Forgot your password?
typodupeerror
OS X Security

Many Mac OS Users Not Getting Security Updates 380

Posted by Soulskill
from the security-updates-aren't-sexy dept.
AmiMoJo writes "According to security company Sophos, around 55% of home users and 18% of enterprise users have updated to Mavericks, the latest version of Mac OS (10.9). Unfortunately Apple appears to have stopped providing security updates for older versions. Indeed, they list Mavericks itself as a security update. This means that the majority of users are no longer getting critical security patches. Sophos recommends taking similar precautions to those recommended for people who cannot upgrade from Windows XP."
This discussion has been archived. No new comments can be posted.

Many Mac OS Users Not Getting Security Updates

Comments Filter:
  • Does it matter? (Score:3, Insightful)

    by jaymz666 (34050) on Friday January 10, 2014 @10:34AM (#45916103)

    Since you know, the switch ads told me Macs don't get viruses or other bad stuff

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Yeah, it's not like Macs suffer the same design and interface problems that made Windows 8 or Unity. Apple designed their system right the fiiiiiirrrrrrrrrrrrrr...

      *head falls to the side, images from the latest WWDC can be seen flickering on eyeballs*

      ...rrrrrrrrst ugh are you STILL using Mavericks? Pssh, please. Snow Cheetah has been announced for a whole 7.33921 seconds already. Get with the times! Apple fixed all the obvious system design problems Mavericks has, making perfection even more perfecter!

      • Re:Does it matter? (Score:5, Insightful)

        by Anonymous Coward on Friday January 10, 2014 @10:49AM (#45916253)

        Apple fanboys and apple haters should be banned from slashdot. They have this illusion that they are two separate groups of people. The fact is that they are a single bunch of idiots.

        • Re:Does it matter? (Score:5, Insightful)

          by alexhs (877055) on Friday January 10, 2014 @11:31AM (#45916747) Homepage Journal

          Apple fanboys and Apple haters should be banned from slashdot. They have this illusion that they are two separate groups of people. The fact is that they are a single bunch of idiots.

          Android fanboys and android haters should be banned from slashdot. They have this illusion that they are two separate groups of people. The fact is that they are a single bunch of idiots.
          Microsoft fanboys and microsoft haters should be banned from slashdot. They have this illusion that they are two separate groups of people. The fact is that they are a single bunch of idiots.
          Vi fanboys and vi haters should be banned from slashdot. They have this illusion that they are two separate groups of people. The fact is that they are a single bunch of idiots.
          Emacs fanboys and Emacs haters should be banned from slashdot. They have this illusion that they are two separate groups of people. The fact is that they are a single bunch of idiots.
          Bitcoin fanboys and bitcoin haters should be banned from slashdot. They have this illusion that they are two separate groups of people. The fact is that they are a single bunch of idiots.
          True scotmen fanboys and true scotmen haters should be banned from slashdot. They have this illusion that they are two separate groups of people. The fact is that they are a single bunch of idiots.

          Who's left ? :)

        • by 228e2 (934443)
          I was going to post exactly this. With my work now done, its time for an early lunch.
        • Re: (Score:3, Insightful)

          by StrangeBrew (769203)
          Steve Jobs greatest achievement was convincing the world that a Mac wasn't a PC.
          • Was the Amiga a PC? (Score:3, Informative)

            by tepples (727027)
            The Mac was a PC exactly to the extent that an ST or Amiga was a PC. Until the Intel transition, the architecture of the Mac wasn't anywhere near that of the IBM-compatible (now Lenovo-compatible) PC. Nor was the architecture of Mac OS or OS X anything like that of MS-DOS or Windows.
          • Re:Does it matter? (Score:5, Insightful)

            by iksbob (947407) on Friday January 10, 2014 @01:03PM (#45918011)

            Putting aside the ranking of Jobs' achievements, convincing the world of the non-PCness of Macs pales in comparison to Gates' achievement: Convincing the world that all PCs run Windows.

        • by celle (906675)

          "Apple fanboys and apple haters should be banned from slashdot. They have this illusion that they are two separate groups of people. The fact is that they are a single bunch of idiots."

          You mean like the nuke apologists and environmentalists, vi vs emacs, apple vs pc, MS vs linux, etc, etc, etc. This board would be out of business without the 'biased' especially with Dice running the show. We all know this is true and we all willingly visit this board, so who are the real idiots again?

    • Re:Does it matter? (Score:4, Informative)

      by Anonymous Coward on Friday January 10, 2014 @10:44AM (#45916209)

      Security updates aren't just for viruses.

      That being said, I use a mac and I cannot upgrade to 10.9 because my machine isn't supported. It still does everything I need it to do, it's not slow. I don't think Apple doesn't support it because the hardware IS too old (Intel processor and all), I just think it's because Apple THINKS the hardware is too old. I can tell you that this is the last mac I buy. I dislike Microsoft and Windows with a passion, but at least they don't arbitrarily decide that your PC is too old to run their latest operating system. It may not run it fast, but generally it will run it.

      Linux only from now on.

      • by TWiTfan (2887093) on Friday January 10, 2014 @11:01AM (#45916417)

        Father Steve only extends his divine blessings to those with the faith to maintain the latest holy hardware. Obviously, you have lost your faith and become a Windows or Linux heretic. Expect no welcome in the Great Apple Store when the end comes!

      • So if your Mac is unsupported, install Fedora 20 on it and you'll be on the bleeding edge again.
      • by jaymz666 (34050)

        This!

        The "free OS upgrades" are such a freaking lie.

      • Re: (Score:2, Insightful)

        by garyoa1 (2067072)

        The problem I "had" with Mac was, if I wanted to update some programs... sorry. OS is too old. Update the OS and another prog says.... sorry, OS is too new.

        And I look over at the win8 machine that can still run dos based progs 20- 25 years old and say... why?

      • by ray-auch (454705)

        Actually MS do decide sometimes - or at least they release required specs and checking tools (upgrade adviser) and sometimes your machine cannot be upgraded.
        One of my PCs is about to go there - on XP and insufficient spec to upgrade to win7. But then, the machine is 12+ years old, and although it still does everything it did when it was bought, and just as well as it did then, my phone probably has more memory and more CPU power.

        The big thing that MS does do well is provide EOL dates well ahead of time for

    • I'm fairly certain he's being sarcastic but at the same time clueless since they do catch viruses constantly from 3rd party plugin-based attacks.
  • by zerosomething (1353609) on Friday January 10, 2014 @10:44AM (#45916205) Homepage
    I'm woking in a large university where you find a larger percentage of Mac and Linux systems. It's hell keeping all operating systems updated properly. Researchers get grants to do something then spend $2million on the custom systems build on a particular version of an OS. Now it's 5 years later are still using the old OS because it would cost another $1million to upgrade the custom code and get new equipment that doesn't use parallel ports for data transfers.
    • by Geoffrey.landis (926948) on Friday January 10, 2014 @10:50AM (#45916259) Homepage

      ...Now it's 5 years later are still using the old OS because it would cost another $1million to upgrade the custom code and get new equipment that doesn't use parallel ports for data transfers.

      In general, changing the OS breaks some stuff that used to work. It's always best to wait until the people willing to be drive the software first have found workarounds to the problems.

      Or you can call support, which will tell you "Oh, that doesn't work with the new operating system."

    • by Hatta (162192) on Friday January 10, 2014 @11:08AM (#45916489) Journal

      Indeed. We have a microscope that's hooked up to a G4 powermac running 10.2. The company that made the camera doesn't exist anymore, and the most recent software available for it is for XP. The solution? Firewall the microscope computer except for communication with the department file server.

      • by jader3rd (2222716)

        The solution? Firewall the microscope computer except for communication with the department file server.

        But those type of situations are fine; you've got a dedicated device doing a dedicated thing. Usually in those situations having a full OS is over kill and the system should have been built with an embedded OS in the first place. The type of scenarios which are worrying are ones where the computers are peoples internet personal files machines.

      • by Nemyst (1383049)
        The physics dept over here still has computers running on Windows 98 because the scanner parts they're using don't work with anything else. They're dog slow, they don't support USB keys and they run on the shittiest screens I've ever seen, but they're the only thing that runs those old parts. At least they have the best firewall ever made: they aren't networked.
      • by Solandri (704621) on Friday January 10, 2014 @01:04PM (#45918017)
        Hah. My uncle's print shop has a $20,000 laser film printer whose manufacturer folded in the early 1990s. The only drivers that work are for Windows 3.0 and Mac OS 7 (also works on 9, but not 10). So his fancy new graphics design computers send their output to an ancient Power Mac 8100 (with all of 32 MB of RAM) for printing silkscreens. It's so old that last time I visited to fix a problem he was having, the power button snapped off because the plastic had become brittle with age.

        Nice to know he's not the only one in this type of situation. Software people need to realize that constantly updating is sometimes not an option, and for certain applications (like dedicated hardware drivers) you need to treat the software like an embedded system and make it as robust as you can out the box. Software may be obsolete in 3 years, but hardware can frequently last for 25+ years. (It prints onto roll film that's about 28 inches wide for printing posters, so please don't say just buy a new printer from Staples. Replacements are currently about $2500+ for inkjet, $10k+ for laser.)
    • Re: (Score:3, Interesting)

      If it's a properly network-isolated setup, who gives a fuck how old the security is?

      • If it's a properly network-isolated setup, who gives a fuck how old the security is?

        Tell that to the Iranians who got their centrifuges destroyed by Stuxnet. Network isolation is not necessarily enough.

    • Now it's 5 years later are still using the old OS because it would cost another $1million to upgrade the custom code and get new equipment that doesn't use parallel ports for data transfers.

      How old are your Macs if they have parallel ports? Since the original iMac (in 1997!), it's been Firewire, USB and now Thunderbolt. And before then I thought they used serial or ADB. Or are you just trolling?

  • Just no (Score:5, Informative)

    by Sockatume (732728) on Friday January 10, 2014 @10:47AM (#45916227)

    Far be it for me to say that a security company was using dodgy numbers to hype its product, but their MacOS adoption numbers are soley from Sophos-for-MacOS users, which I'd have to imagine is a really spectacularly unrepresentative sample. And their assertions that Mavericks was the only way to get security updates for MacOS going forwards seems to be contradicted by the fact that the previous version of MacOS was security patched when Mavericks was launched.

    • Re:Just no (Score:4, Informative)

      by AmiMoJo (196126) * <mojo@@@world3...net> on Friday January 10, 2014 @11:22AM (#45916615) Homepage

      If you check the linked page you can see that since Mavericks was released, listed as a security update, all other OS level updates and many of the app updates have required it. They claim not to support older versions.

    • And their assertions that Mavericks was the only way to get security updates for MacOS going forwards seems to be contradicted by the fact that the previous version of MacOS was security patched when Mavericks was launched.

      A big part of the reason they can even get away with that claim is because Apple doesn't publish a proper software lifecycle policy. For all I do like about Apple, that's the one big thing I feel they do wrong. Mac OS X and iOS badly need a documented support policy so that it's clear how

      • Throwing a wrench in all of this of course is Apple's decision to stop charging for new Mac OSes as of Mavericks. Since it's free, is it a new OS or is it just another patch for Mountain Lion?

        If the system requirements have increased, it is a new operating system because it is likely to require hardware replacement.

        To use Microsoft as an example here, they treat Windows 8.1 as a service pack for Windows 8

        The system requirements of Windows 8.1 are identical to those of Windows 8, and they don't even differ noticeably from those of Windows Vista.

  • by tysonedwards (969693) on Friday January 10, 2014 @10:48AM (#45916245)
    It is unfortunate that Apple didn't think that one through a little further.
    If they are adopting the model of "the OS Upgrade IS a security update", then throw it in their normal update mechanism rather than having people seek it out.

    Since they didn't, they must realize that there is a chance that their Upgrade could break things for people, so let them upgrade in their own time, and as such should back port the occasional update to the computers that they sold 3 months or so ago.
    • by Sockatume (732728)

      Don't all OSX updates come through the App Store now? Where they then show you a half-screen banner prompting you to download 10.9 if it's compatible?

      • SoftwareUpdate isn't a part of the Mac App Store (different servers, backed, syncing, check mechanism, ...), despite being on a tab presented in the Mac App Store, aside updates that do come from there. And you do understand that there is a difference between "please download this, create an account, type in a couple passwords, have a credit card on your account, ..." And just press "update", right?
        • by Sockatume (732728)

          Well that's what I was asking, hasn't the App Store replaced the old "software update" mechanism for the delivery of OS-level updates?

    • Re: (Score:2, Troll)

      by MisterSquid (231834)

      It is unfortunate that Apple didn't think that one through a little further. If they are adopting the model of "the OS Upgrade IS a security update", then throw it in their normal update mechanism rather than having people seek it out. Since they didn't, [. . .]

      It is unfortunate that you didn't think your post through a little further.

      I'm running Mac OS 10.8.5 (Mountain Lion) on two machines, and I am notified once every few days by the "App Store" application (which is the update mechanism for OS X starting with Mac OS 10.7 Lion) that Mavericks is ready to install.*

      In other words, Mavericks *is* included as part of Apple's "normal update mechanism" and "normal people" do not have to seek it out; Mavericks seeks out them.

      *I've not upgraded these two machines becau

  • Yes, they are. (Score:5, Informative)

    by tirerim (1108567) on Friday January 10, 2014 @10:52AM (#45916303)
    I'm not sure where the author gets the idea that Apple has stopped releasing security updates for older systems. The page linked from the summary lists updates for software for OS X 10.7 and up as recently as 16 December, a Java update for versions 10.6 and up on 15 October, and the most recent actual security update, also for versions 10.6 and up, on 12 September. Apple releases security updates when necessary, not every Tuesday like Microsoft. The fact that they've released an OS update, which includes security patches, for the most recent version of the OS without releasing one for older versions most likely means that the vulnerabilities addressed were not present in older versions; this has been the Apple release strategy for at least a decade.
    • Re:Yes, they are. (Score:5, Informative)

      by Sockatume (732728) on Friday January 10, 2014 @10:59AM (#45916387)

      Their support for that assertion is a link to one of their own articles:

      1) From three months ago
      2) Before 10.9 launched
      3) Right after a major OSX 10.8 software update had been released
      4) Which has had its thesis contradicted by the series of subsequent updates you list

      I don't think Sophos are in the "critical thinking" business.

      • Re:Yes, they are. (Score:5, Informative)

        by AmiMoJo (196126) * <mojo@@@world3...net> on Friday January 10, 2014 @11:31AM (#45916745) Homepage

        Here is the list from Apple's own web site, linked to in the summary:

        19 Dec 2013 Motion 5.1 (OS X Mavericks v10.9 or later)
        16 Dec 2013 OS X Mavericks v10.9.1
        16 Dec 2013 Safari 6.1.1 and Safari 7.0.1 (OS X Lion v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9)
        22 Oct 2013 Apple Remote Desktop 3.7 (Apple Remote Desktop 3.0 or later)
        22 Oct 2013 Apple Remote Desktop 3.5.4 (Apple Remote Desktop 3.0 or later)
        22 Oct 2013 OS X Server 3.0 (OS X Mavericks v10.9 or later)
        22 Oct 2013 Keynote 6.0 (OS X Mavericks v10.9 or later)
        22 Oct 2013 OS X Mavericks v10.9 (Mac OS X v10.6.8 and later)

        (Windows and iOS updates omitted)

        So after the 22nf of October 2013 when Mavericks was released they don't seem to be back-porting all their patches for either the OS or all apps. Note that the 16th December patch to Mavericks appears to fix bugs that exist in older versions of Mac OS, which did not receive an update. There are all security patches specifically, not just feature updates.

        • Um, "16 Dec 2013 Safari 6.1.1 and Safari 7.0.1 (OS X Lion v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9)"? They haven't released a general security update in 4 months." Java for OS X 2013-005 and Java for Mac OS X v10.6 Update 17 Mac OS X v10.6.8, OS X Lion v10.7 or later, OS X Mountain Lion v10.8 or later 15 Oct 2013" Let me start planning for the apocalypse now.
    • Re:Yes, they are. (Score:5, Insightful)

      by Lawrence_Bird (67278) on Friday January 10, 2014 @11:28AM (#45916719) Homepage

      So.. what about users pre 10.6? Forgotten? Microsoft still supports XP Does Apple still support OS X 10.1? They were released at the same time in 2001. I think nothing illustrates the difference between the companies than that fact. Apple obsoletes their users by force while Microsoft bends over backwards to maintain not only support but backward compatability.

      • Re:Yes, they are. (Score:4, Insightful)

        by Tom (822) on Friday January 10, 2014 @02:27PM (#45918959) Homepage Journal

        Yeah, but there's been only 2 releases of windows since then, while there have been 7 releases of OS X.

        The iteration cycle of OS X is faster. If you don't like it, then nobody forces you to buy it, stay with windows.

        Also, a new version of OS X is something like 20 or 30 bucks, while a new version of windows is ten times that amount. There's little excuse to still be running OS X 10.1

      • Re:Yes, they are. (Score:4, Insightful)

        by Anubis IV (1279820) on Friday January 10, 2014 @05:30PM (#45921143)

        It's true. And there are benefits and drawbacks to doing so.

        For Microsoft, it means that their customers rarely get left behind, and that they rarely will upgrade to discover that their favorite seldom-used feature has been phased out. On the flipside, it means that Microsoft's designs are saddled by needing to accommodate loads of legacy features, which leads to bloated designs with inconsistencies like mixed metaphors and cluttered UIs.

        The exact opposite is true with Apple. They're unafraid to leave behind customers who don't keep up, and they're unafraid to cut out features that they can't or don't want to fit into the latest version of their software. But it also means that they are able to polish the latest iThing to its utmost, providing a tight user experience that isn't held back by needing to fit in legacy features.

        Pick the one that appeals to you, or choose Linux, but don't fault Microsoft for not being Apple, or Apple for not being Microsoft. The two companies are cut from entirely different cloth, and it's for everyone's benefit that that's the case, since otherwise computing might be quite a bit more boring.

  • by DogDude (805747) on Friday January 10, 2014 @10:55AM (#45916325) Homepage
    That's some real troll-bait comparing Mac OS to Windows XP. There's really little similarity. Microsoft is discontinuing security patches for a 12 year old OS. Apple is discontinuing security updates for an 18 month old OS.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      ...and still, Microsoft is evil and Apple is cool...

    • by jeremyp (130771)

      There's no evidence that Apple has stopped providing security updates for older versions of OS X.

    • by kqs (1038910)

      It's even less similar than that, since Apple hasn't actually discontinued security updates. So it's bullshit all the way down.

      I'm amused how many people actually believed this article, though. Sometimes I wonder why the quality of journalism is so low, but then I realize that the journalists are giving us exactly what we want. Sigh.

    • Apple is discontinuing security updates for an 18 month old OS.

      Calling Mavericks a "new OS" is really something of a stretch. It is at best a modest revision of the previous version. When Apple does something as dramatic as the difference between XP and Vista or Windows 7 and Windows 8, then maybe it might be realistic to call it a new OS.

      • Depends on what you consider "new". If your criteria is that crucial things must break in between versions requiring new drivers, then it is not new like XP -> Vista. For the most part, the last several OS versions have more work done at the core level rather than a lot of new UI.

    • by kommakazi (610098)
      Some evidence to back this up? Thought so.
    • by UnknowingFool (672806) on Friday January 10, 2014 @11:43AM (#45916911)
      Apple isn't discontinuing security updates to Mountain Lion. Even in the link provided, Apple updated Safari just last month and updates to versions as old as Snow Leopard in October. Unlike MS, Apple doesn't have a regular patch Tuesday.
  • by MrMickS (568778) on Friday January 10, 2014 @10:57AM (#45916359) Homepage Journal

    Looking at the Apple update release page there hasn't been a Security Update since Mavericks was released so there is no evidence to support the assertion from Sophos.

    The last Security Update from Apple was 2013-004 and included updates for Snow Leopard, Lion, and Mountain Lion. Until Apple releases a security update that *only* targets Mavericks this is just Sophos FUD.

  • Well no wonder! (Score:2, Informative)

    by Anonymous Coward

    Mac OS was deprecated 12 years ago when OS X stepped in.

  • by MikeRT (947531) on Friday January 10, 2014 @11:09AM (#45916491) Homepage

    I have a 5.5 year old MBP and it runs Mavericks almost perfectly as well as it ran Leopard. The case for not upgrading to Mavericks if you have a x86 Mac that is the age of mine or newer is based almost entirely on being a curmudgeon who doesn't want someone telling him to just move onto the next version. The vast majority of the refuseniks are likely not savvy users objecting to the "iOSification" of MacOS X or something like that, but ordinary idiots who blink at you with a blank expression when you ask what version of OS X they use. "Huh? Macs haver versions?" Yeah. My wife and I have met a lot of casual Mac users who don't seem to understand that no, really, MacOS X has versions just like Windows and that using the same OS X that came with your Mac three or four years later is like saying "I don't need that service pack shit" on Windows.

    • by Malc (1751)

      My MBP is just about to turn six (and it's had almost as many batteries, but that's a different story). Mavericks breathes new life in to it because of memory compression. The 6GB RAM I've got in it just ain't enough anymore, but it doesn't hit the swap file as much as it did before.

    • A few people are stuck on 10.6 because they have PowerPC applications that won't ever be updated to x86.
  • by gman003 (1693318) on Friday January 10, 2014 @11:11AM (#45916523)

    I have an old, first-gen Mac Pro, which I use as a regular desktop. I tend to spend the bulk of my time in Windows, but I use OS X on occasion.

    For whatever reason, the firmware on it is for 32-bit systems, something Mountain Lion and now Mavericks does not support. I'm still running Lion because I don't care about their new features and don't want to risk breaking something trying to hack it into working. Getting 64-bit Windows onto the machine was difficult enough.

    So yeah, for me at least, it's because Apple doesn't want to give me security updates, not because I don't want to download them.

  • by drcagn (715012) on Friday January 10, 2014 @11:26AM (#45916679) Homepage

    For quite some time now, it's been Apple's policy to support the current OS release as well as the previous OS release. That means that since the release of Mavericks, they would be supporting Mavericks (current release) and Mountain Lion (previous release). But, this is also the first generation that the new OS 1) supports every machine that the previous release supported 2) is offered for completely free. So, practically speaking, there's very little reason to not just force all Mountain Lion users to upgrade to Mavericks to have support. However, I don't see any evidence on their page that they are even instating this policy? If they did, though, it would be very aggressive, but not really unremarkable for Apple.

  • by itsdapead (734413) on Friday January 10, 2014 @01:46PM (#45918495)

    Unfortunately Apple appears to have stopped providing security updates for older versions.

    A statement that is cast into severe doubt by the continuing appearance of security updates for older versions, like Safari 6.1.1 on December 16th, Apple Remote Desktop 3.5.4 on 22 October and the lack of any claim that Apple has stopped releasing security updates in the article they link to to support their claim that Apple has stopped releasing security updates. It does talk about some of the security updates in 10.9 - a couple of which are covered by those Safari and Remote Desktop updates. As for the rest, TFA doesn't take the trouble to actually establish whether they are fixes c.f. 10.8 or fixes for issues in the 10.9 beta that was widely released to developers - so neither will I.

    Now, is Apple maybe prioritising which security fixes it backports to 10.8 or earlier, and only bothering with the "OMG remote pwnage imminent" ones? Maybe. I will try and contain my fear.

  • by macshome (818789) on Friday January 10, 2014 @03:54PM (#45920033) Homepage
    Sophos says that the security updates have stopped for anything older than Mavericks, but the article they link to has updates for 10.7, 10,8, and 10.9 in it that are less than 30 days old.

    So I'm not sure how they are reading this that Apple isn't releasing updates.

2.4 statute miles of surgical tubing at Yale U. = 1 I.V.League

Working...