Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

max2020

macrumors newbie
Original poster
Mar 22, 2020
19
1
Hi, I got a cheap Macbook Pro 13 inch 2012 pre retina. It came with High Sierra, which ran REALLY slow. I reinstalled it and it was still very slow, so I tried installing Sierra and El Capitan, but it was the same, so I booted while pressing shift+option+cmd+r and it installed Mountain Lion, the original OS, and it flies! Also love the visuals... But the problem is, most programs require OS X 10.9 Mavericks or later :(... And I can't find a 10.9 installer anywhere. I've searched through the entire internet in search of the installer, but all I could find was update installers for 10.9.5, which tell me I need to have 10.9 Mavericks when I open them. Any idea on how to proceed? Do you have a Mavericks installer? If so, please let me know in the comments. Thank you for reading.
 
Hi, I got a cheap Macbook Pro 13 inch 2012 pre retina. It came with High Sierra, which ran REALLY slow. I reinstalled it and it was still very slow, so I tried installing Sierra and El Capitan, but it was the same, so I booted while pressing shift+option+cmd+r and it installed Mountain Lion, the original OS, and it flies! Also love the visuals... But the problem is, most programs require OS X 10.9 Mavericks or later :(... And I can't find a 10.9 installer anywhere. I've searched through the entire internet in search of the installer, but all I could find was update installers for 10.9.5, which tell me I need to have 10.9 Mavericks when I open them. Any idea on how to proceed? Do you have a Mavericks installer? If so, please let me know in the comments. Thank you for reading.
The problem isn't the operating system, it's the disk. Get yourself an SSD and install that, and even the newer operating systems will work well on this computer.
 
Yeah, the problem is that in my country SSDs are super expensive, and also now with the virus there is no shipping company working, so I need a quick solution so I can get the computer working today or in these days, so I can use it for work.
 
Yeah, the problem is that in my country SSDs are super expensive, and also now with the virus there is no shipping company working, so I need a quick solution so I can get the computer working today or in these days, so I can use it for work.
Depending on the work you're doing you'll want to be careful using such an old operating system due to the fact that there hasn't been any security updates provided for Mavericks in several years. If you've already "purchased" Mavericks, sign into the App Store and look for the installer in the purchased section.
 
Yeah, the problem is that in my country SSDs are super expensive, and also now with the virus there is no shipping company working, so I need a quick solution so I can get the computer working today or in these days, so I can use it for work.

Mavericks runs great on HDD. SSD works best with APFS which Mavericks does not support anyway.
 
Yeah, the problem is that in my country SSDs are super expensive, and also now with the virus there is no shipping company working, so I need a quick solution so I can get the computer working today or in these days, so I can use it for work.

Disregard the comment about "security risks". I'm running Mavericks and another even older macOS om MBP 2012 non-Retina without any dangers. The major security risks come from the mainstream companies like Google and Facebook even more than from bogeymen Hackers – your data is harvested by "trusted" companies at unimaginable rate and level, and your browser will be deemed incompatible sooner than you can say "Apple". Risk always exists with or without security patches so to align your workflows by just one criterion is not reasonable: the Internet is inherently the territory of risk. Also, in terms of productivity running old macOSes above Lion doesn't make any substantial difference (rather than much-talked-about "compatibility" and the hope that the developers fixed that disturbing bug) unless you're working in a production environment adjusted to high volume work with motion animation, cinematography or alike. Mavericks is truly beautiful, capable and user friendly OS even in 2020.
That being said, Retina mid2012 should run High Sierra and later as fine as any other older version Mavericks included. SSD is a must for running any modern macOS up to Catalina, so if your computer falls it's either an unknown hardware failure or software corruption. I doubt Retina had ever had hard drives as its main storage unit. What's your specs and is the battery healthy? In notebooks, the battery provides an additional boost for the Intel CPU, and what you're describing is as if the battery has been taken out.
 
Last edited:
  • Like
Reactions: otetzone
Disregard the comment about "security risks". I'm running Mavericks and another even older macOS om MBP 2012 non-Retina without any dangers.

I might take a more measured approach to this.

The risks are real. If a hacker wants to get into your machine, they'll have a much easier time if you're running Mavericks than if you were running a version that's getting security patches.

So the question is, are there hackers who want to get into your machine? Are the willing to spend time to get to you specifically? If not, you benefit from security through obscurity here.

However, make sure to run an updated web browser. On Mavericks in 2020, that means Mozilla Firefox. If you're like 99% of the population, you go to all sorts of websites on a daily basis. All of them are capable of running Javascript code, and if you're using an out-of-date web browser and an outdated OS, this means any website can exploit known vulnerabilities to do just about whatever they want on your machine. Having an up-to-date web browser ensures you have security somewhere in the chain.

But as long as your browser is up-to-date, you're not some big-shot CEO, and you don't open random attachments from spam emails, you should be totally fine.
 
I might take a more measured approach to this.

The risks are real. If a hacker wants to get into your machine, they'll have a much easier time if you're running Mavericks than if you were running a version that's getting security patches.

So the question is, are there hackers who want to get into your machine? Are the willing to spend time to get to you specifically? If not, you benefit from security through obscurity here.

However, make sure to run an updated web browser. On Mavericks in 2020, that means Mozilla Firefox. If you're like 99% of the population, you go to all sorts of websites on a daily basis. All of them are capable of running Javascript code, and if you're using an out-of-date web browser and an outdated OS, this means any website can exploit known vulnerabilities to do just about whatever they want on your machine. Having an up-to-date web browser ensures you have security somewhere in the chain.

As long as you're doing that, and you're not some big-shot CEO, and you don't open random PDFs from spam emails, you should be totally fine.

Hackers target (if any) the releases that have most users: for macOS it's usually the 2 last ones so theoretically the older OS the safer you're: I browsed the darkest corners with every old browser (Safari 5) until 2018 without any consequences and the most painful experience I had is that most sites would refuse to load: the sites that garner the biggest traffic are not Dark Web but the mainstream ones. However, being hacked is the same or (slightly greater at best) probability regardless of whether you have security updates or not and I think this narrative is a very lucrative spot for market assault teams to break customer's defence at (where Apple bests everyone), that's why they're touting it so fervently. It's a distortion field created for pushing new software because that's how the economy wheel is revolving. Psychologically, "beware hackers" is the same pattern as the current covid-19 hysteria where every death is counted as the death from COVID19. If you have bad luck, hackers will hack you anyway and don't forget that you're on the radar 24/7: govt and companies you've ever come in touch with have more data on you than you think. In a world where everyone has a personal ID, social security num., being so anxious about your online security doesn't have any sense.
"Cyberthreats" are code-writing exercises of security research experts. Software inherently is written with security holes and sure enough, an expert can find it, so what? Ask yourself, why Apple publishes on its site detailed information about patched security holes knowing that there're users on older OSes? If it's vulnerability then may it remain secret regardless even if mitigated.
I use computers not because of security just as I want to use Firefox over Safari not because it gets security updates but because it loads 100% of cites (otherwise would be using Safari) and I can sync every device with FF installed whereas "dear Apple" makes impossible to sync your history, bookmarks, tabs after like 2 years of dropping support: you can't sync Safari between Safari on Lion, Mavericks, High Sierra and mobile - you have to go with either Chrome or FF.
 
Last edited:
Ask yourself, why Apple publishes on its site detailed information about patched security holes knowing that there're users on older OSes?

That one is easy—disclosing vulnerabilities helps security researchers find similar problems on other systems, so it's almost universally considered to be in the public interest.

I browsed the darkest corners with every old browser (Safari 5) until 2018 without any consequences and the most painful experience I had is that most sites would refuse to load

I mean, that's like saying, "I smoked cigarettes and I'm still alive." And also, frankly, you don't know for sure that your computer isn't secretly a member of some botnet, although I agree its unlikely that you as a computer enthusiast wouldn't notice something amiss.

I think this narrative is a very lucrative spot for market assault teams to break customer's defense at, why they're so touting it. It's a distortion field created for pushing new software because that's how the economy wheel is revolving.

I completely agree that a lot of security hysteria is a convenient narrative for tech companies! I think it's telling for instance that Microsoft, who provides security-only patches to old "LTSC" Windows builds to corporations for ten years, won't provide those same patches to consumers. They want consumers to be forced to update, so that Microsoft can push their new web services more aggressively.

But, the most effective lies are the ones that have some truth to them! There are in fact huge botnets wrecking all sorts of havoc made up entirely of unpatched Windows machines, because those were the easiest to infect. Locks aren't useless just because a dedicated intruder can break down your door.

I'm not telling you not to run old OS's! That would be very hypocritical—I'm currently typing this on a Hackintosh machine I explicitly built last month for the purpose of running Mavericks, and it's been great!

I just think it's worth being a little bit cautious. Running an out-of-date web browser on an out-of-date OS is the equivalent of leaving the door to your house wide open. Even if you only go to widely-trafficked sites, they're still pulling in ads from who-knows-where—and even if you're blocking ads, consider that most sites today use literally thousands of Javascript libraries from all kinds of sources, and almost no developer has the time/money/inclination to individually check each library for malicious intent.

A little bit of caution never hurt anyone!
 
That one is easy—disclosing vulnerabilities helps security researchers find similar problems on other systems, so it's almost universally considered to be in the public interest.

If this information helps security researchers then why open it for everyone? So, you say that private communication channels used by those researchers to contact Apple work one way? That's what I meant by saying "Apple publishes".

I mean, that's like saying, "I smoked cigarettes and I'm still alive." And also, frankly, you don't know for sure that your computer isn't secretly a member of some botnet, although I agree its unlikely that you as a computer enthusiast wouldn't notice something amiss.

Of course. Everyone judges based on his/her own experience because otherwise where are we drawing our conclusions from? Also, smoking is a bad habit but not everyone who smokes dies from it. Actually, there're 1000s random causes. And if you haven't faced smth that other tens of 1000s haven't too (and I'm linked to believing they haven't) then we're talking about the naked Emperor effect.

You can think of any clear and present danger. But one facet of it - whether I suffered any tangible harm - I can discuss to the extent of legitimacy that isn't just an assumption: my bank account is intact - nothing to do with browsers and computers at all, that's my card issuer's security measures and 2FA. If I frequently used an officially unsupported browser on an old system it's not just my luck but, rather, a sampled experience that's reproducible. For banking, those SU are warranted. However, even if a hacker steals my data or seizes my machine then he won't gain anything and if it infects me, then so is the reality. Also, your ISP has a firewall that protects you: for this reason, any AV software is a waste of money and so are security patches by Apple: placebo. Also, remember that many cases of these sacred security patches issued by Apple caused their software to break like the famous FaceTime breaking in iOS6 (Apr 2014) which resulted in the lawsuit that was resolved yesterday in favour of Apple. Why can't I use FaceTime on Lion in 2020 with all the SU applied and why can I use Viber on Lion in 2020? Because Apple rolled out SU later for supported macOS not caring much about the rest - tiny minority - despite big words about "customer satisfaction".

In any case, we're talking about the accidents of marginal significance: even if something might happen doesn't mean it's worth investing efforts and money. Hackers hack. Sometimes they succeed, other times not but it's not as widespread and viral as media (acting as part of big corporations' promotional department) wants us to believe. Not feeling the negative impact is identical to not having it actually. From this POV it the fact that my Mac is a part of botnet bears the same weight as the possibility that I'm secretly abused by extra-terrestrials during my sleep.

Also, if those noble and advanced companies like Apple and MS care about security and well-being of the users so much why integrate payment information first into browsers (Safari 7+, macOS Mavericks) and then into macOS itself (Apple Pay, macOS Sierra and later)? You do realize that bringing this sensitive information closer to the territory of risk by baking it into the computer you increase the possibility of the data breach and financial losses? For the internet payment to be functional you need just two things: access to the Internet and the site of your bank. For in-place payments you need your card and the cashier. Apple Pay and Card info in the browser's settings is a fifth wheel in the chair.

But think of these viruses more: just like bio-viruses, they're not killers themselves. Your computer may catch one, two, ten: in reality, you'll feel slowdowns. My ex-girlfriend once said she "caught viruses", in her words, and then had her son "clean" her PC. Nothing sensitive was lost, and even then, one could scrutinize her understanding of what she meant by using the word combo "I caught a virus": maybe it was just weak hardware or driver issues? People often mischaracterize things they have a vague understanding about. Worms are those that are truly destructive but these are rare. Also, aren't we supposed to believe in the invincibility of Unix, smth to the effect of "when infected a Unix machine remains fully operational by isolating the infected segments while a Windows machine sinks"? And macOS is a Unix-like system, isn't it?

Also, what about Specter and Meltdown that supposedly lived at the CPU level for decades? How many people have read about that and forgotten by now? Why don't we hear any news about them, aside from scant pieces (3 years ago) of information that "companies released patches purported to mitigate these vulnerabilities as a workaround". Are those still inside or what? Were they even real or just another informational noise? So, Specter and Meltdown happily lived in the innards of Intel microchips and SU that had being released patched small holes leaving large openings untouched? Well, that's the security!

I completely agree that a lot of security hysteria is a convenient narrative for tech companies! I think it's telling for instance that Microsoft, who provides security-only patches to old "LTSC" Windows builds to corporations for ten years, won't provide those same patches to consumers. They want consumers to be forced to update, so that Microsoft can push their new web services more aggressively.

Which is what my point about prime candidates for intruders at the beginning was: on the macOS side it may be the newest OSes, on the Windows side it's everything from Windows 7 onwards (9/10 market share).
Caution is good but not when it grows into paranoia. Fear is the most effective and excellent way to control.
 
Last edited:
Just upgrade to Catalina - I have a 2012 15 inch MacBook Pro and it runs fine. Mavericks is old and no updates. I like experimentation and playing with older OS's.. right now, I AM TRYING to get OS 9 to install on a DLSD PowerBook G4 which someone told me on os9lives.com it can work. But, just use Catalina. It works.
 
The truth is somewhere in the middle. I do agree with some of the points of maverick28 and Wowfunhappy. In general, security updates are vital, you can't really even question this, because generally the fake pop-up "install this flash update" clickers and random clean-your-mac, shady app, .pkg installers will benefit from them every time. BUT if you know your way around you can use older OS, but there are other problems like compatibility, half of the stuff wont work.

Regarding security, I also don't think it's a big deal but you do have to be more careful whereas on later OS'es you could be more careless. There's various WiFi exploits and all kinds of holes that have been fixed over the years, Little Snitch would probably be of a little bit of help; installing unknown apps or pirated apps would be completely out of the question, if you're maximising your chances of being "clean". You're basically bare assed if you're on 8 year old abandoned OS, but I do think it's doable.

The thing that concerns me is out of date browsers, just like Wowfunhappy says

ll of them are capable of running Javascript code, and if you're using an out-of-date web browser and an outdated OS, this means any website can exploit known vulnerabilities to do just about whatever they want on your machine.

I wonder how serious is this and whether these exploits really could do whatever they want, somehow I doubt it. Majority of it would be adware and spam. More serious stuff would have to have some kind of installation accessing system files which is avoidable.

Ask yourself, why Apple publishes on its site detailed information about patched security holes knowing that there're users on older OSes?

Very obvious: transparency is the key, even if they're not publishing, it's out there anyway and if it's out you're better off knowing and updating ASAP. Older OS users aren't prioritised - all it matters that they've fixed the holes and you can easily update - they provide the solution to the problem, looking backwards isn't viable. Apple's always been about moving forward and ditching the legacy. I like that approach even though sometimes the "way forward" isn't what you'd like to be but the key is to keep moving. That's why Apple does what it does.


Hackers target (if any) the releases that have most users: for macOS it's usually the 2 last ones so theoretically the older OS the safer you're

That's very untrue, sure prime target is the most used version, but Mac OS 10.7 and macOS 10.15 is still MacOS at it's core, meaning probably 99% of exploits are backwards compatible, but 99% exploits for 10.7 won't work on 10.15 for obvious reasons.
 
Last edited:
BUT if you know your way around you can use older OS, but there are other problems like compatibility, half of the stuff wont work.

The core functionality still there and everything works as before, depending on your collection of apps. The stuff that doesn't usually related to the connection to the outside world: the default Apple's browser with traditionally awful support (only 3 years in total), webkit that's used by other services (iTunes Store). This is inconvenience but it's not caused by hackers, it causes by Apple. And if we talk about "older OSes that's not Apple's priority" then we already acknowledge the point is not security but marketing.

There's various WiFi exploits and all kinds of holes that have been fixed over the years, Little Snitch would probably be of a little bit of help; installing unknown apps or pirated apps would be completely out of the question, if you're maximising your chances of being "clean". You're basically bare assed if you're on 8 year old abandoned OS, but I do think it's doable.

If unknown apps is this "allow to install from anywhere" option then all apps that are not installed via MAS may potentially be "harmful". 70% of my apps on old systems are not from MAS, I've installed them (up to this day, 2020 year) from everywhere, including trackers when the version from the developer wasn't available or development suspended - no issues whatsoever if you know where to look: BTW, the main torrent sites are comprised of people interested in the same things, and it's for this reason some tracker sites regulate torrents quite restrictively. So, in reality, pirated software ≠ safety less, it's just EULA breach: software manufacturers interested in intimidating people into not downloading from those illegal sources, hence, the myth of pirated software being the #1 (2, or 3) the source of hacker attacks and malware. From the POV of infecting your OS, Adobe and Microsoft are more malicious than any pirated app.
Pop-up windows pop up in every browser and the instinct tells me when it's safe and when it's not. Adblockers such as Adguard take care of that just fine. Even an old Adguard version is capable and other than that I have yet to see what else could harm me.

Not that I download without looking into the app's contents, of course: I use Pacifist. See, I'm cautious.

The thing that concerns me is out of date browsers, just like Wowfunhappy says

That concerns me too, and not because of security but being unable to load sites. That's all to it.

Majority of it would be adware and spam.

Correct. And if majority would be adware and spam (that I hardly remember has ever been the case in my experience) then why worry about minority? S*t happens.


More serious stuff would have to have some kind of installation accessing system files which is avoidable.

I agree: avoid Adobe, Quark and Microsoft at all costs. You'll be shocked to see how much components these apps install into your system folders, including so-called "hidden files" with the names bearing no identifiable connection to those applications - if you look at them you don't know their purpose - and for some 'strange' reason Adobe uninstallers leave a lot of these files in place. And, of course, Adobe is a "trusted" company, no worries here (sarcasm).


That's very untrue, sure prime target is the most used version, but Mac OS 10.7 and macOS 10.15 is still MacOS at it's core, meaning probably 99% of exploits are backwards compatible, but 99% exploits for 10.7 won't work on 10.15 for obvious reasons.

Untrue based on what data available? Also, please, read my post #10 regarding the answer to the "transparency" argument and prioritisation is not the point.

Very obvious: transparency is the key, even if they're not publishing, it's out there anyway and if it's out you're better off knowing and updating ASAP. Older OS users aren't prioritised - all it matters that they've fixed the holes and you can easily update - they provide the solution to the problem, looking backwards isn't viable. Apple's always been about moving forward and ditching the legacy. I like that approach even though sometimes the "way forward" isn't what you'd like to be but the key is to keep moving. That's why Apple does what it does.

What if one cannot "easily update" because the machine is not supported? Also, 'Apple's always been about moving forward' is not relevant to the whole security topic. And with the "what you'd like it to be" thing, then what's the philosophical point of using their hardware anyway (if the company does what you do not like) and the existence of Apple as a business entity? Every user thinks about not Apple's ways but his/her own. I don't care about Apple's mission and vision, and other quasi-idealistic junk Apple pushes in their marketing agenda - these are unnecessary concepts in everyday use of electronics.
 
Last edited:
I wonder how serious is this and whether these exploits really could do whatever they want, somehow I doubt it.

You absolutely can, by chaining exploits together. Consider, it was really just a few years ago that we had an iOS Jailbreak which worked from within Safari (totally-not-spyware, for iOS 10). It wasn't the first of its kind, and won't be the last.

Step back for a moment and consider what this means. iOS Jailbreaks require modifying the kernel, which is nearly the highest privileged level there is. So by doing nothing more than visiting a web page, you gave a total stranger the ability to do anything on your device. A malicious version of totally-not-spyware could install whatever software they wanted, and hide it so you couldn't tell. And a skilled programmer could absolutely adapt these exploits for macOS.

Now, whether anyone would take the time to do so is another matter—I'm not aware of anything anything in the wild which attempts to gain kernel access to old macOS via a web browser. But then again, you don't need kernel access to do damage.

I'll continue to maintain that running an an old browser and an old OS in combination is a bad idea—especially when Mozilla makes an up-to-date browser readily available. Being cautious about which applications you install is relatively easy and natural, but on the web it's a lot harder.

To be sure, it also depends on what's on your machine. If you have a vintage Mac OS 9 machine lying around and you want to screw around with Internet Explorer, by all means go ahead. Personally though, with the office closed due to COVID-19, this Mavericks computer is my work machine. Nothing we do is particularly sensitive, but I need to take reasonable precautions.
 
Consider, it was really just a few years ago that we had an iOS Jailbreak which worked from within Safari (totally-not-spyware, for iOS 10). It wasn't the first of its kind, and won't be the last.

Step back for a moment and consider what this means. iOS Jailbreaks require modifying the kernel, which is nearly the highest privileged level there is. So by doing nothing more than visiting a web page, you gave a total stranger the ability to do anything on your device. A malicious version of totally-not-spyware could install whatever software they wanted, and hide it so you couldn't tell. And a skilled programmer could absolutely adapt these exploits for macOS.

So, that exploit happened several years ago? Even your memory tells you such things do not happen on a daily basis otherwise your sentence would contain "several days" or "several minutes ago". If the practical effect is that rare then a question arises: is it viable to invest so much time and money in defeating statistically insignificant harmful events? Is it possible to arm oneself against every possible virus, lock everything down while hindering the UX?
It's the same premise the proponents of strong measures against COVID use: shut everything down and don't show up anywhere despite the fact that humanity lives with viruses millennia and social distancing is making the immunity system weaker, not stronger: a virus is not destructive per se, it's not a disease; the more people are infected the stronger herd immunity gets, and only elders and those with severe underlining conditions need to be quarantined.
I'm sure there's statistics of plane crashes, road accidents, bricks falling on the passersby's head where unexpected: does that mean we should be anxious about traveling by plane, car and going out and take every precaution [to translate security into the routine life that would be: refusing to travel, and wearing a heavy diving suit on your way to the shopping mall]?
So, why such fuss over security? Do the big actors really care about our security? Where profit-making is involved I'm not so sure and they're not your best friends. It means every means is justified. I suspect that even the security updates to the newer macOSes are nothing more than placebo and are not that protective as you might think they are.

NB. Of course, I use Firefox. I need the site A to load because Safari fails. "Other considerations non-essential".
I use Safari too, especially where Firefox is slower.
 
...Maverick28, I honestly don't understand why you're coming at this so hard when we 95% agree with each other! I am also very frustrated by the "update or you will literally die" narrative.

I just think that (a) the risks very much aren't zero, and thus (b) a small degree of caution is caution is warranted. Since you mentioned car accidents—I don't think we should unilaterally ban cars from the road because they lack, say, side-curtain airbags†, but I also think people should wear seat belts!

---

† Car people, please excuse me if side curtain airbags were the wrong example, I know nothing about cars! Hopefully the point was clear.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.