Is my OS X Mountain Lion installation vulnerable to security threats?

How can any computer not be vulnerable to unpatched security problems? In time they get patched. Apple provides up to date protections through XProtect, its behind the scenes Anti Malware protection.

It's sort of meaningless unless you have something on your computer that requires security beyond that provided by your hardware router and/or OS X firewall.

I really don't know the answer. Your estimate is probably as good as any. In any event we are likely to lose Lion support first.

Aceattack wrote:

I need to use some software which is only compatible with Mountain Lion.

Such as?

If your software is incompatible with Mavericks, then your best bet would be to find a substitute. It is not Apple's repsonsilbity to ensure 3rd party compatibility. All Apple can do is warn people years in advance when they plan to change something. If 3rd party vendors never bother to listen, you really shouldn't be depending on them.

Where were you forced to upgrade? Did someone twist your arm to upgrade to Mavericks? If your critical software wasn't compatible, then why did you upgrade to Mavericks?

Apple has always provided security updates for past software until that software is declared obsolete and unsupported. The is not the case for Snow Leopard and later. The last Leopard security update was in Sep. 2012.

If you considered things logically, then it is not in Apple's best interest to alienate customers. Equally, Apple has a responsibility to shareholders to make profits. You as a consumer are not forced to buy a company's products. That is purely your decision. If that company or its products are no longer aligned with your needs or goals, then you are free to vote with your feet and buy something else.

No company is obligated to continue supporting old and obsolete products. However, that doesn't mean anything sinister. It simply means it's more profitable to stop the support and try to encourage customers to buy newer products from them.

Aceattack wrote:

It is not Apple's responsibility to ensure 3rd party compatability however the concern was that Apple continue to support and provide security fixes for old OS X versions rather than force people to upgrade just because Mavericks is a free upgrade.

But Mavericks is a free upgrade. And any Mac that runs Mountain Lion will also run Mavericks.

It is standard procedure to discontinue support for old products. I will quote the AppGate on the topic:

Important note: End of Life AppGate Version 9*

After due consideration, Cryptzone is declaring End of Life (EOL) on AppGate Security Server v9.x This became effective on October 30, 2013. Full support will continue to be provided for AppGate Security Server v9.x up until the end of Q2 2014 After this time any customers wishing to continue to receive support and updates must move to version 10.x (or newer). Most customers have already migrated, but if you have any still on this version please work with them to migrate to version 10.x.

Why is it acceptable for one company to stop supporting an old product but unacceptable for another? And why do I suspect that the AppGate upgrade is not free?

If you depend on AppGate and eToken and those products do not run on Mavericks, you should be asking why. Like all developers, they have had access to Mavericks since early June. What was so radically different about Mavericks that takes over 7 months get working? Either they aren't very committed to the platform or they really don't know how to write OS X software. Considering that the product seems to be Java-based, I suspect both.

That is an interesting conundrum that is pretty typical for enterprise customers. You are running an old OS version without security updates because you depend on 3rd party security software that depends on 4th party Java software proven to be one of the last major malware conduits. And people wonder why these enterprise servers are always the ones to get hacked and hand over 45 million customer records.

I feel your pain. I only recently updated my work machine to Mountain Lion due to similar enterprise security issues. Our market-leading antivirus vendor that protects us against the latest zero-day malware was unaware or just didn't care that Apple had released a new OS. And I'm talking about Lion! I have similar problems with my Java-based Juniper VPN. The Apple-provided VPN works fine, as it always has. And I can't really do without my Mac because I need it to develop on when my Linux servers with 24x7 on-site support from IBM and Oracle are out of commision for 4 months. Apple is not the cause of either of our problems.