million to upgrade the custom code and get new equipment that doesn't use parallel ports for data transfers.
It all starts at 0
Far be it for me to say that a security company was using dodgy numbers to hype its product, but their MacOS adoption numbers are soley from Sophos-for-MacOS users, which I'd have to imagine is a really spectacularly unrepresentative sample. And their assertions that Mavericks was the only way to get security updates for MacOS going forwards seems to be contradicted by the fact that the previous version of MacOS was security patched when Mavericks was launched.
No kidding!!! What do you say at this point?
It is unfortunate that Apple didn't think that one through a little further.
If they are adopting the model of "the OS Upgrade IS a security update", then throw it in their normal update mechanism rather than having people seek it out.
Since they didn't, they must realize that there is a chance that their Upgrade could break things for people, so let them upgrade in their own time, and as such should back port the occasional update to the computers that they sold 3 months or so ago.
Thirty four characters live here.
If your Mac supports it, it seems to be a free upgrade. I got an email from Apple earlier this week offering the upgrade for free. Perhaps that`s their security strategy.
I will not personally use anything but open source software.
I'm not sure where the author gets the idea that Apple has stopped releasing security updates for older systems. The page linked from the summary lists updates for software for OS X 10.7 and up as recently as 16 December, a Java update for versions 10.6 and up on 15 October, and the most recent actual security update, also for versions 10.6 and up, on 12 September. Apple releases security updates when necessary, not every Tuesday like Microsoft. The fact that they've released an OS update, which includes security patches, for the most recent version of the OS without releasing one for older versions most likely means that the vulnerabilities addressed were not present in older versions; this has been the Apple release strategy for at least a decade.
When my iPhone 3G could not be upgraded to iOS4, I switched to andriod for security concerns.
Then my 2 generation intel Macbook Pro was too old to upgrade to Mavericks, so I bought a Lenovo.
I'm seeing a pattern here. I will not buy Apple anymore as a result of their withholding security updates from older and perfectly functional hardware. My response is not to buy a newer model, but to switch away from Apple products.
I initially switched to Apple because I liked their hardware and as a developer I wanted to experience a variety of OS's. Seeing how they abandon products only a few years old has left a sour taste in my mouth, I'm done buying Apple products, I've learned my lesson.
That's some real troll-bait comparing Mac OS to Windows XP. There's really little similarity. Microsoft is discontinuing security patches for a 12 year old OS. Apple is discontinuing security updates for an 18 month old OS.
I don't respond to AC's.
Looking at the Apple update release page there hasn't been a Security Update since Mavericks was released so there is no evidence to support the assertion from Sophos.
The last Security Update from Apple was 2013-004 and included updates for Snow Leopard, Lion, and Mountain Lion. Until Apple releases a security update that *only* targets Mavericks this is just Sophos FUD.
You may think me a tired, old, cynic. I'd have to disagree about the tired bit.
Mac OS was deprecated 12 years ago when OS X stepped in.
I have a 5.5 year old MBP and it runs Mavericks almost perfectly as well as it ran Leopard. The case for not upgrading to Mavericks if you have a x86 Mac that is the age of mine or newer is based almost entirely on being a curmudgeon who doesn't want someone telling him to just move onto the next version. The vast majority of the refuseniks are likely not savvy users objecting to the "iOSification" of MacOS X or something like that, but ordinary idiots who blink at you with a blank expression when you ask what version of OS X they use. "Huh? Macs haver versions?" Yeah. My wife and I have met a lot of casual Mac users who don't seem to understand that no, really, MacOS X has versions just like Windows and that using the same OS X that came with your Mac three or four years later is like saying "I don't need that service pack shit" on Windows.
I have an old, first-gen Mac Pro, which I use as a regular desktop. I tend to spend the bulk of my time in Windows, but I use OS X on occasion.
For whatever reason, the firmware on it is for 32-bit systems, something Mountain Lion and now Mavericks does not support. I'm still running Lion because I don't care about their new features and don't want to risk breaking something trying to hack it into working. Getting 64-bit Windows onto the machine was difficult enough.
So yeah, for me at least, it's because Apple doesn't want to give me security updates, not because I don't want to download them.
We'll keep pushing updates until we deem your platform obsolete and stop supporting it. Then you get nothing.
They did it with the iPad 1 after about two years and abandoned people.
Which is why I have replaced my iPad with a Google Nexus.
Apple is discontinuing security updates for an 18 month old OS.
Calling Mavericks a "new OS" is really something of a stretch. It is at best a modest revision of the previous version. When Apple does something as dramatic as the difference between XP and Vista or Windows 7 and Windows 8, then maybe it might be realistic to call it a new OS.
"I dislike Microsoft and Windows with a passion, but at least they don't arbitrarily decide that your PC is too old to run their latest operating system."
You mean like Linux dropping support for Pentium class CPUs?
For quite some time now, it's been Apple's policy to support the current OS release as well as the previous OS release. That means that since the release of Mavericks, they would be supporting Mavericks (current release) and Mountain Lion (previous release). But, this is also the first generation that the new OS 1) supports every machine that the previous release supported 2) is offered for completely free. So, practically speaking, there's very little reason to not just force all Mountain Lion users to upgrade to Mavericks to have support. However, I don't see any evidence on their page that they are even instating this policy? If they did, though, it would be very aggressive, but not really unremarkable for Apple.
Scorta futuere amo!
I am stuck on 7.5 for hardware reasons and still am getting security updates.
As long as it runs POSIX and an X11 server, it should run desktop applications designed for desktop Linux or FreeBSD with minimal porting work. The POSIX-certified versions of Windows did not include an X11 server and therefore were not very useful as *n?x workstations. Likewise, despite using the Linux kernel, Android uses different apps because its GUI layer runs on something other than an X11 server.
Apple, PC or otherwise, there are just too many people who are willfully ignorant of computer security... They think they are some kind of club
I'm running Doom in Win8, does that count?
Compatibility mode in Win8.1 goes as far back as Win95. It's not guaranteed but I've got 15-year old Windows programs written under NT4 to work under Win8.1.
The Mac was a PC exactly to the extent that an ST or Amiga was a PC. Until the Intel transition, the architecture of the Mac wasn't anywhere near that of the IBM-compatible (now Lenovo-compatible) PC. Nor was the architecture of Mac OS or OS X anything like that of MS-DOS or Windows.
Then you must be using a 32-bit version of Windows 8.1. The x86-64 version of Windows does not run 16-bit applications (such as Windows 3.1 applications), DOS+DPMI applications (such as Doom), or 16-bit games (such as Donkey Kong Country) without an emulator (such as DOSBox or higan).
If it's a properly network-isolated setup, who gives a fuck how old the security is?
Tell that to the Iranians who got their centrifuges destroyed by Stuxnet. Network isolation is not necessarily enough.
So if someone has a computer that is too old to run Mavericks, he's SOL with regards to security issues?
Throwing a wrench in all of this of course is Apple's decision to stop charging for new Mac OSes as of Mavericks. Since it's free, is it a new OS or is it just another patch for Mountain Lion?
If the system requirements have increased, it is a new operating system because it is likely to require hardware replacement.
To use Microsoft as an example here, they treat Windows 8.1 as a service pack for Windows 8
The system requirements of Windows 8.1 are identical to those of Windows 8, and they don't even differ noticeably from those of Windows Vista.
I have a MBP provided to me by a contractor to a Large Government Agency.
It has mandated anti-virus (which kills the battery), mandated third-party whole-disk-encryption (instead of File Vault), mandated third-party remote backup (instead of Time Machine), mandated third-party remote access...
The contractor support team routinely takes a year or more to certify the mandated suite for new OS releases.
I will probably be on 10.8 on this MBP in 2015, considering we leaped forward from 10.6 last year.
To a Lisp hacker, XML is S-expressions in drag.
Speaking of universities, the Lehigh virus spread through Lehigh University without networking.
My last upgrade broke my entire software development process:
1. Upgraded to Mavericks and Xcode 5.
2. Command line tools were silently uninstalled without asking me. I needed them, so I found a web site that explained how to get them with Xcode 5 since they're no longer anywhere obvious you can get them from within Xcode 5.
3. But now ant is no longer included!
4. Downloaded ant binaries from Apache.
5. Mavericks had silently uninstalled the JDK.
6. Again found a web site that had a command to restore the JDK.
All this to get back to where I was to begin with!!! Does Apple not think there's a reason this stuff was installed in the first place? At least ASK if it should be uninstalled rather than silently doing it?
If you wanted any of those Windows-only business applications you could always just run XP or 7 in a virtual machine. Parallels is fast due to hardware acceleration but it costs money, and VirtualBox is free but not quite as fast. I know of a CEO who uses a MacBookPro exclusively, where all of the business software is Windows-only and he uses ether Parallels or Boot Camp for the odd occasion when he wants to delve into the workers' business output.
I'm running one of the DOOM clones (zdoom I think), probably written around the W95 era so maybe 20 years old.
Based on a quick Google search, ZDoom appears to be a source port to Windows. This and other 32-bit Windows applications run in 64-bit Windows.
Are there emulators like DOSbox for Mavericks to run 68k MacOS programs?
There is Basilisk, but not being a regular Mac user I can't offer an opinion on it.
Unfortunately Apple appears to have stopped providing security updates for older versions.
A statement that is cast into severe doubt by the continuing appearance of security updates for older versions, like Safari 6.1.1 on December 16th, Apple Remote Desktop 3.5.4 on 22 October and the lack of any claim that Apple has stopped releasing security updates in the article they link to to support their claim that Apple has stopped releasing security updates. It does talk about some of the security updates in 10.9 - a couple of which are covered by those Safari and Remote Desktop updates. As for the rest, TFA doesn't take the trouble to actually establish whether they are fixes c.f. 10.8 or fixes for issues in the 10.9 beta that was widely released to developers - so neither will I.
Now, is Apple maybe prioritising which security fixes it backports to 10.8 or earlier, and only bothering with the "OMG remote pwnage imminent" ones? Maybe. I will try and contain my fear.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
Ubuntu runs FANTASTICALLY on that "out of date" hardware.
I have a couple of 24" iMac's that are the bit white plastic variety that utterly scream running linux. It's still fantastic hardware, s oyou can use a different OS on it to keep it in service. Makes an awesome Kitchen PC.
Do not look at laser with remaining good eye.
When Apple dropped support for Rosetta in 10.7 it means that I couldn't run Eudora on anything higher than 10.6. Eudora is still the greatest email software ever written. Losing it isn't worth updating MacOS beyond 10.6. But I would be happy if Qualcomm would finally release the source so it can be updated to run without Rosetta. Yes I know about the Eudora-Thunderbird integration but that was an abomination which was later abandoned.
Maybe some people aren't updating because new OS X features have been more annoying than helpful of late. Taking "Save As" out of textedit and creating a version control system was the point where I decided I'd wait out future upgrades until I had the time to read about what people were whining about with the new version.
A few weeks ago my Mac started nagging me to instal the latest patches for 10.6.8. ...
Did not do that yet
Anyway: I really doubt Apple has or will stop system updates for 10.6.x, 10.7.x or 10.8.x.
They never have done something like that before and I doubt they ever will.
It does not even make any sense.
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
Mac OS X Mavericks (10.9) has the same requirements as Mountain Lion (10.8). So the comparison to Windows 8.0 and 8.1 is correct.
...I dislike Microsoft and Windows with a passion, but at least they don't arbitrarily decide that your PC is too old to run their latest operating system.
Microsoft just did this... Windows 8.1 64-bit has a requirement that your CPU (and BIOS) support the "CMPXCHG16b" instruction, which does not exist on all AMD64 processors, especially early AMD models, and some Intel ones where the manufacturer has (for some reason) disabled the instruction via BIOS--often without an explicit option to turn it on. So, those people are stuck on Windows 8.0 64-bit or need to "up/downgrade" to Windows 8.1 32-bit, which doesn't require the instruction.
http://www.pcworld.com/article/2058683/new-windows-8-1-requirements-strand-some-users-on-windows-8.html
Of course, Microsoft is setting themselves up for a lawsuit since they went on record giving Windows 8.0 a 10-year support lifecycle, which has now been changed to a ~3 years, and don't offer a free license to go from 64-bit Windows to 32-bit... Ironically, Windows Server 2012 R2 (which is 64-bit only) does not require this instruction, so there's some real confusion as to what has been gained by this requirement change...
Windows 3.1x calc: 3.11 - 3.10 = 0.00
The second gen Macbook Pro is supported with Mavericks. In fact, the only Macbook Pros not supported seem to be the original 32 bit only ones.
Careful, some "32-bit" Macs have 64-bit hardware but Apple never wrote 64-bit drivers and thus restricted these Macs to 32-bit versions of Mac OS X.
When my iPhone 3G could not be upgraded to iOS4, I switched to andriod for security concerns.
Funny,
when I got Galaxy S, it was never updated to new Android release (ever). I switched to iPhone TO BE ABLE TO GET the latest OS updates for security reasons. At least, with Apple, I am guaranteed 2-3 years of updates from release date. On Android, with US phone companies to "support" you, you are guaranteed NO updates ever.
I have learned the lesson differently ;-)
Buy your Android phone from Google and you will get updates. At least until the system requirements exceed the installed RAM, which is basically what is happening with the Apple phones.
but the one app I have to have on this company laptop is Parallels, and as it so PAINFULLY and FREQUENTLY pops up in my face, I can't run the version I had just bought a few months ago with Mavericks... like that wasn't a known quantity or anything. I guess I just don't ever get another security update, because I refuse to feed a company money for an 'upgrade' to their product (like it wouldn't work anyways) every time a security update is released. BLAH
If I sound stupid, it's not me talking....
So no, I'm not doing it. Maybe I'm paranoid but I can accept my phone requiring an iTunes account, but I will not put an apple account or anything on my personal computer.
I also suspect that this means that to get these security updates I will need to be logged in to get updates, even if I got mavericks from another "source", so not gonna happen for me, that's my limit...
Sophos says that the security updates have stopped for anything older than Mavericks, but the article they link to has updates for 10.7, 10,8, and 10.9 in it that are less than 30 days old.
So I'm not sure how they are reading this that Apple isn't releasing updates.
You are an inflexible autist. This is the problem you are facing.
I stopped upgrading macos at 10.7.5
I run vmare fusion for my linux vms... 3d runs fine. I upgraded to mavericks last week. man I'm lucky I cloned my 10.7.5 system drive. ... you end up with gray boxes over the eyes. I rebuilt my iPhoto database.. same issue. Next..the nre imovie upgrade was CRAP. Dumbed down to the point a 4 year old could use it.. but the library/event management and all are all gone.
iPhoto is broken.. when you use redeye eleliminator you don't get the redeye you
many tools and effects are gone. Next issue.. when you use 64bit addressing there is a cost. the cost is memory. My machine has 18gb... so I figured no biggie.
Bzzzzzz.. wrong. I usually run a vm.. my linux web servers are running in a vm while I develop inside my eclipse environment on my mac desktop.
well my whole environment just worked better in 10.7.5
If this is the direction apple is going I am going to go to 100% Linux. I am already test using Cineralla for my video editing.
I don't want a dumbed down operating system.
I switched back to 10.7.5, upgraded my video card to an nvidia gtx 560 (thank you nvidia for support PC cards in a MAC!
I made a carbon copy clone of mavericks and sometimes I boot the drive in my ESATA Black Widow dock. All I have to say is apple keep you dumbed down operating systems on iphones and tablets. Desktops should not be dumbed down.
I don't care about any network security issues. I've got a firewall(real firewall not software on the desktop) between my home network and the outside.
I do port forwarding only for devices and services that I want to reach form the outside.
Keep singing those praises fanboi.
We need legacy support.
It is only greed and laziness that prevents this.
With graceful fall back Apple could keep supporting old hardware back to the last century.
More importantly I want support for old software into the new operating systems so we can continue to access our data.
OS X 10.9 Mavericks (a security update) disables the ethernet hardware so the user cannot downgrade 10.6.x.
This is like the joke about the NSA's new supercomputer avatar that when the switch was flipped on, it came out of its closet, looked around frantically, found a loaded M1911, cocked the trigger, put barrel to head, pulled trigger.
Ha ha }:-D
Ever tried to program on that thing? It was good for publishing and graphic design. Of course now OS X is good for a wide variety of things like publishing, graphic design, and DJing. My how far they have come.
Until then, I can't move off 10.6.8 until there's a real alternative to Macromedia Freehand MX (and no, Illustrator, which I've been using since v3.2 is not an alternative).
There are lots of other people with other PowerPC apps which they need --- either write replacements (I'm still looking for my nightly builds stage stack devs --- I donated) or allow people to use their old apps.
Since I only use PPC macs. I understand many Intel macs can't go to Mavericks either.
Can't "upgrade" to Mavericks because the software I use is not certified for Mac OS X 10.9.
Can one significantly reduce the risk by turning the firewall on its maximum setting and trying to use only FOSS applications where possible?
Source ports of Doom are 32-bit Windows applications, and 32-bit Windows applications run in 64-bit Windows. But not all 16-bit or DOS+DPMI applications happen to have source ports to 32-bit or 64-bit Windows. Emulators are useful for running apps that lack a source port.
That is just flat-out wrong. There are several models which can run 10.8 but cannot run 10.9.
I have seen 10,8 machines getting security updates since 20.9 launched.
That is just flat-out wrong. There are several models which can run 10.8 but cannot run 10.9.
Apple's listed specs look the same to me. The MacBook list was consolidated but they are equivalent.
OS X Mavericks: System Requirements
http://support.apple.com/kb/ht5842
To install Mavericks, you need one of these Macs:
iMac (Mid-2007 or later)
MacBook (13-inch Aluminum, Late 2008), (13-inch, Early 2009 or later)
MacBook Pro (13-inch, Mid-2009 or later),
MacBook Pro (15-inch or 17-inch, Mid/Late 2007 or later)
MacBook Air (Late 2008 or later)
Mac mini (Early 2009 or later)
Mac Pro (Early 2008 or later)
Xserve (Early 2009)
Your Mac also needs:
OS X Mountain Lion, Lion, or Snow Leopard v10.6.8 already installed
2 GB or more of memory
8 GB or more of available space
OS X Mountain Lion system requirements
http://support.apple.com/kb/ht5444
To install Mountain Lion, you need one of these Macs:
iMac (Mid 2007 or newer)
MacBook (Late 2008 Aluminum, or Early 2009 or newer)
MacBook Pro (Mid/Late 2007 or newer)
MacBook Air (Late 2008 or newer)
Mac mini (Early 2009 or newer)
Mac Pro (Early 2008 or newer)
Xserve (Early 2009)
Your Mac needs:
OS X v10.6.8 or OS X Lion already installed
2 GB or more of memory
8 GB or more of available space
Because Microsoft didn't start to give a rat's ass about security until Windows 7, leaving hundreds of millions of vulnerable computers from buggy code and open services.
Because XP has a critical design flaw: piss poor privilege separation. Even some of Microsoft's own apps had to be run as Administrator to launch.
Because Microsoft dropped the ball on Longhorn. Hell, we're still waiting on some of the (actually useful) features that were promised a decade ago.
Because Vista was an abomination worse than ME, and Windows 8 went so far down in the bottom of the barrel that they had to dig a new basement for it. And they all have dramatically higher hardware requirements than XP.
Because Microsoft overcharges for Windows, badly. Whereas Mountain Lion was $30, and Mavericks is free.