Still on 10.9.5 - Should I update to Yosemite for security reasons?

[eselle]

So I'm very content on Mavericks - I don't see much of a need to upgrade to Yosemite. But recently I have been noticing some fishy activity on my MacBook:

1) Opening my MacBook but it's starting up like I had shut down on previous use (so having to log in to my user etc), while I merely closed it on standby - it's not exactly a battery issue
2) Twice discovering a Chrome tab (amongst my 1000 tabs) on a fileshare321.com site saying I'm downloading something (even though neither Chrome nor OS X has alerted me on any downloads)

I've checked my system on ClamXav and iAntiVirus, and have come clean. I also have 'Install security updates' checked under App Store in System Prefs.

I am told that Apple "does not discuss their security issues", and when they released Yosemite, it's "for security purposes".

So, should I definitely upgrade to Yosemite just to enhance my MacBook's security?
How vulnerable is Mavericks really, seeing as Yosemite is the latest OS?

Any help would be greatly appreciated. Thank you in advance!

 

[Loops]

"Still on 10.9.5 - Should I update to Yosemite for security reasons?"

No.

The best way to avoid security issues is to make sure Java isn't installed. If it is, uninstall it unless you absolutely need it. If you absolutely need it, be sure to have the latest version.

 

[eselle]

"Still on 10.9.5 - Should I update to Yosemite for security reasons?"

No.

The best way to avoid security issues is to make sure Java isn't installed. If it is, uninstall it unless you absolutely need it. If you absolutely need it, be sure to have the latest version.

Cheers for your input. And please pardon my ignorance, but could you please expand on this? e.g. How should I go about uninstalling Java? How does Java expose my computer to security vulnerabilities? Is Mavericks definitely not inferior to Yosemite in terms of security?

Thanks.

 

[Loops]

Cheers for your input. And please pardon my ignorance, but could you please expand on this? e.g. How should I go about uninstalling Java? How does Java expose my computer to security vulnerabilities? Is Mavericks definitely not inferior to Yosemite in terms of security?

Thanks.

Mavericks is a very recent release of OS X. It is fully supported by security updates.

As for Java, if you don't see it in System Preferences as a preference pane and don't see a Java-specific utility in the Utilities folder then you don't have it installed. If you have it installed, do a Google search for uninstallation instructions.

 

[GGJstudios]

Cheers for your input. And please pardon my ignorance, but could you please expand on this? e.g. How should I go about uninstalling Java? How does Java expose my computer to security vulnerabilities? Is Mavericks definitely not inferior to Yosemite in terms of security?

You don't need to uninstall Java, as long as you have it disabled in your browser. Java in browsers has been exploited in the past to introduce Trojans to Macs. This can easily be avoided by not enabling Java in your browser until you're on a trusted site that requires it.

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 12 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). 3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link.

​

Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.

 

[Loops]

You don't need to uninstall Java, as long as you have it disabled in your browser.

Downloaded files can have malware that use Java. If they're opened then the computer becomes infected.

Unless the user specifically needs Java there is no reason to have it on the computer.

 

[grahamperrin]

Existing discussion

Should I update to Yosemite for security reasons?

No. There's a good discussion:

Mavericks Support - EOL When?

 

[GGJstudios]

Downloaded files can have malware that use Java. If they're opened then the computer becomes infected.

Unless the user specifically needs Java there is no reason to have it on the computer.

That goes back to safe computing practices of being careful where you get software you install. Java-based malware cannot infect your system if you have it disabled in your browser and you don't install apps from untrustworthy sources. Java isn't installed by default on versions of OS X since Lion 10.7.

 

[Loops]

That goes back to safe computing practices of being careful where you get software you install. Java-based malware cannot infect your system if you have it disabled in your browser and you don't install apps from untrustworthy sources. Java isn't installed by default on current versions of OS X.

The bottom line is that instead of giving the person pages of safe computing practices to read the easiest thing to do is to get rid of Java if it's present.

Java isn't installed by default on current versions of OS X.

But it can easily be installed so the easiest thing to do is to have the user simply check the two locations that would show that it is installed.

 

[GGJstudios]

The bottom line is that instead of giving the person pages of safe computing practices to read the easiest thing to do is to get rid of Java if it's present.

Not really, since that is only one possible vector for infection. By understanding safe computing, you can be protected from all known vectors.

But it can easily be installed so the easiest thing to do is to have the user simply check the two locations that would show that it is installed.

It won't be installed unless the user installed it.

1) Opening my MacBook but it's starting up like I had shut down on previous use (so having to log in to my user etc), while I merely closed it on standby - it's not exactly a battery issue

Do you have it set to require a password when waking from sleep?

2) Twice discovering a Chrome tab (amongst my 1000 tabs) on a fileshare321.com site saying I'm downloading something (even though neither Chrome nor OS X has alerted me on any downloads)

That's common and has nothing to do with malware. It's just a pop-up advertisement that you run into on many sites. Have you checked your download folder?

Neither of these issues suggests the presence of malware on your computer.

 

[Ulenspiegel]

...So, should I definitely upgrade to Yosemite just to enhance my MacBook's security?

Absolutely not.

 

[eselle]

Thank you all so much for your input! I really appreciate it.

As for Java, if you don't see it in System Preferences as a preference pane and don't see a Java-specific utility in the Utilities folder then you don't have it installed. If you have it installed, do a Google search for uninstallation instructions.

You don't need to uninstall Java, as long as you have it disabled in your browser. Java in browsers has been exploited in the past to introduce Trojans to Macs. This can easily be avoided by not enabling Java in your browser until you're on a trusted site that requires it.

It does not appear that I have Java in my Systems Prefs, Utilities folder and Chrome (I can't seem to find a Java section on my Chrome settings - I only have JavaScript is enabled).

It won't be installed unless the user installed it.

Do you have it set to require a password when waking from sleep?


That's common and has nothing to do with malware. It's just a pop-up advertisement that you run into on many sites. Have you checked your download folder?

Neither of these issues suggests the presence of malware on your computer.

Yes, I normally have to log in, but in those two instances, my Mac started up like it was turning on, instead of waking up.

I am usually vigilant against pop-ups (I have AdBlock Plus handy), that's why the recent incidents stood out to me as very curious. I have checked my Downloads and All My Files, but did not see anything fishy - unless I am missing it as a 'hidden file', of course.

So, if it is a Java-enabled malware we are speaking of, would it be safe to say that I am clean of it, seeing as I do not appear to have Java at all on my computer? Or do I possibly have something else that is also malicious?

Cheers again to all for your help!

 

[GGJstudios]

I am usually vigilant against pop-ups (I have AdBlock Plus handy), that's why the recent incidents stood out to me as very curious. I have checked my Downloads and All My Files, but did not see anything fishy - unless I am missing it as a 'hidden file', of course.

Ad blocking software isn't completely effective in blocking pop ups, although they can reduce them significantly.

So, if it is a Java-enabled malware we are speaking of, would it be safe to say that I am clean of it, seeing as I do not appear to have Java at all on my computer? Or do I possibly have something else that is also malicious?

As already stated, your symptoms don't suggest malware of any kind. If you don't have Java installed, then Java-based apps, including malware, cannot run on your Mac.

I encourage you to relax and enjoy your Mac. Unless you're going out of your way to be reckless (such as installing pirated software), it's extremely unlikely that you will ever encounter OS X malware. Most users never do, since it's relatively rare.

 

[eselle]

Ad blocking software isn't completely effective in blocking pop ups, although they can reduce them significantly.

As already stated, your symptoms don't suggest malware of any kind. If you don't have Java installed, then Java-based apps, including malware, cannot run on your Mac.

I encourage you to relax and enjoy your Mac. Unless you're going out of your way to be reckless (such as installing pirated software), it's extremely unlikely that you will ever encounter OS X malware. Most users never do, since it's relatively rare.

Noted. Thank you so much for your help!

 

[vista980622]

No you don't have to.

Apple still provides all necessary security updates for OS X Mountain Lion and above.