Somewhat off topic - keeping older Macs running

bunk3m bunk3m at gmail.com
Wed Apr 27 00:02:30 UTC 2022


Thank you everyone for your help.

The older mac is sitting behind a firewall, intrusion detection and 
protection gateway but I hear everyone about keeping it off the web. 
That won't work well with my wife. LOL

But I also understand that this is way above my capabilities so all 
comments and recommendations are much appreciated!

I was hoping there may be something like backports for security 
vulnerabilities for Macs, or a way to install current Macports security 
apps (like SSL etc) and writing over the MacOS version.  Granted that 
may make everything unstable. :-)

So it looks like the choices are: (1) keep the old Mac behind the 
firewall and don't surf the web. (2) saving the hardware from the 
landfill by using a current version of Linux, or (3) buying a new Mac.

It is a shame.  We pay a more for Macs in part to get solidly built 
hardware.  The hardware easily outlasts the software that can run on it. 
  As I get older, I see all the good and functional hardware that we 
just toss in the bin.  Not very environmentally friendly.  It pains me.

Thanks for all the help on this off-topic question.  You folks are great!

B.

On 26.04.2022 08:00, macports-users-request at lists.macports.org wrote:
> Message: 2 Date: Mon, 25 Apr 2022 11:32:19 -0400 From: Bill Cole 
> <macportsusers-20171215 at billmail.scconsult.com> To: 
> macports-users at lists.macports.org Subject: Re: Somewhat off topic - 
> keeping older Macs running Message-ID: 
> <2BEE2C62-FBB7-48C4-AF9C-28C04723A8F4 at billmail.scconsult.com> 
> Content-Type: text/plain; format=flowed On 2022-04-25 at 03:06:25 
> UTC-0400 (Mon, 25 Apr 2022 15:06:25 +0800) James <jam at tigger.ws> is 
> rumored to have said:
>>> On 25 Apr 2022, at 1:44 pm, Dave Horsfall<dave at horsfall.org>  wrote:
>>>
>>> On Mon, 25 Apr 2022, James wrote:
>>>
>>>> I too have old macs that cant be updated. I just keep a time machine
>>>> backup and if ever I get hacked a quick restore will fix. For 10
>>>> years
>>>> I've had no issues !!
>>> Your "old macs" are not protected by a firewall?  One day...
>>>
>>> As for backups, consider malware that will not trigger until well and
>>> truly embedded into your backups; not much use then, are they?
>> Dave methinks there is lots of hysteria in the arena
> Yes, but there is also a lot of nasty reality.
> 
>> I have no firewall on my modem and no firewall on any of my machines.
>> Yet the world is full of stories about exploits! Most of those are
>> windows exploits!
> Most but by no means all. A lot of modern attacks are multi-platform as
> they start as scripts on web pages that run in any browser, or as abuse
> of embeded execution mechanisms such as VBA in MS apps and embedded
> JavaScript in PDFs.
> 
>> Lets consider firewalls:
>>
>> By RFC no router on the internet may route a private IP. So*every*  
>> router between you and bad guys is broken!
> So, this glosses over a couple of things...
> 
> 1. Enabling NAT in your router (which may also be a modem) is a*form*  
> of a firewall. Without NAT, 'private' (RFC1918) IPs do in fact not route
> anywhere. With NAT, the world only sees your external non-private
> address(es)
> 
> 2. If by chance there was massive external breakage allowing outsiders
> to route your private network, if your own router isn't badly broken, it
> will drop private IPs on the public interface anyway.
> 
> So this is a pointless statement...
> 
>> A firewall allows ESTABLISHED,RELATED traffic back, so if you've got a
>> bad machine then bad guys can get to that machine and from there to
>> your macs.
>> If you have a compromised machine then it is a target.
> Macs can be compromised.
> 
>> A decade ago one of the anti-virus companies offered $10 000 and a
>> Sony Viao to first person to hack their honeypots. The windows
>> honeypot was hacked in under an hour, the mac in a week (a flaw in
>> safari) and the linux 'pot has never been hacked. They ascribed this
>> to being unkewl to hack linux. Nonsense you'd be a hero for exposing a
>> flaw (as has happened a couple of times.)
> Urban legend unless you actually identify a reliable source...
> 
> I've been administering Internet-connected systems for 30 years,
> including Linux systems back to v0.99 and Macs back to System 7 with
> MacSLIP. I guarantee you that there is no such thing as an unhackable
> OS. I don't believe there has been a year since my first use of Linux
> where there has not been at least one publicly documented RCE
> vulnerability in core Linux components such as the kernel, core
> utilities, and Bash.
> 
> I have not been unlucky enough to have had a machine on the Internet
> that I was responsible for get taken over, but I recognize that as a
> function of luck. I did get hit by a couple of Mac viruses back in the
> 80's and early 90's, but those all came via disk swapping and dialup
> BBSs. However, in my consulting and sysadmin work I've had to clean up a
> LOT of compromised boxes, including Mac, Linux, Solaris, Tru64, and
> BSDOS machines. And a few Windows machines, although I mostly avoid
> those.
> 
>> If you enjoy playing then by all means, if not then enjoy an icecream,
>> except if you have windows machines on your network forget the
>> icecream.
>>
>> I guess IPV6 will change the landscape somewhat.
> Not so much, except that some people will take their non-shortage of
> address space as an excuse to stop NATing at their borders, which would
> be unwise.
> 
>> The subtle comment about ring 0: linux and mac work in a way that is
>> very limited, what disk?, whereas widows you are not allowed, here is
>> $100, well ok.
>>
>> Query: heresay not allowed, who has ever had a mac hacked?
> Not my own, but I've cleaned up the mess when others have been careless,
> thinking they were safe because they had a Mac.
> 
> Especially of note for older Macs in recent years is the "ShellShock"
> vulnerability in older Bash, which was directly exploitable via Apache
> HTTPD through (at least) Snow Leopard. I have seen that hit multiple
> people who were sure that they were safe because they were running old
> stable systems. On Macs with humans sitting in front of them, the
> problem is worse because humans do things like "Updating Flash" when
> told they need to do so, even when they don't have Flash installed and
> definitely don't need it.
> 
> 
> -- Bill Cole bill at scconsult.com or billcole at apache.org (AKA @grumpybozo 
> and many *@billmail.scconsult.com addresses) Not Currently Available For 
> Hire


More information about the macports-users mailing list