Is it still secure to use Snow Leopard?

The ONLY web browser that is “current” enough to risk using on the Internet is the Firefox ESR 45.9 version.

Firefox ended the ESR version for OS X 10.6.8 at 45.9 and it has NOT been updated since May of this year.

It will no longer be updated for OS X 10.6-10.8.

Firefox Extended Support Release FAQ — Mozilla

Finding that particular 45.9 version of the Mozilla Firefox ESR could prove problematic, now!

You waited waaay too long to look for alternative web browsers.

Safari for OS X 10.6.8 is hopelessly out of date, and the last full Mozilla Firefox version compatible with OS X 10.6.8 is nearing 3 years old, now!

OR

Another Alternative to check out.

Look at and try SeaMonkey.

http://www.seamonkey-project.org/

What Mac are you using.

Can you install any other OS X version?

If yes, depending on your year and model Mac, purchase an external FW800 hard drive and install an updated Mac OS version on the external drive and, again, if your Mac is capable of running newer Mac OSes, you can boot your Mac to run off of this FW800 hard drive and run the newer OS for times when you need to be using a more secure web browser.

Why are all these audio studio engineers, in your area, STILL running a 9 year old Mac OS with 7,8,9 year old audio software?

I am running my 2009 iMac from an external FW800 connected SSD drive!

It is verry fast for a FW800 connection.

Safe from what? Apple still produces security updates for Snow Leopard. Their information indicates what is provided. Apple Security Update 2014-004 was the last such update for Snow Leopard.

To the extent that Snow Leopard can be included Apple will continue to update security.

As for general security there aren't that many areas of concern. However, you can always use ClamXav 2.7.4 to scan your system. It is updated almost daily, runs under Snow Leopard, and is unlikely to cause any system related problems like so many other AV products. And, it is freeware. You can use it to scan manually or to scan automatically.

Helpful Links Regarding Malware Problems

If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide and AdwareMedic.

Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.

The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.

Fix Some Browser Pop-ups That Take Over Safari.

Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.

Quit Safari

Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.

Relaunch Safari

If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.

This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.

An excellent link to read is Tom Reed's Mac Malware Guide.

Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.

See these Apple articles:

Mac OS X Snow Leopard and malware detection

OS X Lion- Protect your Mac from malware

OS X Mountain Lion- Protect your Mac from malware

OS X Mavericks- Protect your Mac from malware

About file quarantine in OS X

If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)

From user Joe Bailey comes this equally useful advice:

The facts are:

1. There is no anti-malware software that can detect 100% of the malware out there.

2. There is no anti-malware that can detect everything targeting the Mac.

3. The very best way to prevent the most attacks is for you as the user to be aware that

the most successful malware attacks rely on very sophisticated social engineering

techniques preying on human avarice, ****, and fear.

4. Internet popups saying the FBI, NSA, Microsoft, your ISP has detected malware on

your computer is intended to entice you to install their malware thinking it is a

protection against malware.

5. Some of the anti-malware products on the market are worse than the malware

from which they purport to protect you.

6. Be cautious where you go on the internet.

7. Only download anything from sites you know are safe.

8. Avoid links you receive in email, always be suspicious even if you get something

you think is from a friend, but you were not expecting.

9. If there is any question in your mind, then assume it is malware.

Your Safari version is out of date and shouldn't be used except for casual browsing of known safe sites.

macintoshJake wrote:

Since Apple has stopped supporting Snow Leopard, is it still secure to use it?

Yes and no.

Yes, because most of the Mac malware that has appeared recently doesn't work on Snow Leopard. So, by using such an old system, hackers have to go to extra effort to support it, and often don't bother. It's sort of an increasing "security through obscurity" situation as fewer and fewer people still use Snow Leopard.

No, because there are vulnerabilities in Snow Leopard that have never been patched. This means that if you stumble across the wrong thing online, or if you become the target of an attack aimed specifically at you, you could become a victim.

The best bet would be to eventually migrate away from dependence on Snow Leopard. I realize that can be hard to do when you're dependent on expensive legacy hardware, however, it's still important to do as soon as practically possible. The longer you remain dependent on such old hardware, the more likely it will be that you will end up with some kind of hardware failure and difficulty finding sufficiently old replacement hardware that is in decent shape.

In the meantime, it would be best to keep this machine air-gapped if possible (ie, not connected to any network), and if you must connect it to the network, be cautious about what you do with it.

FWIW, Snow, though unsupported by Apple for security updates for quite some time, is still receiving XProtectupdates. Latest was 2/13/15. However, keep in mind that XProtect is far from comprehensive, has limitations, and won't protect you (at least directly) from unpatched OS vulnerabilities.

To protect yourself, although I don't know how serious a vulnerability this is, you may want to stop using Apple Mail (relies on WebKit updates for security patches, which used to arrive regularly with Safari updates, and Safari hasn't been updated in Snow for a very long time). And for a browser, use Firefox, which is still being updated and patched regularly for Snow. Or maybe Google Chrome, if you can get past the widely held suspicion that Chrome is a serious privacy invader (by sending your data back to Google). The jury is still out on that one. I've never seen any conclusive evidence that this is true. It is true though that Google search collects your search hits, but there are ways that this can be prevented.

Another option would be to keep using Snow for those apps which require it, and create a second partition (if you have enough room on the internal drive or on an external drive) and run Mountain Lion there. Still supported (but maybe not for that much longer) available for purchase from Apple. Or, if you have enough RAM try 10.10 Yosemite (free). Or move Snow to an external drive and boot to that for those apps, while staying offline.

You might want to do this if you haven't already.

Snow Leopard users: Turn off automatic date and time in System Preferences immediately

From that thread:

https://drive.google.com/folderview?id=0BxQCbeIgpA2uVjFiN1h4bGZNQ2c&usp=sharing (besides the NTP patch, includes fix for shellshock/bash exploit in Snow Leopard--haven't used this one, so can't directly vouch for it, but everything from flatsixracer appears to be completely above board. I have been using his NTP Rev 4 patch).

Or (and requires Xcode 3.2 or 3.2.6)

http://www.macissues.com/2014/12/24/how-to-manually-patch-ntp-for-os-x-10-6-and- 10-7/

Kappy, I'm glad I checked here for some answers and I think you've helped me. But, if I may, I'd like to run this by you just for my own sanity. I can't afford cable tv, (or any tv for that matter) so, for years I've been watching tons of tv shows on two sites: Project-Freetv and Couchtuner. Never had any problems other than three annoying pop-ups at the beginning of watching a program. I just hit the red button at the top and they go away....then, easy watching tv. I've never, ever downloaded a tv show nor did I ever upgrade java, media player or flashplayer unless I went directly to the official site...never, ever from a request that pops up. NOW, every day, no matter what I do, I try to watch a tv show and I get those screens you describe that won't go away unless I hold the button down, completely shut down and reboot. But once again, back at the sites.....I'm shut out of it. Last night a new pop-up said...'The last site you visited has given you a virus...click on (go) to remove it". Of course, I didn't click on anything because, like you said about calling phone numbers they suggest, I didn't trust it. Does it sound like I have a real virus from the last pop-up. And is there any way, (if I don't have a virus) to avoid these annoying threats? I use Safari as a browser and I have a macbook from about 7 years ago. Sorry to bother you, but I'm an old lady with no computer experience and this is my only means of entertainment as I'm mostly homebound with an autoimmune disease. I appreciate anything you can tell me and I apologize if I've been a bother. Thank you.

Those sites are illegal. Any time a site online offers something for free that costs everyone else money, it involves theft of some kind. As such, using them exposes you to all manner of badness. If you're doing this on a computer running Snow Leopard - which is what this topic is about - you're playing an electronic version of Russian roulette.