9 Replies Latest reply: Dec 16, 2013 8:14 AM by etresoft
Aceattack Level 1 Level 1 (10 points)

Hello dear community members,

 

I am a bit concerned about my OS X installation being vulnerable to known security threats which may not have been patched. Also came across an article:

http://www.zdnet.com/os-x-mountain-lion-users-no-more-security-updates-700002232 2/

 

What are your thoughts on this and how are you handling this issue?

 

I can not upgrade my mac to Mavericks because I need to use some software which is only compatible with Mountain Lion.


OS X Mountain Lion (10.8.5)
  • Kappy Level 10 Level 10 (252,470 points)

    How can any computer not be vulnerable to unpatched security problems? In time they get patched. Apple provides up to date protections through XProtect, its behind the scenes Anti Malware protection.

     

    It's sort of meaningless unless you have something on your computer that requires security beyond that provided by your hardware router and/or OS X firewall.

  • Aceattack Level 1 Level 1 (10 points)

    Thanks for the prompt reply.

     

    Basically, what bothered me was the thought that the only option I had to continue receiving the updates was to upgrade to Mavericks. Many think that since it is a free upgrade, I should simply upgrade instead of complain.

     

    Would be happy to know if there is any info on how long Apple will continue to support Mountain Lion. My estimate based on Snow Leopard is at least till 2015 (~ 3 years on average).

     

    Please correct me if I'm wrong and if there is any information available on OS X Lifecycle support.

  • Kappy Level 10 Level 10 (252,470 points)

    I really don't know the answer. Your estimate is probably as good as any. In any event we are likely to lose Lion support first.

  • etresoft Level 7 Level 7 (26,560 points)

    Aceattack wrote:

     

    I need to use some software which is only compatible with Mountain Lion.

    Such as?

     

    If your software is incompatible with Mavericks, then your best bet would be to find a substitute. It is not Apple's repsonsilbity to ensure 3rd party compatibility. All Apple can do is warn people years in advance when they plan to change something. If 3rd party vendors never bother to listen, you really shouldn't be depending on them.

  • Aceattack Level 1 Level 1 (10 points)

    What I meant was is software that does not support Mavericks (at least at this point of time).

     

    Such as? Appgate (http://tech.cryptzone.com/appgate_security_server/supported/), eToken client (last time I checked was not supported as well)

     

    This is a show stopper for me because of my work.

     

    It is not Apple's responsibility to ensure 3rd party compatability however the concern was that Apple continue to support and provide security fixes for old OS X versions rather than force people to upgrade just because Mavericks is a free upgrade.

  • Kappy Level 10 Level 10 (252,470 points)

    Where were you forced to upgrade? Did someone twist your arm to upgrade to Mavericks? If your critical software wasn't compatible, then why did you upgrade to Mavericks?

     

    Apple has always provided security updates for past software until that software is declared obsolete and unsupported. The is not the case for Snow Leopard and later. The last Leopard security update was in Sep. 2012.

  • Aceattack Level 1 Level 1 (10 points)

    Kappy wrote:

     

    Where were you forced to upgrade? Did someone twist your arm to upgrade to Mavericks? If your critical software wasn't compatible, then why did you upgrade to Mavericks?

     

    Apple has always provided security updates for past software until that software is declared obsolete and unsupported. The is not the case for Snow Leopard and later. The last Leopard security update was in Sep. 2012.

     

    Please read carefully. I never said I upgraded to Mavericks. (I installed on a separate partition and checked my software)

     

    Not providing critical security fixes is equally bad as twisting somebody's arm and forcing to upgrade to be secure. Concerns which were raised in the article I added to my original post. Whether those concerns are valid or not, we shall see when the next update comes.

     

    There are still bugs out there (e.g. audio loss after wake up from sleep) which need to be fixed. the bug doesn't exist in Mavericks but has yet to be resolved in Mountain Lion (already we're in 10.8.5). What does that show? Where do the priorities lie for Apple and what is expected from the customer?

  • Kappy Level 10 Level 10 (252,470 points)

    If you considered things logically, then it is not in Apple's best interest to alienate customers. Equally, Apple has a responsibility to shareholders to make profits. You as a consumer are not forced to buy a company's products. That is purely your decision. If that company or its products are no longer aligned with your needs or goals, then you are free to vote with your feet and buy something else.

     

    No company is obligated to continue supporting old and obsolete products. However, that doesn't mean anything sinister. It simply means it's more profitable to stop the support and try to encourage customers to buy newer products from them.

  • etresoft Level 7 Level 7 (26,560 points)

    Aceattack wrote:

     

    It is not Apple's responsibility to ensure 3rd party compatability however the concern was that Apple continue to support and provide security fixes for old OS X versions rather than force people to upgrade just because Mavericks is a free upgrade.

    But Mavericks is a free upgrade. And any Mac that runs Mountain Lion will also run Mavericks.

     

    It is standard procedure to discontinue support for old products. I will quote the AppGate on the topic:

    Important note: End of Life AppGate Version 9*

    After due consideration, Cryptzone is declaring End of Life (EOL) on AppGate Security Server v9.x This became effective on October 30, 2013. Full support will continue to be provided for AppGate Security Server v9.x up until the end of Q2 2014 After this time any customers wishing to continue to receive support and updates must move to version 10.x (or newer). Most customers have already migrated, but if you have any still on this version please work with them to migrate to version 10.x.

    Why is it acceptable for one company to stop supporting an old product but unacceptable for another? And why do I suspect that the AppGate upgrade is not free?

     

    If you depend on AppGate and eToken and those products do not run on Mavericks, you should be asking why. Like all developers, they have had access to Mavericks since early June. What was so radically different about Mavericks that takes over 7 months get working? Either they aren't very committed to the platform or they really don't know how to write OS X software. Considering that the product seems to be Java-based, I suspect both.

     

    That is an interesting conundrum that is pretty typical for enterprise customers. You are running an old OS version without security updates because you depend on 3rd party security software that depends on 4th party Java software proven to be one of the last major malware conduits. And people wonder why these enterprise servers are always the ones to get hacked and hand over 45 million customer records.

     

    I feel your pain. I only recently updated my work machine to Mountain Lion due to similar enterprise security issues. Our market-leading antivirus vendor that protects us against the latest zero-day malware was unaware or just didn't care that Apple had released a new OS. And I'm talking about Lion! I have similar problems with my Java-based Juniper VPN. The Apple-provided VPN works fine, as it always has. And I can't really do without my Mac because I need it to develop on when my Linux servers with 24x7 on-site support from IBM and Oracle are out of commision for 4 months. Apple is not the cause of either of our problems.