OS Patching Essentials 2 1/2: Apple, Updates, and You
ust over a year after the launch of Microsoft Windows 98, Apple Computer released the next and final version of their "Classic" Mac OS operating system, Mac OS 9. In typical Apple fashion, the months leading up to the release of OS 9 were marked by increasing hype, aggressive marketing, and the occasional shot across Microsoft's bow.
Dubbed "The Best Internet Operating System Ever," Mac OS 9 introduced multiple user accounts, the Keychain, and a direct integration with iTools, the first iteration of what is now known as iCloud. All of these features are still around today. But, not to be outdone by their friends in Redmond, one of the most subtly impactful new features included in Mac OS 9 was one that Microsoft also recently introduced: automatic software updates.
Thanks to improvements made to the operating system's TCP/IP functionality in Mac OS 9, automatic updates were billed as way to not only update the core operating system to new versions, but also to identify and install missing device drivers directly from Apple's own servers without having to "fish and hunt out the CD." It may seem innocuous now, but this simple change in automated dependency management was a revolutionary shift in the learning curve associated with personal computers at the time. By allowing regular users to update their machines and run modern software with a single click, Apple removed a potentially confusing barrier to entry and set them up for success in a way that Microsoft so often struggled to do.
On May 6, 2002, attendees of the Apple's Worldwide Developer Conference keynote address were greeted by the sound of organ music and the sight of a coffin rising from the center of the main stage. As curiosity grew, the dirge ended and Steve Jobs took to the stage, eulogy in hand, and opened the casket to reveal an image of Mac OS 9. After only three years, Apple had chosen to end official support for "The Best Internet Operating System Ever" in order to focus their efforts entirely on the next generation of their flagship operating system: Mac OS X. From 1999 to 2001, the Mac OS 9 operating system received a total of seven core updates, four of which were made available to the general public through the automatic update feature and other means. Just like that, it was gone.
While Microsoft Windows 98 would continue to see security updates for another four years, Apple's much smaller market share meant that they didn't have much of a need for long-term support. Microsoft machines made up the vast majority of internet connected devices at the time, so bad actors simply didn't bother targeting Apple computers. In addition to allowing them to move forward without the anchor of legacy operating systems weighing them down, this difference also provided Apple with bragging rights from being able to offer a vulnerability-free product.
But while Apple has become a bigger target for hackers and malware developers over the years, their penchant for shorter operating system lifespans hasn't changed very much. Over the past 17 years, each major version of Mac OS X has been given about two to three years of shelf life before all updates are discontinued. This means that even on the longest timeline, Apple users can only expect to run the operating system they are currently on for no more than three years before they stop receiving any more patches, security updates included... Did I mention that Windows XP received a critical security update just last year, a staggering 16 years after its initial release?
To Backwards Compatibility, Or Not To Backwards Compatibility
With the launch of Mac OS X came a new set of features, and even more problems. The biggest problems were a lack of promised stability, a sluggish user interface, and hardware compatibility issues with legacy Apple computers. While system patches were eventually released to resolve these issues, it took nearly two years and two major versions of OS X to get them under control. When all was said and done, the ability to run legacy Mac applications was all but impossible for non-power users, and the message that conveyed was clear: evolve or die.
Unlike Microsoft, who, let's be honest, are backwards compatible to a fault, Apple's operating systems updates have a history of backwards incompatibility. Where Microsoft traditionally takes on the burden of ensuring that existing software continues to work between Windows versions, Apple has often pushed this burden onto the developers. In aggressively driving the path forward, many users have been left in the past when developers fail to update their own software to support the next evolution of Apple's ecosystem. While not an objectively bad problem, this introduced a level of risk to applying major operating system updates that has made users hesitant to apply them.
As Apple's market share has grown, so has their sensibility. Until about 2012 when Apple released a new version of OS X, they immediately ended all development of the previous version. While they didn't hold a funeral for any of them, the effect was the same: they had died, and Apple killed them. Thanks to the growing importance of security hygiene in the current climate, however, Apple has afforded every version of OS X since 10.8 (Mountain Lion) two years of ongoing security updates, which gives users the safety to upgrade their operating systems on their own time.
There's an App for That
While Mac OS 9 ushered in a new era of updateability for Apple, it wasn't until the introduction of the Mac App Store that major upgrades were acquired digitally. Mac OS X 10.7 (Lion) was the first major version of Mac OS X that was made available for download, rather than distributed on physical installation media like DVDs. Much like the introduction of automatic software updates in Mac OS 9, this change marked a shift in the usability of Mac OS X as a whole by empowering regular users to keep their machines fully up to date without again having to "fish and hunt out the CD."
When it comes to automatic updates, it's no surprise that Microsoft beat Apple to the punch, but it should be even less of a surprise that Apple did it with way more style. But while Microsoft and Apple were presenting their patching solutions in '98 and '99, Linux and Unix had been managing their own solutions to the same problems for years. In the next article of this series, we will do be doing a deep dive into the many flavors of the Linux and Unix operating systems to learn where our friends apt-get, portage, and yum (to name a few) really come from.
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.