Do You Use It? Software Update on the Mac

During the recent fuss about Software Update installing Sonoma in response to the notification being closed, many of us shared how we have Software Update configured in System Settings > General > Software Update > Automatic Updates (or System Preferences > Software Update > Advanced in macOS 12 Monterey and earlier).

System Settings 2024-02-23 at 12.54.30@2x944×664 39.8 KB

That got me thinking—how do TidBITS readers engage with updates on the Mac? In part, that’s connected to your Software Update settings, but it hinges more on your personal policy for installing updates and upgrades. So, for this Do You Use It? poll, I have four questions. If you use multiple Macs, answer for your primary machine.

Note that the first question lacks a None option because I failed to consider the fact that someone would uncheck “Install Security Responses and system files,” which is necessary for XProtect to download new signatures and protect against known malware. It’s a really bad idea to uncheck that setting. But if None would be your answer, just skip the question, and I’ll estimate the number of None answers from the difference in number of responses with the other questions. (I can’t change answers without deleting all responses so far.)

Also, note the word “usually” in the other three questions. Situations vary, of course, but I’m looking for what you would generally do if the release notes didn’t tell you anything of specific import.

The first question could have another option: “None checked”
I was not able to vote on that question.

I don’t let Software Update check or install. I wait until I learn about updates then install when convenient.

How quickly I install bug fixes or interim feature updates depends entirely on the circumstances. Do I deem the security risk to myself elevated? Do I experience the bug Apple is reporting to have fixed myself? If yes, I’ll likely install within a couple days. If not, I have no problems waiting several weeks until I get around to it.

Same with interim feature updates. If it’s something I want to try out, I’ll update sooner, but if it’s just some gimick I couldn’t care less about, I’ll gladly hold off. Apple marketing and a lot of the fanboi outlets like to create a sense of pressure and urgency, but I have zero problems resisting that. And I openly oppose it. My systems, my schedule. End of story.

I try to be very conservative about what goes on my systems and that includes OS updates. Especially, since Apple is abysmal when it comes to change logs and documenting fixes. OTOH I’m also a realist – I need to use software to get work done and software updates that I want will at some point put requirements on my OS. So I’m no big fan of falling behind too far.

Also, updating pains usually scale with how big of a jump you make. If I get stuck on Sonoma now and hold off updating for 5 years, that jump is most likely going to be far more painful than doing major revisions every 1-2 years. I also want to be able to upgrade my Mac hardware whenever its performance or features become attractive. And with that also come minimum OS requirements. I don’t want to fall back so far that that would hold me off from getting a new Mac.

In my case, my Macs are all for personal use. So I can afford to wait a long time - sometimes over a year for a major macOS update.

But I don’t require much of my personal systems - Word, Excel, Firefox, Photoshop Elements, FileMaker and my scanner software. I could be quite happy running my old 68040-based Quadra and Mac OS 8.1, if not for the fact that you can’t get a modern web browser for it and old browsers are a major security hole (and incompatible with far too many web sites).

But my work PC (provided and managed by my employer) is different. The company routinely pushes down updates and I’m expected to install updates as they become available. The IT department maintains a centralized policy server which will block updates until they vet them, after which they appear to me and I’m expected to install them.

Oh, I didn’t even think about that because it’s REALLY dangerous to not have “Install Security Responses and system files” checked. You won’t get the XProtect updates that Apple releases regularly with no notice at all.

I can’t add an answer without deleting all the responses so far, so I’m going to stick with what I have, but I’ll comment on that above and when I announce it in TidBITS.

That lack of notice is one of the biggest reasons I don’t keep that one checked. I don’t want anything “stealth updated”. I want to know when my system is going to be modified, even if it’s something minor like the XProtect updates. Those updates are normally rolled into the next regular security update, so the delay is usually not excessive. I’d be more inclined to check that if there was an option to explicitly allow the XProtect updates and not whatever other unspecified updates may be included in that option.

I may not be the only one, but the answer really is “it depends” For my personal MacBook Air, I tend to update and upgrade pretty quickly, though on a Mac I usually wait at least a couple of days - I usually wait until I actually get the notice (unlike iOS, when I upgrade almost always as soon as I know about it, and seek out updates.)

However, I have a Mac mini that acts as a media server and mail spam catcher (using SpoamSieve) so I tend to be more careful about how often I update that machine. And the iMac that my wife and I share (and which is her primary Mac) I tend to update only when I think it’s critical. She is a little intolerant about changes, particularly in look and feel but also in how things work, so I tend to wait for a long while to show her what I know the differences to be before I update. Right now it’s still on Ventura. But when Catalina came out, that one didn’t get updated I think until after Big Sur was available, because of the changes from iTunes to discrete apps for music and other media. (These days her biggest use of a Mac is to print some documents but mostly to manage her music library and sync with her waterproofed iPod shuffle that she uses while she’s doing swimming workouts.)

FWIW I answered the questions as I use my personal MacBook Air.

Agreed. Not to mention the occasional secret, back-end tweak Apple silently pushes out.

FYI: You can manually check if XProtect and other Apple security tools are up to date with apps such as those provided by Howard Oakley (SilentKnight, Skint, etc.) The apps compare your system to the current Apple version numbers. If there is a mismatch, you can manually download the update from Apple with a button.

I would urge the use of these apps at least every month to verify you are up to date, even if you have “Install Security Responses and system files” checked. I have seen a variety of macOS systems that had all update options enabled, but were out of date by 1 or more versions of XProtect, etc. Sometimes things just don’t work as they should.

NOTE: All of Oakley’s tools on the page above (except Skint) have versions that can run on macOS as far back as 10.11 El Capitan. Be aware that older macOS versions no longer have updates to most of their security tools. I believe only XProtect is still updated on older macOS (as it was again just this week). Also note that older macOS versions will always report an error with the Firmware version because it does not match the most recent macOS.

Thanks for that warning. I already allow checking for upgrades, and just turned Install Security Responses and system files" back on. I may have turned it off when trying to block the unwanted upgrade to Sonoma. (My main worry is the problems with Mail in Sonoma.)

My policy doesn’t exactly fit in your survey. I have taken to waiting to upgrade MacOS until the successor until just before the next major version comes out because I’ve found it much easier to upgrade to the next MacOS than to skip over one or more versions of the MacOS. Apple seems to write its upgrade software from the previous version, and things can get lost if I skip versions.

Even if you miss the deadline, you don’t have to skip a version. You can download the installer via the App Store using one of Apple’s magic links (see How to download and install macOS - Apple Support) and run that installer.

I found this to be ambiguously worded. Is this meant to capture people who install a major version as soon as possible, or is it for those who install a major version when the next major version comes out. (For example, you’re currently on version 11, and you install version 12 when version 13 comes out.)

I usually install major releases soon after they are released. I may wait if rumors of issues in areas that I care surface quickly. I remember one MacOS release where the relevant Take Control book was less than assuring. For that one, I waited a few months. I fully recognize that the release may not be feature-complete and that things may be a bit rocky for a few .n releases, but I’m willing to roll with it.

On the other hand, I advise friends who don’t want to monitor the situation to wait for several .n releases, but unless problems surface, to upgrade shortly after the announcement of the next major release. This keeps them relatively current and makes it easier for them to get support from me if problems arise. I tend to get a bit antsy when asked to deal with older OS releases.

Yes, that’s the intent of the wording, to capture people who wouldn’t install macOS 13 Ventura until Apple turned its attention to macOS 14 Sonoma. I wasn’t more specific because there are people who trigger based on the announcement at WWDC in June, the release of the public beta in July/August, or the release of the final shipping version in September/October.

Between Silent Knight and two sites I check on a daily basis that promptly highlight those updates, that doesn’t concern me. Apple’s latest Sonoma incident earned “None checked.”

I used to check the first and last.

There was no option for my decision process and I didn’t notice any comments of others using it. I wait for Adam Engst’s advice on the safety AND then check all my major apps for compatibility. Frequently there is at least one significant application that is not yet compatible with the latest release. Currently, I am waiting for one application to achieve compatibility with Sonoma. Then I will check other important applications and finally upgrade when I can ensure I have enough time to solve any problems.

Sounds like you’re doing the manual research necessary to stay safe. Personally, I don’t have the time to do that—that’s what I keep computers around for.

Trivial compared to the time Sonoma has wasted here.

I use the options as intended, ticking all the boxes except for installing macOS updates, because those could be disruptive and require a restart (which, despite the sheer delight that is the Resume feature, isn’t always tolerable, such as when running a VM or in the middle of reviewing a timeline in a social or feed reader app). The only exception is when I’m travelling; in that case I’ll turn off the download of macOS updates too to save on bandwidth (which is typically cellular over some hotspot device, typically not an iPhone because of the stupid restrictions imposed by iOS tethering).

It’s not always easy to anticipate when to upgrade OSs: the Sonoma update may have been enforced for one of my machines, but the truth is that I’d failed to spot that there was a crashing bug caused in Fusion on another of them, mostly because I hadn’t had cause to use a VM in a while. Apple have finally fixed that bug, but arguably I would still have chosen to upgrade anyway because some of the features are genuinely unmissable (think AirPods switching now actually working as intended, so well in fact that I can no longer cheat and mute the speakers before automatically switching and muting the AirPods instead).

XProtect updates just add some text to an XML file. They don’t update anything that runs on the operating system.

I generally have my Macs set to download updates but not install them automatically. When I’m away from home I shut off all updating on my Air since I’m mostly using my iPhone for data & don’t want to chew up large amounts of my hotspot data on updates that can wait until I get home.