European Union Flag
European Apple Users Information & Support
LOGIN
RSS Feed Icon
via fetchrss.com
The next event is:
CES 2018

On 9 January 2018
More events…

macOS 10.13 High Sierra
FREE
Amazon UK Mac Software Affiliate Link
I love Quidco
ABBYY

Mac Security Article #7 - Older Operating Systems

Article ID = 87
Article Title = Mac Security Article #7 - Older Operating Systems
Article Author(s) = Graham Needham (BH)
Article Created On = 29th June 2012
Article Last Updated = 7th November 2017
Article URL = http://www.macstrategy.com/article.php?87

Article Brief Description:
How to secure older/not supported/out of date Mac operating systems

Securing Older Operating Systems

This is number seven in a series of MacStrategy security articles. Applications provided with the operating system can be at high risk from attack especially those that open common document formats like movies, JPEGs/pictures, PDF, Office (Word/Excel/PowerPoint), RTF files and those that access the internet i.e. web browsers e.g. Safari, iChat/Messages and email applications e.g Apple's Mail. This article will help you secure your older operating system and also source up-to-date, more secure applications if they are available (alternative applications are listed in OS support order not in any order of recommendation). This article has the following sections:
  1. Mac OS
  2. Apple software (included with macOS / OS X / Mac OS X)
  3. Non-Apple software but included with macOS / OS X / Mac OS X
  4. Microsoft Office (Word, Excel, PowerPoint documents)
  5. Adobe Acrobat (PDF documents)
  6. Web Browsers
  7. Internet Plug-ins including Java
NOTE: Due to changes in security requirements (SSL and early versions of TLS are now broken), Apple's developer software output/OS support, and third-party software applications that use the Sparkle update mechanism must now use a new secure version which has higher minimum system requirements, it is becoming increasingly more difficult for developers to support Mac operating systems prior to OS X 10.9 (Mavericks). 2017 also sees the end of secure web browser, Microsoft Office and Adobe PDF Reader support on operating systems prior to OS X 10.9. If you are currently running OS X 10.8 or earlier MacStrategy highly recommends that you start planning to stop using these operating systems on the internet and/or upgrade to OS X 10.9 or later by October 2017 at the very latest.

Mac OS

The following operating systems are no longer fully supported/updated by Apple and if you are still running one of these there is a security risk to you and your data especially if you use it to access the internet. You should therefore read all of this article and heed the recommendations given within it.
  • OS X 10.10 Yosemite (as of 25th September 2017)
  • OS X 10.9 Mavericks (as of 1st September 2016)
  • OS X 10.8 Mountain Lion (as of 30th September 2015)
  • OS X 10.7 Lion (as of 16th October 2014)
  • Mac OS X 10.6 Snow Leopard
  • Mac OS X 10.5 Leopard (both PowerPC and Intel versions)
  • Mac OS X 10.4 Tiger (both PowerPC and Intel versions)
  • Mac OS X 10.3 Panther
  • Mac OS X 10.2 Jaguar
  • Mac OS X 10.1 Puma
  • Mac OS X 10.0 Cheetah
  • Mac OS 9 (Classic) or earlier
Q. How can I tell which version of macOS / OS X / Mac OS X I am running?
A. Go to Apple menu (top left) > About This Mac > check the version reported for macOS / OS X / Mac OS X.

Apple provided guides for securing some versions of their operating systems. Although quite technical they are excellent for helping you to secure your old OS:
Third parties, such as the National Institute for Standards and Technology (NIST), also offer guides for securing Apple operating systems. Again, although quite technical they are excellent for helping you to secure your old OS:

Apple software (included with macOS / OS X / Mac OS X)

For Apple software not included with macOS / OS X / Mac OS X e.g. Pages, Numbers, Keynote, iMovie, Garageband, please see our article on Keeping Apple Software Products Up-To-Date.
Although any Apple application software provided with the OS will generally be no longer supported/updated by Apple there are specific applications/components that are at much higher risk than others so here are some recommendations:
Messages / iChat
As this application accesses the internet and malware is easily spread via instant messaging services it is highly recommended, if possible, to use an alternative instant messaging application that is kept up-to-date with security patches: NOTE: It is not recommended to use the following products as they use the OS X/Safari "webkit" rendering engine:
  • Adium (multi protocol client including Jabber)
  • Yahoo! Messenger
  • MSN/Microsoft Messenger (shut down October 2014)
iTunes
iTunes is available to download separately and supports a few OS X versions back (currently OS X 10.10.5 or later).
SECURITY WARNING: iTunes is no longer supported on Apple PowerPC computers or OS X 10.9.5 or earlier. If you still use a PowerPC computer/OS X 10.9.5 or earlier you are strongly recommended to be careful with what media you add to your iTunes library - always add files from legitimate/trusted sources.
  • Check for an update now: Go to Apple menu > App Store… > click the "Updates" icon in the top right
  • Turn on Automatic Updates: Go to Apple menu > System Preferences > App Store > tick "Automatically check for Updates" and tick all the boxes underneath that heading.
  • Download updates manually from the Apple iTunes download page.
Instructions for removing iTunes using a Macintosh can be found in our article here.
Links for downloading older versions of iTunes can be found in our article here.
Alternative media managers:
Mail
As this application accesses the internet and malware is easily spread via email/attachments it is highly recommended to use an alternative email application that is kept up-to-date with security patches: NOTE: It is not recommended to use "Entourage 2008" as it uses the OS X/Safari "webkit" rendering engine.
NOTE: It is not recommended to use "Mailforge" or "Sparrow" as they have been discontinued.

NOTE: You can change the default email application by opening Mail > go to Mail menu > Preferences > General tab > select your preferred application from the 'Default email reader' pop-up menu.
Preview
Malware is easily spread via bad documents e.g. graphics/JPEGs and PDFs so it is highly recommended to use alternative applications for these: See also the PDF documents section below.
NOTE: You can change the default application that opens specific documents by selecting (clicking once) a document icon in the Finder > go to File menu > Get Info (Command-I) > under the 'Open with…' heading select your preferred application from the pop-up menu and then click the "Change All…" button.
Safari
See the Web Browsers section below.
NOTE: You can change the default web browser application by opening Safari > go to Safari menu > Preferences > General tab > select your preferred application from the 'Default web browser' pop-up menu.
TextEdit (Word Processing)
Malware is easily spread via bad documents so it is highly recommended to use alternative applications for text, RTF, Word files: See also the Microsoft Office section below.
NOTE: Microsoft Office in some respects may be less secure than an old version of preview if you do not keep it up-to-date so please see our article on Keeping Microsoft Software Products Up-To-Date.
NOTE: It is not recommended to use "SubEthaEdit" or "textmate" as they use the OS X/Safari "webkit" rendering engine.

NOTE: You can change the default application that opens specific documents by selecting (clicking once) a document icon in the Finder > go to File menu > Get Info (Command-I) > under the 'Open with…' heading select your preferred application from the pop-up menu and then click the "Change All…" button.
QuickTime including QuickTime Player
An alternative media player that supports older operating systems is VLC.
As of 10th December 2015 the QuickTime internet plug-in is no longer supported/updated. The latest security updates for OS X 10.9 or later should automatically disable the plugin. If you are running OS X 10.8 or earlier or you want to manually disable the plug-in go to Macintosh HD > Library > Internet Plug-Ins and disable/move/delete "nsIQTScriptablePlugin.xpt" and "QuickTime Plugin.plugin".
Up to date QuickTime is no longer supported on Apple PowerPC computers or any Mac with OS X 10.9.5 or earlier. If you still use a PowerPC computer/OS X 10.9.5 or earlier go to Macintosh HD > Library > Internet Plug-Ins and disable/move/delete "nsIQTScriptablePlugin.xpt", "QuickTime Plugin.plugin" and "QuickTime Plugin.webplugin". Don't use, archive or delete the QuickTime Player application and use an alternative media player.
  • Check for an update now: Go to Apple menu > App Store… > click the "Updates" icon in the top right
  • Turn on Automatic Updates: Go to Apple menu > System Preferences > App Store > tick "Automatically check for Updates" and tick all the boxes underneath that heading.
  • Download updates manually from the Apple QuickTime download page. - updates can no longer be downloaded manually
NOTE: You can change the default application that opens specific documents by selecting (clicking once) a document icon in the Finder > go to File menu > Get Info (Command-I) > under the 'Open with…' heading select your preferred application from the pop-up menu and then click the "Change All…" button.

Non-Apple software but included with macOS / OS X / Mac OS X

As macOS / OS X / Mac OS X is based on UNIX there is a lot of third party software included and distributed by Apple as part of macOS / OS X / Mac OS X. These parts are no longer updated by Apple but may suffer serious (security) flaws and could be updated by the third parties themselves. However, patching/installing those updates on macOS / OS X / Mac OS X may, unfortunately, not be an easy task. Important security flaws are noted below:
BASH
For more information on the "Shellshock" vulnerability see our blog post on the subject - Apple issued a security fix for OS X 10.7 Lion and later.
NTP
A serious security issue with NTP was reported and fixed on the 18th December 2014 - Apple issued a security fix for OS X 10.8 Mountain Lion and later. If you are running OS X 10.6 or earlier you are highly recommended to turn off automatic updating of the date and time or better yet, install an updated version of NTP:
  • Go to Apple menu > System Preferences > Date & Time > Date & Time tab > UNTICK "Set date and time automatically".
  • If you are running Mac OS X 10.6 someone has built a patch for you.
  • If you are running OS X 10.7 or Mac OS X 10.5 and earlier there are instructions on building an updated NTP here (states for OS X 10.7 and 10.6 but should work for any previous version of macOS / OS X / Mac OS X).
Java
Mac OS X 10.6 and earlier include an Apple supplied version of Java - see the Internet Plug-ins section below for more information.

Microsoft Office (Word, Excel, PowerPoint documents)

Using office documents on older operating systems is becoming harder and harder. If possible you are better to move away from proprietary Microsoft office document formats to more standard formats for text, spreadsheet and presentation documents (and use up-to-date compatible software - see links below). Alternatively you copuld consider using an online office equivalent with an up-to-date browser.
Microsoft Office Suites and Applications No Longer Supported
  • Microsoft Office 2008 (including 2008 versions of Word, Excel, Powerpoint, Entourage) support ended on 09/04/2013
  • Microsoft Office 2004 (including 2004 versions of Word, Excel, Powerpoint, Entourage)
  • Microsoft Office v.X (including v.X versions of Word, Excel, Powerpoint, Entourage)
  • Microsoft Office 2001 (including 2001 versions of Word, Excel, Powerpoint)
  • Microsoft Office 98 (including 98 versions of Word, Excel, Powerpoint)
  • Microsoft Office 6.x (including Word, Excel, Powerpoint)
  • Microsoft Office 4.x (including Word, Excel, Powerpoint)
If you are going to continue using Office 2004 or 2008 do not open Office documents from untrusted sources especially as email attachments or downloads from the internet – this includes but is not limited to the following document types:
  • Word (.doc / .docx / .dot / .dotx / .docm / .dotm)
  • Excel (.xls / .xlsx / .xltx / .xlsm / .xltm / .xlsb / .xlam / .xll)
  • PowerPoint (.ppt / .pptx / .pptm / .potx / .potm / .ppam / .ppsx / .ppsm / .sldx / .sldm)
Office Suites (supported/updated)
NOTE: A current version of Microsoft Office may, in some respects be less secure than an older version, if you do not keep it up-to-date so please see our article on Keeping Microsoft Software Products Up-To-Date.
Office Suites (online)
Word (Word Processing alternatives)
NOTE: It is not recommended to use "SubEthaEdit" or "textmate" as it uses the OS X/Safari "webkit" rendering engine.
Excel (Spreadsheet alternatives)
Powerpoint (Presentation alternatives)
You may also could consider alternative presentation methods such as:

Adobe Acrobat (PDF documents)

Malware is easily spread via bad PDF documents and is a common attack vector now, so it is highly recommended to use an alternative application to Apple's Preview for viewing/working with PDFs:
NOTE: Acrobat v11 became end of life on 15/10/2017. The Acrobat XI (11) auto-update feature no longer works on Mac OS X 10.6 Snow Leopard - this is a known problem for all 10.6 users so Acrobat/Reader updates must be installed manually - Acrobat updates are usually cumulative (combo type) updates so you can install the latest update version to get all the security updates. Updates can be downloaded manually via the Adobe FTP web site (you can navigate it and download from it using a normal web browser) - see links above.
NOTE: Acrobat v10 became end of life on 15/11/2015.
NOTE: Acrobat v9 became end of life on 26/06/2013.

NOTE: Qoppa "PDF Studio" is not recommended as it requires Java.
NOTE: Adobe Reader in some respects may be less secure than an old version of preview if you do not keep it up-to-date so please see our article on Keeping Adobe Software Products Up-To-Date.

Web Browsers

There are plenty of old browsers you can install but we do not advocate the use of them on the modern internet. Only web browsers that are still supported/developed are listed here but note that some don't get regular updates:
Web browsers compatible with OS X 10.9 and later
Web browsers compatible with OS X 10.7 and later
Web browsers compatible with Mac OS X 10.6
Web browsers compatible with Mac OS X 10.5
Web browsers compatible with Mac OS X 10.4
Web browsers compatible with PowerPC computers
Web browsers compatible with Classic / Mac OS 9
Dead Browsers
  • Citrio - no updates since 2015
  • Camino - development discontinued on 31/05/2013
  • Sunrise - no updates since 2012
  • Stainless - no updates since 2011
  • Microsoft Internet Explorer - no longer supported on/updated for Apple Macintosh computers

For more information on using web browsers securely see our other MacStrategy articles:

Internet Plug-ins

Most internet plug-ins are no longer supported/updated on older operating systems. Here is a list of some that are along with the OS versions supported:
  • Adobe Flash (Mac OS X 10.6.8 or later)
  • Microsoft Silverlight (Mac OS X 10.6.8 or later)
  • Adobe Shockwave - discontinued in early 2017
NOTE: It is not recommended to use the "Real Player" application as it uses the OS X/Safari "webkit" rendering engine.
See also our Keeping Internet Web Browser Plug-ins Up-To-Date article. You should remove/disable all plug-ins found in the following locations and then install the latest plug-in using the above links where possible for your version of the OS:
  • Macintosh HD > Library > Internet Plug-Ins
  • For each user on the computer: Macintosh HD > Users > your home directory > Library > Internet Plug-Ins

Java Security for Mac Users > How To Disable/Secure Java

Java RE v6 and earlier are end of life and are no longer supported/updated. If you are running Mac OS X 10.6 or earlier you are recommended to disable Java and read up on securing older operating systems.
Q. How can I tell which version of macOS / OS X / Mac OS X I am running?
A. Go to Apple menu (top left) > About This Mac > check the version reported for macOS / OS X / Mac OS X.
Securing/Disabling Java RE in OS X 10.7 or later
  1. Go to Apple menu > System Preferences > Java > (the Java Control Panel will open separately) > Security tab
    • If the Java preference pane does not exist you do not have Java RE v7 or later installed. Go to the disabling Java RE v6 instructions below.
    • If you have a Java preference pane and the Java Control Panel opens separately go to the "Security" tab in the control panel. If there is no Security tab you have an old version of Java RE v7 installed - update Java RE v7 first, then come back to these instructions.
  2. Set the 'Security Level' slider to "Very High".
  3. If you don't use Java untick "Enable Java content in the Browser".
  4. If you do use Java click "Advanced Security Settings" and configure as required for your Java usage.
  5. Now go to the 'Update' tab and tick "Check for Updates Automatically".
  6. Now go to the 'General' tab, click "Settings…" under 'Temporary Internet Files' and untick "Keep temporary files on my computer" and click "Delete Files…". Click "OK".
  7. You are now also recommended to switch off Java in your web browsers.
Disabling Java RE v6 in OS X 10.7 or later
  1. Go to Macintosh HD > Applications > Utilities > Java Preferences > General tab.
  2. NOTE: If you get a message stating 'To open "Java Preferences," you need a Java SE 6 runtime. Would you like to install one now?' click "Not Now" (you do not have Java RE v6 installed - go to disabling the Java plug-in in your web browsers).
  3. Make sure no Java versions are ticked under "On".
  4. Then go to the 'Network' tab and untick "Keep temporary files for fast access" and click "Delete Files…". Click "OK".
  5. You are now also recommended to switch off Java in your web browsers.
NOTE: If you need Java and have installed Java Update 2012-006 or later from Apple you will have no Java Preferences in Applications > Utilities or a Java plug-in so you are recommended to install Java RE v7 to give you the most up to date Java RE, a Java plug-in and a Java Preferences pane in System Preferences.
Disabling Java RE v5/v6 in Mac OS X 10.5 or 10.6
NOTE: Java will not work at all including locally installed applications that may require it.
  1. Go to Macintosh HD > Applications > Utilities > Java Preferences > General tab.
  2. Make sure no Java versions are ticked under "On".
  3. Then go to the 'Network' tab and untick "Keep temporary files for fast access" and click "Delete Files…". Click "OK".
  4. You are now also recommended to switch off Java in your web browsers.
Disabling Java RE in Mac OS X 10.4 or earlier
You cannot switch off Java in Mac OS X 10.4 or earlier and there is no Java Preferences so make sure you delete any (Java plug-ins and also switch off Java in your web browsers.

Disabling the Java plug-in In Your Web Browsers

NOTE: Java applets will not work in your web browser but locally installed Java applications may still work (see disabling the Java RE for your OS).
NOTE: You need to disable the Java plug-in for each and every web browser that you use/have installed.
  • Apple Safari - open Safari > go to Safari menu > Preferences… > Security tab > click "Plug-in Settings…" > untick "Java" in the list on the left
  • Apple Safari 5.1.9 (for Mac OS X 10.6) / 6.0.4 (for OS X 10.7/10.8) or later - open Safari > go to Safari menu > Preferences… > Security tab > untick "Allow Java" or you can tick it to enable it and you now have control of the Java plug-in for individual websites by clicking the "Manage Website Settings…" button
  • Google Chrome - Java is not supported (because NPAPI plug-ins are not supported)
  • Chromium - Java is not supported (because NPAPI plug-ins are not supported)
  • Mozilla Firefox - Java is not supported (because NPAPI plug-ins are not supported)
  • iCab - open iCab > go to iCab menu > Preferences… > Java icon > untick "Execute Java applets"
  • Omniweb - open Omniweb > go to Omniweb menu > Preferences… > Security icon > untick "Enable Java"
  • Opera - Java 7 or later is not supported - plug-ins cannot be disabled
  • Seamonkey - open Seamonkey > go to Seamonkey menu > Preferences… > select "Scripts & Plugins" on the left under the 'Advanced' heading > untick "Enable Plugins for Suite"
  • Maxthon - TO BE CONFIRMED
  • Yandex - Java is not supported (because NPAPI plug-ins are not supported)
  • Brave - Java is not supported (because NPAPI plug-ins are not supported)
  • Vivaldi - Java is not supported (because NPAPI plug-ins are not supported)
  • tenFOUR Fox - Java is not supported (because plug-ins are not supported)
REMOVING THE JAVA PLUG-IN FROM YOUR OS
NOTE: Java applets will not work in your web browser and they never will until you reinstall Java. Only follow these instructions if you will never use Java on the internet. If you are unsure simply switch off Java in all your web browsers.
  1. Go to Macintosh HD > Library > Internet Plug-Ins folder and remove/delete any of following items if they are present:
    • JavaAppletPlugin.plugin (alias/shortcut)
    • JavaAppletPlugin.plugin
    • JavaPluginCocoa.bundle
  2. Go to Macintosh HD > Users > your home directory > Library > Internet Plug-Ins folder too and remove/delete any of the above items if they are present.
NOTE: If there are multiple users on your computer you should remove the plug-in from each user account's Library.
NOTE: If you have OS X 10.7 or later your user Library folder is hidden. It can be accessed by going to the Go menu > Library while holding down the alt (option) key.

Article Keywords: Mac OS X OSX 100 101 102 103 104 105 106 107 108 109 1010 1011 macOS 1012 1013 Cheetah Puma Jaguar Panther Tiger Leopard Snow Leopard Lion Mountain Lion Mavericks Yosemite El Capitan Sierra High Sierra Macintosh Security Mac secure old older not supported out of date out-of-date operating system systems OS PowerPC PPC

This article is © MacStrategy » a trading name of Burning Helix. Apple, the Apple logo, and Mac are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc.


If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix Limited to help fund this web site.
If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix Limited to help fund this web site.

Go to this
web page
to donate to us.