Marginalized Macs

Regarding this recent revelation

I have always been a bit troubled by Apple’s system abandonment(?) policies.
There are plenty of older Macs in use that suggests good reason to continue support for these systems… It’s not like it would be a significant financial hit to Apple (I am fairly certain)

Just posting this in the hopes that some solutions and workarounds might eventually be forthcoming with regard to securing earlier, still in high use, Mac systems

Thanks for any tips

Eh, even the upcoming Monterrey release supports some Macs going back to 2013 (the trashcan Mac Pro.) I think Apple has done a pretty decent job supporting (most of) their major platforms longer than any other manufacturer would or does (I look at Microsoft not supporting Windows 11 on my 3-year old 1st-gen Ryzen PC…)

Now, I would love it if the old 2011 MBA I’ve got sitting in a drawer here was still reasonably up-to-date and secure, but given the creaky age of the hardware, it just doesn’t seem like a good idea for either party (Apple or me.) I’m not at all certain where I personally would draw the line, but I posit that Apple’s line is generally defensible.

5 Likes

Point taken.
But I guess I would add wishful-thinkingly, for example, aside from my skepticism that Mojave runs very well on a MBPro 2012, and the fact that Mojave will be unsupported fairly soon, that the costs and complications added to an institution’s durable fleet of 2012s to upgrade could easily and affordably have been avoided. I would pay a fee to Apple for continued support.
Mainly water under the bridge, to be sure. just sayin’
:wink:

Regarding Apple’s support of older Macs, Howard Oakley just wrote an outstanding article directly relevant to the subject:

Finding relevant information to keep using beyond old Macs safely beyond the final dates of receiving security updates can be quite challenging. It could be that the choice boils down to running a significant security risk if it’s desired to remain on the internet, or isolating (“air-gapping”) the Mac(s) in question from the internet completely.

I have tasks my older machines can perform but I minimize or prevent completely their ability to communicate on the internet. In some cases, I’m hopeful that a combination of shutting down incoming connections via macOS security preferences, and shutting down outgoing connections using Little Snitch, can be effective while keeping the old Mac on my local area network. Certainly, I turn off Mail, Messages, etc. completely. But I’m aware there’s a lot I don’t know so I’m always on the lookout for significant discussions and sites dealing with these topics.

How much are you willing to pay a year for Apple to continue supporting macOS 10.13 on your 2010 iMac? I assume that you are only asking about continuing security support for older Macs rather than making new version of macOS compatible with old hardware. Let me know if I’m wrong.

Asking for security updates is more reasonable, but any OS updates uses a lot of resources. I’m not thinking of money but rather engineers who will then be pulled away from security on the current OS.

Making Big Sur able to run on a 2010 iMac is a big cost since it means supporting 32-bit instead of going pure 64-bit.

I’ve been giving my office’s old iMacs to a person who puts Linux on them and then donates them to schools, along with his own time in teaching kids to use them.

2 Likes

There are open source projects to run latest OS on older macs. Have a look at this https://forums.macrumors.com/threads/macos-12-monterey-on-unsupported-macs-thread.2299557/ I have Catalina on my Macpro 2010 model. It is serving me well when I work in Photoshop and Lightroom. Soon I will upgrade to Big Sur and probably Montery next year.

Mac Pro 5,1 • “Twelve Core” 2.66 GHz (2010/Westmere) •Upgrade X5675 x2 • 48 GB 1333 MHz DDR3 ECC SDRAM • ASUS Radeon RX 580 8GB • 2x Samsung 970 PRO 1TB • High Point SSD7101A-1 NVMe

Basically, yes, my wish-list item is simply continued security support.
I do note that Apple continues xprotect and mrt for Sierra, at least. I cannot recall
what, or if earlier systems get these periodic updates, behind the scenes.

I think the recently revealed Finder vulnerability is a bit more problematic …

1 Like

The bug is only a problem if you download random .inetloc files from the Internet, which I’ve done approximately … never.

On macOS, Internet location files with .inetloc extensions are system-wide bookmarks that can be used to open online resources (news://, ftp://, afp://) or local files (file://).

If you do find yourself needing to do this, open it in a text editor first and make sure it does what you expect it to do.

I mean… yes, it’s a bug… and it’s a dumb bug that Apple should have fixed the first time, but it’s a very, very low threat of anyone getting bitten by this “in the wild”.

1 Like

Well… I am pretty sure that I read that this can be a click-free if it is attached to an email message and you use the Mail app with a preview window open. (I never do on MacOS.)

See Unpatched MacOS vulnerability lets remote attackers execute code | Ars Technica

I’ve also long avoided using a preview window in an email client or allowing remote content to load by default for this very reason, it can allow an exploit with no further interaction. 20+ years ago there were multiple problems with Outlook for Windows that were mitigated by taking such precautions.

I wonder if this specific problem can be mitigated by having a different handler set for .inetloc files. I tried making .inetloc files “Always Open With” TextEdit but macOS wouldn’t let me. I’m running Big Sur, it may still be possible in older, less locked-down versions or by temporarily disabling System Integrity Protection (SIP).

1 Like

an intriguing work around, but alas, does not seem to be easily done. I tried on my OSX 13.6 machine, but the “Open with:” remains unchangeable (for me, set to open with Transmit).

FWIW, it took me a while to even find any .inetloc files on my Macs, it is not a common file format for me to encounter.

I’ll second that. I’ve long said I would be only too glad to pay something to support my current installation without going through the incredible time suck that upgrading involves.