Still on 10.9.5 - Should I update to Yosemite for security reasons?

Discussion in 'OS X Mavericks (10.9)' started by eselle, Jan 22, 2015.

  1. eselle, Jan 22, 2015
    Last edited: Jan 22, 2015

    eselle macrumors newbie

    Joined:
    Jul 27, 2012
    #1
    So I'm very content on Mavericks - I don't see much of a need to upgrade to Yosemite. But recently I have been noticing some fishy activity on my MacBook:

    1) Opening my MacBook but it's starting up like I had shut down on previous use (so having to log in to my user etc), while I merely closed it on standby - it's not exactly a battery issue
    2) Twice discovering a Chrome tab (amongst my 1000 tabs) on a fileshare321.com site saying I'm downloading something (even though neither Chrome nor OS X has alerted me on any downloads)

    I've checked my system on ClamXav and iAntiVirus, and have come clean. I also have 'Install security updates' checked under App Store in System Prefs.

    I am told that Apple "does not discuss their security issues", and when they released Yosemite, it's "for security purposes".

    So, should I definitely upgrade to Yosemite just to enhance my MacBook's security?
    How vulnerable is Mavericks really, seeing as Yosemite is the latest OS?

    Any help would be greatly appreciated. Thank you in advance!
     
  2. Loops macrumors member

    Joined:
    Oct 5, 2010
    #2
    "Still on 10.9.5 - Should I update to Yosemite for security reasons?"

    No.

    The best way to avoid security issues is to make sure Java isn't installed. If it is, uninstall it unless you absolutely need it. If you absolutely need it, be sure to have the latest version.
     
  3. eselle thread starter macrumors newbie

    Joined:
    Jul 27, 2012
    #3
    Cheers for your input. And please pardon my ignorance, but could you please expand on this? e.g. How should I go about uninstalling Java? How does Java expose my computer to security vulnerabilities? Is Mavericks definitely not inferior to Yosemite in terms of security?

    Thanks.
     
  4. Loops macrumors member

    Joined:
    Oct 5, 2010
    #4
    Mavericks is a very recent release of OS X. It is fully supported by security updates.

    As for Java, if you don't see it in System Preferences as a preference pane and don't see a Java-specific utility in the Utilities folder then you don't have it installed. If you have it installed, do a Google search for uninstallation instructions.
     
  5. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #5
    You don't need to uninstall Java, as long as you have it disabled in your browser. Java in browsers has been exploited in the past to introduce Trojans to Macs. This can easily be avoided by not enabling Java in your browser until you're on a trusted site that requires it.

    Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 12 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). 3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link.
    Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.
     
  6. Loops macrumors member

    Joined:
    Oct 5, 2010
    #6
    Downloaded files can have malware that use Java. If they're opened then the computer becomes infected.

    Unless the user specifically needs Java there is no reason to have it on the computer.
     
  7. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #7
    Existing discussion

    No. There's a good discussion:

    Mavericks Support - EOL When?
     
  8. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #8
    That goes back to safe computing practices of being careful where you get software you install. Java-based malware cannot infect your system if you have it disabled in your browser and you don't install apps from untrustworthy sources. Java isn't installed by default on versions of OS X since Lion 10.7.
     
  9. Loops macrumors member

    Joined:
    Oct 5, 2010
    #9
    The bottom line is that instead of giving the person pages of safe computing practices to read the easiest thing to do is to get rid of Java if it's present.

    But it can easily be installed so the easiest thing to do is to have the user simply check the two locations that would show that it is installed.
     
  10. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #10
    Not really, since that is only one possible vector for infection. By understanding safe computing, you can be protected from all known vectors.
    It won't be installed unless the user installed it.
    Do you have it set to require a password when waking from sleep?

    That's common and has nothing to do with malware. It's just a pop-up advertisement that you run into on many sites. Have you checked your download folder?

    Neither of these issues suggests the presence of malware on your computer.
     
  11. Ulenspiegel macrumors 68030

    Ulenspiegel

    Joined:
    Nov 8, 2014
    Location:
    Land of Flanders and Elsewhere
    #11
    Absolutely not.
     
  12. eselle thread starter macrumors newbie

    Joined:
    Jul 27, 2012
    #12
    Thank you all so much for your input! I really appreciate it.

    It does not appear that I have Java in my Systems Prefs, Utilities folder and Chrome (I can't seem to find a Java section on my Chrome settings - I only have JavaScript is enabled).

    Yes, I normally have to log in, but in those two instances, my Mac started up like it was turning on, instead of waking up.

    I am usually vigilant against pop-ups (I have AdBlock Plus handy), that's why the recent incidents stood out to me as very curious. I have checked my Downloads and All My Files, but did not see anything fishy - unless I am missing it as a 'hidden file', of course.

    So, if it is a Java-enabled malware we are speaking of, would it be safe to say that I am clean of it, seeing as I do not appear to have Java at all on my computer? Or do I possibly have something else that is also malicious?

    Cheers again to all for your help! :)
     
  13. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #13
    Ad blocking software isn't completely effective in blocking pop ups, although they can reduce them significantly.
    As already stated, your symptoms don't suggest malware of any kind. If you don't have Java installed, then Java-based apps, including malware, cannot run on your Mac.

    I encourage you to relax and enjoy your Mac. Unless you're going out of your way to be reckless (such as installing pirated software), it's extremely unlikely that you will ever encounter OS X malware. Most users never do, since it's relatively rare.
     
  14. eselle thread starter macrumors newbie

    Joined:
    Jul 27, 2012
    #14
    Noted. Thank you so much for your help!
     
  15. vista980622 macrumors 6502

    Joined:
    Aug 2, 2012
    #15
    No you don't have to.

    Apple still provides all necessary security updates for OS X Mountain Lion and above.
     

Share This Page