Catalina still secure OS?

[Voodoofreak]

Hi, a long-time silent lurker here. I have a 2013 Early MBP
Retina which is still going strong on it's 10th year. It honestly does what I need it to for from my day to day computer related tasks. Rest is primarily done on our cell-phones.
My question is whether this MBP/Catalina OS is still secure from today's standpoint to continue using until this machine draws it's last breath. Appreciate everyone's thoughts and guidance on this.

 

[gilby101]

My question is whether this MBP/Catalina OS is still secure from today's standpoint to continue using until this machine draws it's last breath.

What is your risk profile? That is is the sort of things you do with the Mac, what is stored on it, what is accessible from it, and the consequences (loss of data, privacy compromise (personal, business or government)) of any security violation.

Specifics:
1. It is less than a year since Apple supplied security updates, so it is not way behind.
2. Apple still updates XProtect on Catalina - so that is some protection from malware.
3. In terms of potentially insecure software, browsers are your most likely concern. My advice is to avoid Chrome and if paranoid use latest Firefox. A reputable adblocker (e.g. AdGuard) will also block malware and tracking web sites - check what yours does.
4. Use a malware scanner like Malwarebytes.
5. Last, but not least, make sure of your backups. If ransomware (or other data loss) is a concern make sure one of the backups is off-site or uses a cloud backup service (e.g. Arq Backup).

Mitigating risks is much the same as if you had the latest macOS. Unless you (or your data) are at serious risk, keep on using it.

There is always the adventurous path of running a more recent macOS using OCLP, but I would not recommend that just because of your security status not being ideal.

 

[VirtuallyInsane]

As long as you download all of the security updates for your system, and you don't do anything overly risky online (e.g. buy something online, use online banking etc) then you should be alright. I'm currently typing this on my 2008 Macbook running Lion, and have updated all the security updates.

Granted, I'm not doing anything major on it (listening to music, surfing the web, writing a story) and it's not my main device.

I agree with @gilby101 above and I think that you should be fine for a while in regards to security updates, but as long as you aren't downloading anything suspicious, or looking at insecure websites and giving random people your important details, you should be fine.

I use Firefox on my main device (MBP M1) and so far, it hasn't let me down and I would happily use that over Chrome any day, given the chance. Chrome can be a bit bloated, and some people don't agree with Google spying on them, which is fine. Having used them both, I prefer Firefox hands down.

Yes, definitely make as many backups as you can manage. You can also buy an external drive/SSD and use it as time machine back up if you didn't want to go the Cloud route. In my experience, the cloud isn't bad but the drives are more secure, and faster. But some of them can be more expensive, depending on the size. I have a 4TB Seagate External Drive that I got for a good price and am happy with it. Works a treat for data backup.

And I definitely agree that if your MBP is your main device **do not use OCLP** if you are secure, and if you are still getting app support. You don't need to upgrade just yet. You should be fine for another year or so. I have an iMac running Mojave, and it's fine for now, in terms of support and what I need it to do.

Some people still use PPC and Early Intel devices, and they are fine online. You don't need the latest and the greatest to be fully safe. As long as you are sensible, you should be good for a while longer.

 

[stradify]

Arstechnica wrote an excellent 2 piece article on cyber security that is worth reading:

Part 1: https://arstechnica.com/features/2021/10/securing-your-digital-life-part-1/
Part 2: https://arstechnica.com/information-technology/2021/10/securing-your-digital-life-part-2/

 

[Voodoofreak]

These are great responses everyone. I appreciate the insights honestly.

I check some boxes on what y’all recommended but missing the mark in other areas.

I keep the machine up to date in terms of all patches that are offered. Last one was a while ago I believe though.

I have malwarebytes premium installed but I don’t believe I have an antivirus app right now. So maybe I can look into that.

I definitely need to begin using Firefox (was using safari). I don’t use chrome at all.

I do have the machine backed up on apple cloud because I just wasn’t sure when it might kick the can.

I use it for basic tasks (word processing and researching on the couch) but those tasks also include finances. I preferred doing it on this machine than my windows desktop. So I guess this is where there might be risk if I continue to do my taxes and banking stuff on it.

My wife uses it to attend online classes but that’s about it.

 

[chrfr]

I keep the machine up to date in terms of all patches that are offered. Last one was a while ago I believe though.

Yeah, Apple is no longer offering any updates for Catalina at all.

 

[gilby101]

I do have the machine backed up on apple cloud because I just wasn’t sure when it might kick the can.

iCloud is not a backup. It is a synchronisation service. If a file on your Mac gets corrupted or deleted the change is uploaded to iCloud. You need a backup which keeps previous as well as current versions of files. This applies to anyone including those with the latest operating systems.

Backup is the key mitigation measure against ransomware. But I am not aware of any ransomware attacks on Macs.

Apple is no longer offering any updates for Catalina at all.

It is still updating the XProtect anti-malware application.

So I guess this is where there might be risk if I continue to do my taxes and banking stuff on it.

I would only worry if I was doing it on a public wi-fi service - but that is a network threat, not operating system. But, at home, you are not open to this threat.

I have malwarebytes premium installed but I don’t believe I have an antivirus app right now. So maybe I can look into that.

Malwarebytes will protect you from Mac malware - including Apple viruses (if there are any). I would only consider a more traditional a-v product if I were concerned about detecting Windows viruses.

 

[Voodoofreak]

I didn’t realize that’s about iCloud. I’m guessing I do need to invest in a USB drive and do a Time Machine backup. I have 10 years worth of info on this machine so I would absolutely be heartbroken if I lost some of it.

 

[k27]

Apple: "not all known security issues are addressed in previous versions (for example, macOS 12)."
About software updates for Apple devices

Apple clarifies security update policy: Only the latest OSes are fully patched​

New document confirms what security researchers have observed for a few years.

Last Week on My Mac: Home truths about macOS​

"Mentioned in @eryeh's writeup (https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/), this wasn’t patched for Catalina until Sept 23. NOT mentioned: This was 🚨234 days‼️ after #Apple patched the same vuln for Big Sur. 🤯 @Apple, randomly choosing which vulns you patch for 2 prior #macOS endangers customers."
Read 3 replies

Apple's Poor Patching Policies Potentially Make Users' Security and Privacy Precarious - The Mac Security Blog​

Apple's practices regarding security updates are frustrating and perplexing, and may endanger users.
www.intego.com

Does Apple maintain APFS in older macOS?​

Using version numbers, it’s possible to track changes in critical sub-systems like APFS within macOS. According to those, APFS was updated twice while Catalina was in security-only maintenanc…

eclecticlight.co