メインコンテンツにスキップ

iMac 、Mac Mini 、素晴らしいビンテージのMacを含むAppleのデスクトップコンピューターを修理する完全ガイドです。

10899回答 すべてを表示

How do security patches work in MacOS 10.9 and 10.13 dual boot

Hi everyone,

I use OS X 10.9 for my professional work. since the security flaws were found in recent Intel chipsets, I have kept my system offline (as to patch it would negatively affect performance, i read).

Now i’d like to create a second boot/partition (running OS X 10.13), to go online. if I apply the security patch to this second partition, will it (negativity) affect my offline boot? (running OS X 10.9)

How do these security patches work? are they patching the system/OS, or do they patch the bios/CPU?

Apologies if im getting some technical terms wrong… this is not my field of expertise!

thanks for your time/help,

Sam

Update (04/22/2019)

thanks so much for that detailed reply!

i think i should add some more info;

regarding the older OS X boot (10.9), i really am adamant about keeping it as it is (but offline). I use it for audio production, and i know how it runs on on 10.9 (smoothly). it’s been really steady & i’m 80% through the production of an album. i’m sure i will update it to 10.10/10.11 (maybe newer?) at some point, but for now i am happy with it as it is (and so long as it’s offline, it should be safe… i think). it’s also an older Mac (quadcore 2012 Mini), and in my experience, older Macs seem to run better (performance-wise) on older OS versions, ones that aren’t too much newer than the machine themselves - and i regularly push the little Mini to its limits, so i need it to keep performing well.

regarding the admins & antivirus; yes, good points! i do run my systems with several logins, with a separate admin - but thanks for the reminder! and the same is true for anti-virus. and also a good tip re internet banking.

regarding the diff file structures between newer versions of OS X and 10.9; also a good reminder, thanks. i would have 10.9 and 10.13 on completely separate SSDs, so i don’t think this will be a problem. and in terms of file access, i would want to go the other way (accessing older files from newer OS). i was also thinking i would use a USB to move the files between the systems (to upload/download audio online, between the two).

i should also add that all of this is meant to be a temporary solution. my 2011 Macbook Pro has succumbed to the dreaded graphics card problem and i need some more time to sort it out. but in the meantime, i have some work (research, emails, some basic website construction) that i need to do. ultimately i’m trying to buy myself some time, so that i can approach the dead Macbook Pro with a more level head! (it’s been driving me mad - i will probably return to these shores looking for advice).

so in the meantime, i’ve been toying with the idea of booting my 2012 Mac Mini (that is normally frozen offline at OS 10.9), from an external SSD (OS 10.13) to get back online. i did a speed/feel test yesterday, and it’s nice and fast (via an external firewire enclosure).

regarding the question of the security patches, you’ve given me more to research and i think you’ve answered my question - thank you, again.

i think i will go ahead and clone/back up my system (in case it goes wrong) & then try 10.13 on the external drive. but i’ll do a little more research first, based on what you’ve said.

thanks so much!:)

回答がありました! 回答を表示 同じ問題があります

この質問は役に立ちましたか?

スコア 0
コメントを追加

1 件の回答

ベストアンサー

Having a dual boot or a Mac thats running BootCamp is more complex. Lets hold of on that aspect and just focus on MacOS.

I strongly recommend you keep your system up to date with the security updates. Irrespective of the Intel processor issues (not the chipset, only the CPU is effected by Meltdown and Spectre). FYI: Meltdown: the latest news on two major CPU security bugs to get all the information on whats up.

Unlike Windows systems Apple systems firmware is more tightly controlled which gives them an advantage! Apple instituted Gatekeeper within MacOS Its a powerful tool besides monitoring for non-signed applications (processes) it also scans for malware signatures to prevent known attacks. So if you happen to download and run a file which has Meltdown or Spectre attack code it will be stopped. It’s not 100% but its better than what most of the other hardware companies are doing.

The way you configure your system is also important. Are you using a single user account? Then you’re not safe! You should be using at least two accounts the first account is what you used to setup your system (lets call this the Admin account) this account is used to setup and install apps. You should create a second account which is what you use day to day and only use the Admin account when you need to install new apps. If you think you’ll be surfing unsafe places then you should setup a third account to do your online banking so its not exposed.

Do install good antivirus and malware apps and keep them upto date.

Now getting to the crux of your question doing a dual boot of different MacOS releases. Using different versions of MacOS on the most part is not an issue and yes your systems EFI code will be updated during the OS install. Each release of MacOS has been doing this. right along. As far as performance loss there is none! What you read or heard was when the micro code within the CPU is updated so far this has not happened! Instead Apple leverage its own firmware to control access as I explained above. If this is why you want to run different versions don’t bother! Just upgrade to the newer MacOS and call it a day.

There is another issue here which will more likely get you into trouble. Thats the update of the file system starting with MacOS 10.13 High Sierra. By default a SSD drive will be upgraded to APFS. You can alter this within the installer. Mojave does not offer any means to alter the installer. This can mess you up with a dual boot with an older MacOS as the older OS (HFS+) can’t read the newer file system.

OK, lets deal with dual boot and BootCamp setups …

Here is where the tire hits the road! On the most part we need to treat the Windows space as its own PC space. So we need to install good Windows antivirus and malware apps. Some Mac versions run in duality having a Mac executable as well as a windows executable within the same package. These are easier to manage as they can share the signature updates.

Unlike the MacOS space there are a few BIOS code malware which can mess up your Mac. Again, its important to keep your Windows upto date as well as your Windows apps. Now its important to make sure you are accessing the real applications web site not some off the wall site.

90% of infections come from people accessing copies of apps and Windows ISO images people have posted to share if you want to be infected by all means access these shady sites! I for one walk way as tempting as they are.

Last words …

Linux

Linux is a big a mess! While less likely to be infected given the number of distro’s you still need to be careful! There are just too many sites offering Linux some have been infected! Others which had been infected have now made efforts to make sure they are free of infection. Unless you are sure of the site I would steer clear of off-the-wall sites.

For all OS’s

Some web sites like Github can offer some very useful tools, but you do need to be careful! I test out stuff like this on an isolated system until I’m sure they aren’t doing anything damaging to my test system or are communicating back to a site on the internet with my information (I have bogus data saved on this system - a honeypot)

このアンサーは役に立ちましたか?

スコア 1

1件のコメント:

wow, thanks! you’ve really given me a lot of great info:) i’ll put my reply below

さんによる

コメントを追加

回答を追加する

sam s さん、ありがとうございました!
統計データ:

過去 24時間: 0

過去 7 日: 0

過去 30 日: 2

今までの合計 74