Running Snow Leopard, security risk?

Discussion in 'macOS' started by 2012Tony2012, Apr 17, 2014.

  1. 2012Tony2012 macrumors 6502a

    2012Tony2012

    Joined:
    Dec 2, 2012
    #1
    If I run Snow Leopard, am I at real risk of having my Mac hacked or be at risk logging into my banks using Firefox?
     
  2. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #2
    Potentially, yes. The last two OS X security updates did not include Snow Leopard in those updates. For example, look at all the security issues patched here.

    I think you mitigate the risk somewhat by using Firefox that presumably contains the security patches rolled in the newest Safari updates, but that does not cover the OS updates listed.
     
  3. 2012Tony2012 thread starter macrumors 6502a

    2012Tony2012

    Joined:
    Dec 2, 2012
    #3
    Can you say that again in plain English please? What do you mean, "you mitigate the risk somewhat by using Firefox that presumably contains the security patches rolled in the newest Safari updates, but that does not cover the OS updates listed"?

    So you are saying that someone who runs snow leopard can be hacked and have their bank accounts hacked when they login to their bank websites?
     
  4. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #4
    When you logon to a secure site like your bank using Safari, a small padlock appears next to the site name (you can see it in my screenshot). If you click that padlock you get the screen below showing the site's security certificate is valid. The idea is you can be certain this is really your bank's web site, and not some other site posing as your bank to get your password when you type it in.

    [​IMG]

    This is normally only an issue if you are on public wifi (like say at a StarBucks) where someone else using the same wifi has setup this trap with a look alike site.

    My point is your browser has built in security and uses these certificates to make sure you are on the correct site (your real bank) and that passwords between you and the bank are encrypted like they should be. There are often OS and browser security updates to make sure all this is working correctly. Snow Leopard is no longer getting these updates, so the risk is increased in theory.

    My comment about using another browser was because even if Safari is not being updated, you could use Chrome or Firefox which one would assume has been kept up to date with security patches.

    Read over these links. These are all security patches that were included in the last two updates, and these patches were not released for Snow Leopard.

    http://support.apple.com/kb/HT6181

    http://support.apple.com/kb/HT6150

    I think if you are just logging on to your bank from home, at this point you are probably fine. But new security issues come along all the time, and although Apple has said nothing officially, it appears they have stopped fixing those bugs for Snow Leopard.
     
  5. subsonix macrumors 68040

    Joined:
    Feb 2, 2008
    #5
    This is a bit misleading example, while it relates to Apple's TLS bug in February, that never affected Snow Leopard to begin with since the bug was introduced in Mountain Lion. I agree with the overall point however, it's probably best to use a browser that is still updated on Snow Leopard.
     
  6. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #6
    I realize that and I never said the bug existed in SL. I was trying to give an example relevant to the OP's banking question of what can happen if security issues are not addressed. Maybe you can provide a better example.
     
  7. subsonix macrumors 68040

    Joined:
    Feb 2, 2008
    #7
    It makes assumptions about a very specific type of security issue related to banking. What specific security issues exist on Safari for Snow Leopard related to banking? I don't know, I think that's a better answer.
     
  8. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #8
    I was trying to explain to the OP the potential issues of not getting any further security updates, and I suspect you understand that just fine.
     
  9. subsonix macrumors 68040

    Joined:
    Feb 2, 2008
    #9
    You already said that. However, look back to post #2, you then mention updates that was not included for Snow Leopard. That specific update address the TLS bug, you then go ahead and show an example related to the TLS bug, so it's easy to get the impression that you meant that the bug was never fixed in Snow Leopard, I suspect you understand that as well.
     
  10. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #10
    Yes, I can see how there could be that misunderstanding. I tried to clarify by using words like "potentially" and "in theory", but I guess that is not enough for some to understand the point. Fair enough.
     
  11. 2012Tony2012 thread starter macrumors 6502a

    2012Tony2012

    Joined:
    Dec 2, 2012
    #11
    So if I go back to using SL, I just use firefox only for browsing.

    I should be fine?

    What else should I do to keep myself secure as possible on SL?
     
  12. Gregg2 macrumors 603

    Joined:
    May 22, 2008
    Location:
    Milwaukee, WI
    #12
    I used Leopard until a couple of months ago. No security problems. I wouldn't sweat it.
     
  13. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #13
    Beyond just using a browser like Firefox or Chrome that is being updated, there is not much else you can do.

    At this point I would say you are likely fine. I suspect when an unpatched security bug pops up in SL we will hear all the SL users screaming from the rooftops. :)
     
  14. oldhifi macrumors 6502a

    oldhifi

    Joined:
    Jan 12, 2013
    Location:
    USA
    #14
    I just upgraded to Lion to get the security patches, why chance it?
     

Share This Page