If I run Snow Leopard, am I at real risk of having my Mac hacked or be at risk logging into my banks using Firefox?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Running Snow Leopard, security risk?
- Thread starter 2012Tony2012
- Start date
- Sort by reaction score
Potentially, yes. The last two OS X security updates did not include Snow Leopard in those updates. For example, look at all the security issues patched here.
I think you mitigate the risk somewhat by using Firefox that presumably contains the security patches rolled in the newest Safari updates, but that does not cover the OS updates listed.
Can you say that again in plain English please? What do you mean, "you mitigate the risk somewhat by using Firefox that presumably contains the security patches rolled in the newest Safari updates, but that does not cover the OS updates listed"?
So you are saying that someone who runs snow leopard can be hacked and have their bank accounts hacked when they login to their bank websites?
When you logon to a secure site like your bank using Safari, a small padlock appears next to the site name (you can see it in my screenshot). If you click that padlock you get the screen below showing the site's security certificate is valid. The idea is you can be certain this is really your bank's web site, and not some other site posing as your bank to get your password when you type it in.
This is normally only an issue if you are on public wifi (like say at a StarBucks) where someone else using the same wifi has setup this trap with a look alike site.
My point is your browser has built in security and uses these certificates to make sure you are on the correct site (your real bank) and that passwords between you and the bank are encrypted like they should be. There are often OS and browser security updates to make sure all this is working correctly. Snow Leopard is no longer getting these updates, so the risk is increased in theory.
My comment about using another browser was because even if Safari is not being updated, you could use Chrome or Firefox which one would assume has been kept up to date with security patches.
Read over these links. These are all security patches that were included in the last two updates, and these patches were not released for Snow Leopard.
http://support.apple.com/kb/HT6181
http://support.apple.com/kb/HT6150
I think if you are just logging on to your bank from home, at this point you are probably fine. But new security issues come along all the time, and although Apple has said nothing officially, it appears they have stopped fixing those bugs for Snow Leopard.
This is a bit misleading example, while it relates to Apple's TLS bug in February, that never affected Snow Leopard to begin with since the bug was introduced in Mountain Lion. I agree with the overall point however, it's probably best to use a browser that is still updated on Snow Leopard.
I realize that and I never said the bug existed in SL. I was trying to give an example relevant to the OP's banking question of what can happen if security issues are not addressed. Maybe you can provide a better example.
It makes assumptions about a very specific type of security issue related to banking. What specific security issues exist on Safari for Snow Leopard related to banking? I don't know, I think that's a better answer.
I was trying to explain to the OP the potential issues of not getting any further security updates, and I suspect you understand that just fine.
You already said that. However, look back to post #2, you then mention updates that was not included for Snow Leopard. That specific update address the TLS bug, you then go ahead and show an example related to the TLS bug, so it's easy to get the impression that you meant that the bug was never fixed in Snow Leopard, I suspect you understand that as well.
Yes, I can see how there could be that misunderstanding. I tried to clarify by using words like "potentially" and "in theory", but I guess that is not enough for some to understand the point. Fair enough.
So if I go back to using SL, I just use firefox only for browsing.
I should be fine?
What else should I do to keep myself secure as possible on SL?
I should be fine?
What else should I do to keep myself secure as possible on SL?
Beyond just using a browser like Firefox or Chrome that is being updated, there is not much else you can do.
At this point I would say you are likely fine. I suspect when an unpatched security bug pops up in SL we will hear all the SL users screaming from the rooftops.
