macintoshJake

Q: Is it still secure to use Snow Leopard?

Hi,

 

I use a 2008 MacBook running Snow Leopard for audio recording work. I have to use the old MacBook and Snow Leopard because of compatibility issues with drivers for some of my recording equipment.

 

Since Apple has stopped supporting Snow Leopard, is it still secure to use it?

 

Thank you,

 

- Jake

MacBook, Mac OS X (10.6.8), White

Posted on Feb 20, 2015 11:34 AM

Close

Q: Is it still secure to use Snow Leopard?

  • All replies
  • Helpful answers

Page 1 of 3 last Next
  • by Kappy,

    Kappy Kappy Feb 20, 2015 11:34 AM in response to macintoshJake
    Level 10 (271,133 points)
    Desktops
    Feb 20, 2015 11:34 AM in response to macintoshJake

    Safe from what? Apple still produces security updates for Snow Leopard. Their information indicates what is provided. Apple Security Update 2014-004 was the last such update for Snow Leopard.

  • by macintoshJake,

    macintoshJake macintoshJake Feb 20, 2015 11:37 AM in response to Kappy
    Level 1 (1 points)
    Feb 20, 2015 11:37 AM in response to Kappy

    Kappy,

     

    Thanks for your reply.

     

    I meant is it safe from being compromised because of the lack of security updates.

     

    I was under the impression that Apple no longer produces security updates for Snow Leopard.

     

    - Jake

  • by Kappy,Helpful

    Kappy Kappy Feb 20, 2015 11:42 AM in response to macintoshJake
    Level 10 (271,133 points)
    Desktops
    Feb 20, 2015 11:42 AM in response to macintoshJake

    To the extent that Snow Leopard can be included Apple will continue to update security.

     

    As for general security there aren't that many areas of concern. However, you can always use ClamXav 2.7.4 to scan your system. It is updated almost daily, runs under Snow Leopard, and is unlikely to cause any system related problems like so many other AV products. And, it is freeware. You can use it to scan manually or to scan automatically.

     

    Helpful Links Regarding Malware Problems

     

    If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide and AdwareMedic.

     

    Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.

     

    The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.

     

    Fix Some Browser Pop-ups That Take Over Safari.

     

    Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.

     

    Quit Safari

     

    Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.

     

    Relaunch Safari

     

    If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.

     

    This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.

     

    An excellent link to read is Tom Reed's Mac Malware Guide.

    Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.

    See these Apple articles:

     

      Mac OS X Snow Leopard and malware detection

      OS X Lion- Protect your Mac from malware

      OS X Mountain Lion- Protect your Mac from malware

      OS X Mavericks- Protect your Mac from malware

      About file quarantine in OS X

     

    If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)

     

    From user Joe Bailey comes this equally useful advice:

     

    The facts are:

     

    1. There is no anti-malware software that can detect 100% of the malware out there.

    2. There is no anti-malware that can detect everything targeting the Mac.

    3. The very best way to prevent the most attacks is for you as the user to be aware that

         the most successful malware attacks rely on very sophisticated social engineering

         techniques preying on human avarice, ****, and fear.

    4. Internet popups saying the FBI, NSA, Microsoft, your ISP has detected malware on

        your computer is intended to entice you to install their malware thinking it is a

        protection against malware.

    5. Some of the anti-malware products on the market are worse than the malware

        from which they purport to protect you.

    6. Be cautious where you go on the internet.

    7. Only download anything from sites you know are safe.

    8. Avoid links you receive in email, always be suspicious even if you get something

        you think is from a friend, but you were not expecting.

    9. If there is any question in your mind, then assume it is malware.

  • by QuickTimeKirk,Helpful

    QuickTimeKirk QuickTimeKirk Feb 20, 2015 11:43 AM in response to macintoshJake
    Level 9 (53,161 points)
    Feb 20, 2015 11:43 AM in response to macintoshJake

    Your Safari version is out of date and shouldn't be used except for casual browsing of known safe sites.

  • by thomas_r.,

    thomas_r. thomas_r. Feb 20, 2015 12:40 PM in response to macintoshJake
    Level 7 (30,924 points)
    Mac OS X
    Feb 20, 2015 12:40 PM in response to macintoshJake

    macintoshJake wrote:

     

    Since Apple has stopped supporting Snow Leopard, is it still secure to use it?

     

    Yes and no.

     

    Yes, because most of the Mac malware that has appeared recently doesn't work on Snow Leopard. So, by using such an old system, hackers have to go to extra effort to support it, and often don't bother. It's sort of an increasing "security through obscurity" situation as fewer and fewer people still use Snow Leopard.

     

    No, because there are vulnerabilities in Snow Leopard that have never been patched. This means that if you stumble across the wrong thing online, or if you become the target of an attack aimed specifically at you, you could become a victim.

     

    The best bet would be to eventually migrate away from dependence on Snow Leopard. I realize that can be hard to do when you're dependent on expensive legacy hardware, however, it's still important to do as soon as practically possible. The longer you remain dependent on such old hardware, the more likely it will be that you will end up with some kind of hardware failure and difficulty finding sufficiently old replacement hardware that is in decent shape.

     

    In the meantime, it would be best to keep this machine air-gapped if possible (ie, not connected to any network), and if you must connect it to the network, be cautious about what you do with it.

  • by WZZZ,

    WZZZ WZZZ Feb 21, 2015 6:02 AM in response to macintoshJake
    Level 6 (13,112 points)
    Mac OS X
    Feb 21, 2015 6:02 AM in response to macintoshJake

    FWIW, Snow, though unsupported by Apple for security updates for quite some time, is still receiving XProtect updates. Latest was 2/13/15.  However, keep in mind that XProtect is far from comprehensive, has limitations, and won't protect you (at least directly) from unpatched OS vulnerabilities.

     

    To protect yourself, although I don't know how serious a vulnerability this is, you may want to stop using Apple Mail (relies on WebKit updates for security patches, which used to arrive regularly with Safari updates, and Safari hasn't been updated in Snow for a very long time). And for a browser, use Firefox, which is still being updated and patched regularly for Snow. Or maybe Google Chrome, if you can get past the widely held suspicion that Chrome is a serious privacy invader (by sending your data back to Google). The jury is still out on that one. I've never seen any conclusive evidence that this is true. It is true though that Google search collects your search hits, but there are ways that this can be prevented.

     

    Another option would be to keep using Snow for those apps which require it, and create a second partition (if you have enough room on the internal drive or on an external drive) and run Mountain Lion there. Still supported (but maybe not for that much longer) available for purchase from Apple. Or, if you have enough RAM try 10.10 Yosemite (free). Or move Snow to an external drive and boot to that for those apps, while staying offline.

  • by Eric Root,

    Eric Root Eric Root Feb 21, 2015 6:34 AM in response to macintoshJake
    Level 9 (71,487 points)
    iTunes
    Feb 21, 2015 6:34 AM in response to macintoshJake
  • by WZZZ,

    WZZZ WZZZ Feb 21, 2015 7:29 AM in response to Eric Root
    Level 6 (13,112 points)
    Mac OS X
    Feb 21, 2015 7:29 AM in response to Eric Root

    From that thread:

     

    https://drive.google.com/folderview?id=0BxQCbeIgpA2uVjFiN1h4bGZNQ2c&usp=sharing  (besides the NTP patch, includes fix for shellshock/bash exploit in Snow Leopard--haven't used this one, so can't directly vouch for it, but everything from flatsixracer appears to be completely above board. I have been using his NTP Rev 4 patch).

     

    Or (and requires Xcode 3.2 or 3.2.6)

     

    http://www.macissues.com/2014/12/24/how-to-manually-patch-ntp-for-os-x-10-6-and- 10-7/

  • by shortygiz,

    shortygiz shortygiz Feb 21, 2015 10:23 AM in response to Kappy
    Level 1 (0 points)
    Feb 21, 2015 10:23 AM in response to Kappy

    Kappy, I'm glad I checked here for some answers and I think you've helped me.  But, if I may, I'd like to run this by you just for my own sanity.  I can't afford cable tv, (or any tv for that matter) so, for years I've been watching tons of tv shows on two sites: Project-Freetv and Couchtuner.  Never had any problems other than three annoying pop-ups at the beginning of watching a program.  I just hit the red button at the top and they go away....then, easy watching tv.  I've never, ever downloaded a tv show nor did I ever upgrade java, media player or flashplayer unless I went directly to the official site...never, ever from a request that pops up.  NOW, every day, no matter what I do, I try to watch a tv show and I get those screens you describe that won't go away unless I hold the button down, completely shut down and reboot.  But once again, back at the sites.....I'm shut out of it.  Last night a new pop-up said...'The last site you visited has given you a virus...click on (go) to remove it".  Of course, I didn't click on anything because, like you said about calling phone numbers they suggest, I didn't trust it.  Does it sound like I have a real virus from the last pop-up.  And is there any way, (if I don't have a virus) to avoid these annoying threats?  I use Safari as a browser and I have a macbook from about 7 years ago.  Sorry to bother you, but I'm an old lady with no computer experience and this is my only means of entertainment as I'm mostly homebound with an autoimmune disease.  I appreciate anything you can tell me and I apologize if I've been a bother.  Thank you.

  • by thomas_r.,

    thomas_r. thomas_r. Feb 21, 2015 10:48 AM in response to shortygiz
    Level 7 (30,924 points)
    Mac OS X
    Feb 21, 2015 10:48 AM in response to shortygiz

    Those sites are illegal. Any time a site online offers something for free that costs everyone else money, it involves theft of some kind. As such, using them exposes you to all manner of badness. If you're doing this on a computer running Snow Leopard - which is what this topic is about - you're playing an electronic version of Russian roulette.

  • by macintoshJake,

    macintoshJake macintoshJake Feb 21, 2015 5:07 PM in response to Kappy
    Level 1 (1 points)
    Feb 21, 2015 5:07 PM in response to Kappy

    Kappy,

     

    I currently have no reason to suspect that I have any malware etc.... I have read the Mac Malware Guide, and it has some great info in it. Kudos to Tom for taking the time to maintain a website dedicated to the matter of maintaining a safe Mac. I use ClamAv on all of my systems, even Windows and Linux systems, but on Mac systems I use the Sentry feature. I also never use an Admin account on any of my systems. If I need Admin permissions then I simply use sudo.

     

    I appreciate you taking the time to post such an informative reply. Thanks for sharing the links as well; I will definitely check them out.

     

    - Jake

  • by macintoshJake,

    macintoshJake macintoshJake Feb 21, 2015 5:08 PM in response to Eric Root
    Level 1 (1 points)
    Feb 21, 2015 5:08 PM in response to Eric Root

    Eric,

     

    Thanks for the tip!

     

    - Jake

  • by macintoshJake,

    macintoshJake macintoshJake Feb 21, 2015 5:19 PM in response to thomas_r.
    Level 1 (1 points)
    Feb 21, 2015 5:19 PM in response to thomas_r.

    Tom,

     

    Thank you for replying. The MacBook is old, but it still runs like a charm! However, I see your reasoning concerning the hardware. Macs truly do last a long time.

     

    When you say to keep it off of a network, do you mean my home network with internet access?

     

    - Jake

  • by thomas_r.,

    thomas_r. thomas_r. Feb 21, 2015 8:14 PM in response to macintoshJake
    Level 7 (30,924 points)
    Mac OS X
    Feb 21, 2015 8:14 PM in response to macintoshJake

    macintoshJake wrote:

     

    When you say to keep it off of a network, do you mean my home network with internet access?

     

    Yup, any kind of internet. Technically, it's probably not going to hurt if you stay on your home network and only check e-mail, but anything more than that exposes you to potential risk. It's a small risk, though, as Snow Leopard market share will only drop with time, but it's nonetheless a non-zero risk. It would be much higher risk if someone knowledgeable, or with a lot of resources to hire someone knowledgeable, had reason to attack you specifically and knew you were still running Snow Leopard.

Page 1 of 3 last Next