Relative "safety" and "security" of non-upgradable Mac OS?

[tm3]

My MB Pro is running Monterey 12.7.6 which will no longer be updated and it cannot run newer versions of iOS. I'm going to replace it as there is some software I want to use that requires at least iOS 16 and I can get a decent trade in.

My question however regards my iMac, also running Monterey. I don't need to run the new software on my iMac and its speed is fine for what my wife and I use it for, so I would like to just keep on going with it. However, I came across a thread on another forum and several folks claiming to be IT professionals said that no computer should be used after the OS is no longer getting regularly updated due to "security issues." The iMac does get www exposure and is used for banking so it needs to be secure (I do realize that in all situations "security" is a relative thing, not an absolute).

Do I need to move on from the iMac, or were these "IT pros" probably focusing on the PeeCee world and I'm good staying with the iMac? Thanks!

 

[kschendel]

Are you saying that your iMac can't run a newer Mac OS version? You might want to check out the subforums here that talk about running newer versions of Mac OS on older hardware. What exactly do you have?

To some extent, this is a "do I feel lucky?" thing. You might get away with it, you might find your machine being co-opted into some sort of bot network, or worst case your banking data is stolen and your account emptied, or ID stolen, or other serious problems. The worse outcomes are probably unlikely, however there's no good way to quantify "unlikely". Being on a Mac probably reduces your exposure some, simply because fewer attackers / script kiddies will be targeting Macs. It doesn't eliminate your exposure by any means.

 

[Bigwaff]

It does come down to your computing activities. For general computing activities I think the risk is overhyped. Monterey isnt the issue, it would be the browser. Using a browser that still receives updates is key. As long as you stick to reputable sights, you’ll be fine.

 

[jzuena]

As with anything security related, the answer is “it depends”. If it was a laptop that you take with you and use outside your house, you need to upgrade to keep ahead of the latest threats. If the hardware isn’t able to run a supported version of MacOS (one that still receives security updates, not necessarily new feature updates) then it should be retired. If your home network has a good firewall (not just the one on the Mac, since it isn’t getting updated either) and your iMac is at least running a web browser that is receiving security patches, it might be okay. That is a better indicator when the machine is no longer safe to connect to the internet than just the OS version. The browser is the first thing being attacked, so it needs to be up to date.

I personally would relegate the iMac to only running local software and do web browsing (especially banking) from a newer machine.

 

[throAU]

My MB Pro is running Monterey 12.7.6 which will no longer be updated and it cannot run newer versions of iOS. I'm going to replace it as there is some software I want to use that requires at least iOS 16 and I can get a decent trade in.

My question however regards my iMac, also running Monterey. I don't need to run the new software on my iMac and its speed is fine for what my wife and I use it for, so I would like to just keep on going with it. However, I came across a thread on another forum and several folks claiming to be IT professionals said that no computer should be used after the OS is no longer getting regularly updated due to "security issues." The iMac does get www exposure and is used for banking so it needs to be secure (I do realize that in all situations "security" is a relative thing, not an absolute).

Do I need to move on from the iMac, or were these "IT pros" probably focusing on the PeeCee world and I'm good staying with the iMac? Thanks!

Depends how paranoid you are - Monterey isn't TOO bad yet, but I'd look into hacking a more recent OS onto it.

If you don't, OS libraries will eventually fall behind; you'll definitely want to switch to a browser other than safari if you stay on old macOS to continue to get browser security updates.

 

[throAU]

As long as you stick to reputable sights, you’ll be fine.

Problem is, even safe reputable sites sometimes get compromised. As you say though the browser being secure is critical.

 

[tm3]

Excellent info, thanks so much everyone!

Are you saying that your iMac can't run a newer Mac OS version? You might want to check out the subforums here that talk about running newer versions of Mac OS on older hardware. What exactly do you have?

Late 2015 iMac running Monterey 12.7.6. It is my understanding that Apple will provide no more updates, and that my machine cannot run any OS later than this (but I may be wrong).

It does come down to your computing activities. For general computing activities I think the risk is overhyped. Monterey isnt the issue, it would be the browser. Using a browser that still receives updates is key. As long as you stick to reputable sights, you’ll be fine.

I use Brave browser, and keep up with all of the updates. I'm certainly open to changing browsers if there is a more secure option, and especially if it would allow me to keep "safely" using this iMac. I think we are pretty good about practicing "safe browsing" as the iMac is and would be used for email, various forums, shopping, stuff like that in addition to online banking.

Depends how paranoid you are - Monterey isn't TOO bad yet, but I'd look into hacking a more recent OS onto it.

If you don't, OS libraries will eventually fall behind; you'll definitely want to switch to a browser other than safari if you stay on old macOS to continue to get browser security updates.

I had never heard of hacking a newer OS until now and I will definitely look into it.

What browser(s) do you consider the most secure? I almost never use Safari, usually Brave but I really don't have a strong preference for any particular one.

Thanks again! I realize that there is no pat answer as it is relative. One of my hangups is a tendency to use stuff as long as feasible (I just sold a 26 year old car) and I hate to abandon the iMac that works great but maybe I just need to get over that.

 

[Madhatter32]

It comes down to risk tolerance. The best practice from a security point of view is to use the most current version of the OS, which is maximally protected even beyond just one iteration behind. Short of that, the risk increases -- even if slightly. For a non-supported OS, you should accept certain risks exist and use your machine with risk mitigation in mind. First thing to do, as others have mentioned, is to stop using Safari (which is not supported) and use the most recent version of another browser -- like Firefox, for example, that is supported. A current browser will help to protect you from that vector of attack. However, other vectors still leave you vulnerable to intrusion -- like using old software, using flash drives, user error, etc.

Are these high probability events? No. But risk does exist and are you willing to be the exception? How do you use your machine? Do you handle confidential information? Are you willing to learn and use risk mitigation techniques to lower the risk?

 

[kschendel]

You might be able to run Sequoia on that machine using the Open Code Legacy Patcher (see https://forums.macrumors.com/threads/macos-15-sequoia-on-unsupported-macs-thread.2428654/). Whether you can run it without some graphics glitches depends on the precise hardware you have; "Late 2015" covers a number of different configurations.

Do of course take a full backup before attempting anything of that nature, just in case something goes wrong.

 

[Madhatter32]

You might be able to run Sequoia on that machine using the Open Code Legacy Patcher (see https://forums.macrumors.com/threads/macos-15-sequoia-on-unsupported-macs-thread.2428654/). Whether you can run it without some graphics glitches depends on the precise hardware you have; "Late 2015" covers a number of different configurations.

Do of course take a full backup before attempting anything of that nature, just in case something goes wrong.

This thread is about "safety" and "security." OCLP is a good way to upgrade old Macs to a more current OS to keep them functional, but it is not a good solution to address "safety" and "security."

 

[kschendel]

This thread is about "safety" and "security." OCLP is a good way to upgrade old Macs to a more current OS to keep them functional, but it is not a good solution to address "safety" and "security."

It's also about an iMac that can't be officially be upgraded to current Mac OS versions, leaving the user vulnerable to security bugs that may be present in Monterey but fixed in later versions. Keeping the OS (and OS-bundled software like Safari) current certainly is part of addressing safety and security; it's not solely about features.

 

[Madhatter32]

It's also about an iMac that can't be officially be upgraded to current Mac OS versions, leaving the user vulnerable to security bugs that may be present in Monterey but fixed in later versions. Keeping the OS (and OS-bundled software like Safari) current certainly is part of addressing safety and security; it's not solely about features.

Yes, true, OCLP allows you to run a current OS but it presents its own "safety" and "security" vulnerabilities from a risk assessment perspective, which is what I understood the OP to be asking about -- per the title of the thread.

 

[gilby101]

I don't need to run the new software on my iMac and its speed is fine for what my wife and I use it for, so I would like to just keep on going with it

Keep on doing so. But you can do things to reduce risk. Like:
1) Use a browser which continues to get updates - you are already doing that.
2) Avoid new software from uncertain places - you are doing that too!
3) Use browser (or macOS wide) blocking software. I use AdGuard for Mac which, in spite of its name, is about blocking access to tracking and malware sites as well as ads.
4) You might want to consider using an "anti-virus" product, but is likely not necessary. Perhaps occasional scans with the free version of Malwarebytes to give some peace of mind.

As an aside, you may start to find that Apple Mail no longer works well with some mail providers (e.g. Microsoft). In which case you will have to use the browser interface to those mail providers.

Regarding updating with OCLP, I would recommend against that unless you have skills and willingness to address booting issues whenever they occur - most likely after system updates..

 

[Nermal]

My MB Pro is running Monterey 12.7.6 which will no longer be updated and it cannot run newer versions of iOS. I'm going to replace it as there is some software I want to use that requires at least iOS 16 and I can get a decent trade in.

Hang on, a MacBook Pro can't run iOS at all. No Mac apps will require iOS 16, and they also won't require MacOS 16 (it doesn't exist yet). What exactly are you trying to accomplish here?

 

[throAU]

This thread is about "safety" and "security." OCLP is a good way to upgrade old Macs to a more current OS to keep them functional, but it is not a good solution to address "safety" and "security."

I'd suggest that running a more recent OS via OCLP is a far better idea security wise than staying on Monterey or earlier.

No it won't be as secure as a new Mac, and it relies on third party software you may or may not trust, but versions of macOS that are unsupported have known, exploited security holes in them.

We've yet to hear about security backdoors, etc. in OCLP but we 100% know and have documentation on the flaws in say, Monterey - via CISA, Full-disclosure list, etc.

Again - if you want to be as secure as you can the answer is simple: buy a new(er) Mac with a supported OS or change OS to Linux to continue getting updates.

But OCLP is better than not upgrading your OS at all. You will at least get up to date fixes for safari, mail, and all the frameworks that any internet facing application you run will be using.

 

[KaliYoni]

Do I need to move on from the iMac, or were these "IT pros" probably focusing on the PeeCee world and I'm good staying with the iMac?

Unfortunately, there is no single answer to this question. A lot depends on what is stored on your computer and how you use your computer. I'd say any computer used for business purposes, especially storage of any client information, needs to be on one of the versions of macOS that is officially supported by Apple. Next, I think any personal machine that is used with or stores any information that would be severely damaging to you if lost or stolen, including financial details and sensitive photos and videos, should either be kept fully up to date or completely disconnected from the Internet.

My own Mac security strategy is centered around risk management, not predictions of bad actors' behavior. I prefer spending some time up front–and money if justified–to minimize the possibility of having to deal with the fallout of an attacker putting viruses or malware on my computer. I view staying up-to-date plus anti-virus and anti-malware software as a form of insurance. Yes, it sucks that I need it but I feel that having it lets me sleep better than not having it.

Also, we are all human and we make mistakes, especially when we are in a rush, distracted, or tired. Relying on constant vigilance as sole protection requires perfection. I don't think any of us can reach that standard very often, especially with something that is constantly changing and morphing.

 

[Madhatter32]

I'd suggest that running a more recent OS via OCLP is a far better idea security wise than staying on Monterey or earlier.

No it won't be as secure as a new Mac, and it relies on third party software you may or may not trust, but versions of macOS that are unsupported have known, exploited security holes in them.

We've yet to hear about security backdoors, etc. in OCLP but we 100% know and have documentation on the flaws in say, Monterey - via CISA, Full-disclosure list, etc.

Again - if you want to be as secure as you can the answer is simple: buy a new(er) Mac with a supported OS or change OS to Linux to continue getting updates.

But OCLP is better than not upgrading your OS at all. You will at least get up to date fixes for safari, mail, and all the frameworks that any internet facing application you run will be using.

Considering that OCLP disables the SIP and patches with an old version of Wifi -- the best that can be said is that the vulnerabilities are different, not necessarily greater or less.

For a good read on OCLP security check out: https://forums.macrumors.com/threads/security-for-oclp-opencore-legacy-patcher.2406586/page-9

 

[throAU]

I had never heard of hacking a newer OS until now and I will definitely look into it.

What browser(s) do you consider the most secure? I almost never use Safari, usually Brave but I really don't have a strong preference for any particular one.

I couldn't think of the software at the time I posted, but yes I was referring to OpenCore Legacy Patcher. I'm running Sequoia on my 2013 Mac Pro just fine with it.

As far as browsers go - personal preference, just so long as it is getting updates. Safari on supported versions of macOS is fine. Brave is fine so long as they still support your OS with new updates.

Eventually though once Apple stops supporting a version of MacOS the third party browsers will also eventually drop support, and even if the updated browser is installed on the old OS, it may still be vulnerable if it is incorporating frameworks from the base OS that have bugs in them.

e.g. Lets say that hypothetically Brave is patched but it is playing a maliciously crafted video and the older version of macOS has a bug in the video codec (or the underlying network code in the OS) - you could get compromised in that way.

 

[throAU]

Considering that OCLP disables the SIP and patches with an old version of Wifi -- the best that can be said is that the vulnerabilities are different, not necessarily greater or less.

Yeah that's fair, as I said above, it won't be as secure as a new Mac. but most of the internet facing stuff - the OS frameworks, safari, mail, etc. will be more up to date.

Ultimately the real solutions are:

• buy a newer Mac with update support
• migrate to linux on your existing hardware, assuming linux supports it.

neither option is great, OCLP is a less disruptive compromise.

 

[Appleminded]

My MB Pro is running Monterey 12.7.6 which will no longer be updated and it cannot run newer versions of iOS. I'm going to replace it as there is some software I want to use that requires at least iOS 16 and I can get a decent trade in.

My question however regards my iMac, also running Monterey. I don't need to run the new software on my iMac and its speed is fine for what my wife and I use it for, so I would like to just keep on going with it. However, I came across a thread on another forum and several folks claiming to be IT professionals said that no computer should be used after the OS is no longer getting regularly updated due to "security issues." The iMac does get www exposure and is used for banking so it needs to be secure (I do realize that in all situations "security" is a relative thing, not an absolute).

Do I need to move on from the iMac, or were these "IT pros" probably focusing on the PeeCee world and I'm good staying with the iMac? Thanks!

Just don’t put anything of value in it. It will, with time, become less and less secure. A very known example was when Windows XP stopped receiving updates. Look up that story as it is pretty old by now, and you can judge by yourself if you’re willing to run the risk or not.
If it’s not connected to the internet, it doesn’t matter.

 

[tm3]

Again, great comments, all. I'm really glad that I brought the question here.

It comes down to risk tolerance.

Are these high probability events? No. But risk does exist and are you willing to be the exception?

Key point, and bottom line is I do not think that the risk (even small) is trumped by the cost of the upgrade and/or my personal feelings re abandoning "still working" hardware.

Unfortunately, there is no single answer to this question. A lot depends on what is stored on your computer and how you use your computer. I'd say any computer used for business purposes, especially storage of any client information, needs to be on one of the versions of macOS that is officially supported by Apple. Next, I think any personal machine that is used with or stores any information that would be severely damaging to you if lost or stolen, including financial details and sensitive photos and videos, should either be kept fully up to date or completely disconnected from the Internet.

My own Mac security strategy is centered around risk management, not predictions of bad actors' behavior. I prefer spending some time up front–and money if justified–to minimize the possibility of having to deal with the fallout of an attacker putting viruses or malware on my computer. I view staying up-to-date plus anti-virus and anti-malware software as a form of insurance. Yes, it sucks that I need it but I feel that having it lets me sleep better than not having it.

Also, we are all human and we make mistakes, especially when we are in a rush, distracted, or tired. Relying on constant vigilance as sole protection requires perfection. I don't think any of us can reach that standard very often, especially with something that is constantly changing and morphing.

The more I think about it I realize that the bolded above is where I want to land. Plus, I have to consider that the other user of the machine (wife) is not as computer-literate or careful as I am.

Thanks again for helping me sort this out!

 

[mentaluproar]

If it's talking to other things (like being online) then yes, it is critical that it be running a supported OS. If it's isolated from other things and just sitting here alone, it's fine.

If this is an old Intel Mac, consider throwing some form of linux on that. It's free, it does the thing, it gets support. It just wont dont apple-specific things anymore if you go that route, like run macOS apps or talk to iMessage.

 

[Mr.Fox]

My MB Pro is running Monterey 12.7.6 which will no longer be updated and it cannot run newer versions of iOS. I'm going to replace it as there is some software I want to use that requires at least iOS 16 and I can get a decent trade in.

My question however regards my iMac, also running Monterey. I don't need to run the new software on my iMac and its speed is fine for what my wife and I use it for, so I would like to just keep on going with it. However, I came across a thread on another forum and several folks claiming to be IT professionals said that no computer should be used after the OS is no longer getting regularly updated due to "security issues." The iMac does get www exposure and is used for banking so it needs to be secure (I do realize that in all situations "security" is a relative thing, not an absolute).

Do I need to move on from the iMac, or were these "IT pros" probably focusing on the PeeCee world and I'm good staying with the iMac? Thanks!

I'm surprised no one's suggested switching to a typewriter. Safe and the ringing of a bell is a nice touch. And you can send everything by pigeon.
Of course, you can continue to use the computer. If you don't want to update the operating system, you can update the software as long as it is supported.