MP 1,1-5,1 Security threat due to not upgrading to supported OSX

[2kvfr800]

Om
Running a mid 2010 Mac Pro 5,1 12 core 3.46mhz processors, Mojave, 128 ram with parallels and Win 10.
been contemplating the security risks of using my Mac Pro online.. as it is not receiving any security updates, in a time where apple is strongly encouraging everyone to update their devices.

What are the real risks of not updating, and is it worth the risk to update to a MacOs that is receiving updates, or do I need to be on Ventura to be fully protected?

Thanks

 

[h9826790]

Om
Running a mid 2010 Mac Pro 5,1 12 core 3.46mhz processors, Mojave, 128 ram with parallels and Win 10.
been contemplating the security risks of using my Mac Pro online.. as it is not receiving any security updates, in a time where apple is strongly encouraging everyone to update their devices.

What are the real risks of not updating, and is it worth the risk to update to a MacOs that is receiving updates, or do I need to be on Ventura to be fully protected?

Thanks

TBH, the main threat is still the user, not lack of security update.

As long as you use your computer with displine, not going to any random high risk site, won't click on the link from an unknown source email...... Then IMO, Mojave isn't that bad. Some people still using Snow Leopard indeed. That's 10 years older than your current OS build. And still very OK for most of them.

Of course, having backup, zip your sensitive personal data with password, etc can always help to avoid security issue (or more easy to recover).

Interestingly, nowadays, it seems "ransome lock" is a bigger problem than "someone stealing personal data from your computer". So, assuming your aren't any popular person, which can easily be the target (or many people willing to pay high price to buy your personal data). Then I believe keep using Mojave won't be a big security issue.

Anyway, if you want to keep security level up to date, you better go OpenCore + unpatched Monterey. This setup allow you to turn on almost any available security feature on the cMP.

On the other hand, Ventura need to be patched to run on cMP, this is already a security risk.

 

[th0masp]

Yup, I don't see the risk of running unsupported much either, at least as long as you are not operating a server. Perhaps with the exception of using a really old browser - there do seem to be some attack vectors with those. But as long as you are not stuck on Safari that shouldn't be an issue.

The rest of the security threat mainly seems to come from the liability sitting in front of the monitor and depending heavily on how easily you can be tricked into installing malware.

My rule of thumb is to only update the OS if it brings features that directly improve my end user experience. Seems to have worked out well through the years. I think the last virus I caught was on the Amiga 500 and spread through my game collection from a disc I swapped with a guy from school, so... 👳‍♂️

 

[bmoraski]

TBH, the main threat is still the user, not lack of security update.

As long as you use your computer with displine, not going to any random high risk site, won't click on the link from an unknown source email...... Then IMO, Mojave isn't that bad. Some people still using Snow Leopard indeed. That's 10 years older than your current OS build. And still very OK for most of them.

Of course, having backup, zip your sensitive personal data with password, etc can always help to avoid security issue (or more easy to recover).

Interestingly, nowadays, it seems "ransome lock" is a bigger problem than "someone stealing personal data from your computer". So, assuming your aren't any popular person, which can easily be the target (or many people willing to pay high price to buy your personal data). Then I believe keep using Mojave won't be a big security issue.

Anyway, if you want to keep security level up to date, you better go OpenCore + unpatched Monterey. This setup allow you to turn on almost any available security feature on the cMP.

On the other hand, Ventura need to be patched to run on cMP, this is already a security risk.

Yup, I don't see the risk of running unsupported much either, at least as long as you are not operating a server. Perhaps with the exception of using a really old browser - there do seem to be some attack vectors with those. But as long as you are not stuck on Safari that shouldn't be an issue.

The rest of the security threat mainly seems to come from the liability sitting in front of the monitor and depending heavily on how easily you can be tricked into installing malware.

My rule of thumb is to only update the OS if it brings features that directly improve my end user experience. Seems to have worked out well through the years. I think the last virus I caught was on the Amiga 500 and spread through my game collection from a disc I swapped with a guy from school, so... 👳‍♂️

Agreed. And don't stick that disk or thumb drive in your machine. You don't know where it has been. lol

 

[avro707]

Om
Running a mid 2010 Mac Pro 5,1 12 core 3.46mhz processors, Mojave, 128 ram with parallels and Win 10.
been contemplating the security risks of using my Mac Pro online.. as it is not receiving any security updates, in a time where apple is strongly encouraging everyone to update their devices.

What are the real risks of not updating, and is it worth the risk to update to a MacOs that is receiving updates, or do I need to be on Ventura to be fully protected?

Thanks

You can use Opencore and go to Monterey 12.6.3 or 12.6.4 (beta).

 

[2kvfr800]

Would the same logic be applied to updating a late 2013 MBP?

 

[m1maverick]

As long as you use your computer with displine, not going to any random high risk site, won't click on the link from an unknown source email...... Then IMO, Mojave isn't that bad. Some people still using Snow Leopard indeed. That's 10 years older than your current OS build. And still very OK for most of them.

While I understand the spirit in which this was said one has to remember that websites, especially through advertising, can "go" to other websites to obtain content. Those third-party web sites could be compromised resulting in your system being compromised.

This is not to say I recommend against using a computer with discipline nor using one that is no longer receiving security updates (I have a lot of older Macs which fall into this category, I just don't use them for important things like banking). This is just to say that even disciplined users can become compromised even though they're avoiding high risk sites.

 

[MrScratchHook]

Would the same logic be applied to updating a late 2013 MBP?

yes same logic. now if your worried about being hacked in mojave you can unplug from the internet(nobody wants to do that) or go to big sur that still has security protection, even monterey. the biggest thing is don't let apple scare you into being on ventura for the most protection. if you use credit cards online you are still protected from fraud by the credit company you just have to file a report and you'll get your money back and if you use a debit card just make sure not to keep large amounts on that card so the theft will be minimal and you'll still get your money back. most importantly don't install anything that looks fishy or too good to be true. you should be fine.

 

[th0masp]

While I understand the spirit in which this was said one has to remember that websites, especially through advertising, can "go" to other websites to obtain content. Those third-party web sites could be compromised resulting in your system being compromised.

Perhaps I should add to my caveats posted above what to me is second nature - never to use a web browser - old or recent - in its 'vanilla' state. Always with at least uBlock and NoScript active and only the legit sounding servers let through (that excludes quite a number of servers linked to FAANG corporations for me). As well as undesirable browser behaviour turned off.

I have an entirely separate browser/user-profile for stock trades and banking and use Safari only as a throwaway-testing environment for sites that simply won't accept my combination of Javascript and ad-blockers. That's always a shock to see the web unfiltered. No idea how people don't jump out of windows if they have to use it like that regularly.

That's btw. entirely independent of any OS level security concerns for me.

 

[2kvfr800]

Perhaps I should add to my caveats posted above what to me is second nature - never to use a web browser - old or recent - in its 'vanilla' state. Always with at least uBlock and NoScript active and only the legit sounding servers let through (that excludes quite a number of servers linked to FAANG corporations for me). As well as undesirable browser behaviour turned off.

I have an entirely separate browser/user-profile for stock trades and banking and use Safari only as a throwaway-testing environment for sites that simply won't accept my combination of Javascript and ad-blockers. That's always a shock to see the web unfiltered. No idea how people don't jump out of windows if they have to use it like that regularly.

That's btw. entirely independent of any OS level security concerns for me.

what web browser do you use? what combo of add blockers are you using? you mentioned Ublock and NoScript are those the ones you are talking about?

Whats your opinion on the DuckDuckgo browser?

 

[2kvfr800]

Anyone here have any experience setting up a IOT network? Currently I'm using my Guest network but problem is I apps the controls the devices on the guest network can't see the device, door lock, robot vaccume, roku etc..

 

[th0masp]

what web browser do you use? what combo of add blockers are you using? you mentioned Ublock and NoScript are those the ones you are talking about?

Whats your opinion on the DuckDuckgo browser?

I use Firefox with the two aforementioned addons as well as one to shut up popup windows and I have no opinion at all on the DuckDuckGo browser, sorry. Never even heard of it before. There's also Brave and probably a few others that are or at least claim to be built around privacy and/or security.

Firefox is my go-to since forever (since when it was advertised as being lean enough compared to other browsers at the time that you could distribute it on a 3.5 inch floppy disc). It's not quite that lean anymore but at this point it's a habit. Even on the phone.

 

[KaliYoni]

What are the real risks of not updating, and is it worth the risk to update to a MacOs that is receiving updates, or do I need to be on Ventura to be fully protected?

Unfortunately, there is no single answer to this question. A lot depends on what is stored on your computer and how you use your computer. I'd say any computer used for business purposes, especially storage of any client information, needs to be on one of the versions of macOS that is officially supported by Apple (currently Big Sur, Monterey, and Ventura, with Big Sur only receiving critical updates). Next, I think any personal machine that is used with or stores any information that would be severely damaging to you if lost or stolen, including financial details and sensitive photos and videos, should either be kept fully up to date or disconnected from the Internet.

My Mac security strategy is centered around risk management, not predictions of bad actors' behavior. I prefer spending some time up front–and money if justified–to minimize the possibility of having to deal with the fallout of an attacker putting viruses or malware on my computer. I view anti-virus and anti-malware software as a form of insurance. Yes, it sucks that I need it but I feel that having it lets me sleep better than not having it.

Also, we are all human and we make mistakes, especially when we are in a rush, distracted, or tired. Relying on constant vigilance as sole protection requires perfection. I don't think any of us can reach that standard very often, especially with something that is constantly changing and morphing.

Here are some earlier discussions about your questions throughout this thread:

https://forums.macrumors.com/threads/virus-malware-program-recommendations-merged.2346555/post-31598241

https://forums.macrumors.com/threads/google-chrome-helper-gpu-gone-crazy-50gb-who-to-fix-this.2359103/post-31472308

https://forums.macrumors.com/threads/dedicated-user-account-for-extra-security.2335304/post-30870674

 

[m1maverick]

Anyone here have any experience setting up a IOT network? Currently I'm using my Guest network but problem is I apps the controls the devices on the guest network can't see the device, door lock, robot vaccume, roku etc..

IoT is a security nightmare and, IMO, dumb. Not everything in our lives needs to be connected to the Internet. In the past we got along just fine without doing so.