Relative "safety" and "security" of non-upgradable Mac OS?

[Madhatter32]

Considering that OCLP disables the SIP and patches with an old version of Wifi -- the best that can be said is that the vulnerabilities are different, not necessarily greater or less.

For a good read on OCLP security check out: https://forums.macrumors.com/threads/security-for-oclp-opencore-legacy-patcher.2406586/page-9

My pleasure. Check out the above referenced thread for more information.

 

[MacinMan]

No one here suggested running a newer version of macOS in a Virtual Machine. Keep Monterey for the official hardware support, use non critical apps in Monterey, install Sonoma in a VM (best balance between support, and performance for VMWare Fusion 13.5.2 (latest supported on Monterey), and run the critical apps in the VM. You have the supported host install, and macOS VMs are supported by Apple on a Mac. So, you have a supported configuration vs OCLP.
Also, you can enable ParaVirtualization in the VM for improved performance, and metal support in the VM. Adjusting some graphical settings in the guest such as reduce motion, may also increase performance. I have the same iMac, and am considering switching from Sequoia back to Monterey, and setting up a VM for newer stuff that aren't intense graphically, and run fine in a VM. About a running VMs though, one of the lower tier iMacs with a 1TB fusion drive wont work as well due to having a smaller SSD. So, I recommend the 2TB fusion, or 3TB, or dedicated SSD for best performance. Also when I bought my iMac I had VMs in mind, so I upgraded from the stock 8 GB RAM to 32 GB using 2 16 GB Curtial mac RAM upgrade kits from amazon, much cheaper than buying through Apple.

I'm also making this reccomendation because of the nature of how OCLP patches, and on certain macs core graphics functionality can be slightly broken, depending on the tasks. There are certain limitations in VMs as well, but at least if you have Monterey as the host, you can still install Windows 11 in a VM, and use 3D acceleration, and have a current OS, if you'd rahter have a Wimndows VM over a macOS one. Linux fits the bill too.

I've followed the OCLP threads for a while, and I've used it myself for a while as well, and while I have minimal issues with it, the ones highlighted above are factors I've condiered. The other thing is, as agressivly Apple has started pushing upgrades, I don't see Apple any better than Microsoft these days, and the only real options to be sure of a stable system, and you want, or need macOS, is either get a new Mac, or run an older Mac with the last supported OS, and use VMs for newer stuff. That way you'll be sure that Apple won't force an unsupported update and brick your computer. If you don't need macOS use Linux, if it will work in your setup.

 

[MarineBand5524]

My MB Pro is running Monterey 12.7.6 which will no longer be updated and it cannot run newer versions of iOS. I'm going to replace it as there is some software I want to use that requires at least iOS 16 and I can get a decent trade in.

My question however regards my iMac, also running Monterey. I don't need to run the new software on my iMac and its speed is fine for what my wife and I use it for, so I would like to just keep on going with it. However, I came across a thread on another forum and several folks claiming to be IT professionals said that no computer should be used after the OS is no longer getting regularly updated due to "security issues." The iMac does get www exposure and is used for banking so it needs to be secure (I do realize that in all situations "security" is a relative thing, not an absolute).

Do I need to move on from the iMac, or were these "IT pros" probably focusing on the PeeCee world and I'm good staying with the iMac? Thanks!

If you have a brand new Mac or older that can no longer update, there are issues. Since you have OS12+ you def should no matter what use a VPN to encrypt traffic at home or out and about. I use NordVPN.

I have a MBP that stopped at 11 something so I need to figure out a way to get 12 or newer on it so I can run my VPN to stay secure.

At some point things/apps will stop being able to update, that's when I'd upgrade. Of course everything will run and do what you want, it all depends on what you'll do with it.

 

[chrfr]

If you have a brand new Mac or older that can no longer update, there are issues. Since you have OS12+ you def should no matter what use a VPN to encrypt traffic at home or out and about. I use NordVPN.

VPNs don’t provide security. All NordVPN is doing is hiding your internet activity from your internet provider and obscuring your location and actual IP address to sites you visit. Using a VPN is not a substitute for keeping software and operating systems up to date.

 

[MarineBand5524]

VPNs don’t provide security. All NordVPN is doing is hiding your internet activity from your internet provider and obscuring your location and actual IP address to sites you visit. Using a VPN is not a substitute for keeping software and operating systems up to date.

Yes, install and run a reputable VPN 100%. It won’t make your old Mac “secure” again, but it dramatically reduces the day-to-day risks you actually face when browsing, especially outside your home network.

Yes — a VPN still helps a lot with privacy and safety on an old, unsupported Mac (e.g., macOS 10.15 Catalina, 11 Big Sur, 12 Monterey, or anything that can’t run Sequoia 15 or later), but it does NOT fix the missing security patches. Here’s the realistic breakdown:

What a VPN actually protects on an old Mac
Hides your real IP from websites and trackers
Encrypts your traffic on public Wi-Fi (coffee shops, airports, hotels)
Prevents your ISP from seeing what sites you visit,
Stops snooping on unencrypted websites (HTTP)
Bypasses some geo-blocks and censorship.

What a VPN does NOT protect against
Malware, ransomware, drive-by downloads (which is why I run Antivirus etc)
Zero-day exploits that Apple no longer patches
Phishing, malicious apps, fake software updates
Browser vulnerabilities in old Safari versions (use a different Browser like The Brave Browser)
Local network attacks (evil twin Wi-Fi still sees you connect)

Yes — you should absolutely still run a VPN on an unsupported Mac. It’s one of the single biggest privacy/safety improvements you can make when the OS itself is no longer getting security fixes.

It turns a “very risky” setup into a “reasonably safe for everyday browsing” setup — especially on public Wi-Fi.

 

[gilby101]

What a VPN actually protects on an old Mac
Hides your real IP from websites and trackers
Encrypts your traffic on public Wi-Fi (coffee shops, airports, hotels)
Prevents your ISP from seeing what sites you visit,
Stops snooping on unencrypted websites (HTTP)
Bypasses some geo-blocks and censorship.

What a VPN does NOT protect against
Malware, ransomware, drive-by downloads (which is why I run Antivirus etc)
Zero-day exploits that Apple no longer patches
Phishing, malicious apps, fake software updates
Browser vulnerabilities in old Safari versions (use a different Browser like The Brave Browser)
Local network attacks (evil twin Wi-Fi still sees you connect)

What in that list shows that a VPN is of more importance (maybe essential) on older macOS?

Yes — you should absolutely still run a VPN on an unsupported Mac. It’s one of the single biggest privacy/safety improvements you can make when the OS itself is no longer getting security fixes.

No - using a VPN is not a panacea for using old macOS - based on your own lists.

There are good reasons to use a VPN, but they apply equally to new and old macOS.