Unless Apple changes its security update practice, nearly half of all Mac users will be adrift without patches sometime this summer.
Apple will launch OS X 10.8, aka Mountain Lion, in the next few months, and then will — baring a change in a decade-old habit — stop serving patches to OS X 10.6, or Snow Leopard.
Although Apple has never spelled out its support policy for older operating systems, it has always dropped an edition around the time it has two newer versions in play. If the current OS X is dubbed “n,” then “n-2” support ends at the debut of “n.”
In other words, patches are provided only to the newest OS X and the one immediately preceding it.
The company has practiced this since OS X’s birth: The second iteration, 10.1 — dubbed Puma — received its final security update in January 2004, three months after the appearance of OS X 10.4, or Panther.
More recently, Apple snuffed out support for OS X 10.5, aka Leopard, when 10.7, or Lion, shipped. The former got its last security update in June 2011, a month before the latter was released.
If Apple continues this policy, Snow Leopard users will stop seeing patches about the time Mountain Lion ships. Apple has not set a hard date for OS X 10.8’s debut, although it has pegged “late summer.”
But Snow Leopard currently accounts for 41.5 per cent of all versions of OS X, according to Web metrics company Net Applications’ latest statistics. Assuming Snow Leopard’s share continues to drop at the average pace of the last six months, it will still power 34.4 per cent of all Macs in August or 32.6 per cent in September.
With earlier editions included, that means 48.4 per cent of all Macs will be without security updates if Apple stops serving Snow Leopard in August. If it continues patching until September, the number sans fixes drops to 45.9 per cent.
Some security professionals see those numbers as too high, and Apple’s support lifespan too short.
“[OS X] 10.6 released in August 2009, which means that any Mac purchased prior to that date and not subsequently upgraded will be running a version which receives no security support [Emphasis in origin],” Robin Stevens, part of the University of Oxford’s network security team, said in a blog post last month.
“[Apple has] been complacent in terms of their attitude to security and support, especially when compared to their chief competitor [Microsoft],” Stevens added. “By comparison, Apple appear to be making minimal effort, and are putting their customers at risk as a result.”
Stevens wanted Apple to commit to a support lifetime of at least five years.