Unless Apple changes its security update practice, nearly half of all Mac users will be adrift without patches sometime this summer. Apple will launch OS X 10.8 Mountain Lion in the next few months, and then will -- barring a change in a decade-old habit -- stop serving patches to OS X 10.6 Snow Leopard.
Although Apple has never spelled out its support policy for older operating systems, it has always dropped an edition around the time it has two newer versions in play. In other words, patches are provided only to the newest OS X and the one immediately preceding it. If Apple continues this policy, Snow Leopard users will stop seeing patches about the time Mountain Lion ships. Apple has not set a hard date for Mountain Lion's debut, although it has pegged "late summer."
[ For tips and tools for managing an enterprise Mac fleet, download InfoWorld's free "Business Mac" Deep Dive PDF special report today. | See InfoWorld's slideshow tour of Mac OS X Lion's top 20 features and test your Apple smarts with our Apple IQ test: Round 2. | Keep up with key Apple technologies with the Technology: Apple newsletter. ]
Snow Leopard currently accounts for 41.5 percent of all versions of OS X in use, according to Web metrics company Net Applications' latest statistics. Assuming Snow Leopard's share continues to drop at the average pace of the last six months, it will still power 34.4 percent of all Macs in August and 32.6 percent in September.
With earlier OS X editions included, that means 48.4 percent of all Macs will be without security updates if Apple stops serving Snow Leopard in August. If it continues patching until September, the number without fixes drops to 45.9 percent.
Some security professionals see those numbers as too high, and Apple's support lifespan too short. "[Apple has] been complacent in terms of their attitude to security and support, especially when compared to their chief competitor [Microsoft],"wrote Robin Stevens, part of the University of Oxford's network security team, in a blog post last month. Stevens wanted Apple to commit to a support lifetime of at least five years.
Other experts don't see Apple's support practice as the biggest problem, but instead tagged the company's notorious silence. OS X's average support lifetime measures 35 months, but if the short-lived Cheetah is dropped from the mix, the number climbs to 41 months. "The average seems to be about three years," said Andrew Storms, director of security operations for nCircle Security. "That's not bad if you compare it to hardware amortization. But really, the bigger issue is that no one really knows. Apple doesn't communicate how long it will support a version or a roadmap for future releases."
John Pescatore, a Gartner analyst, agreed, citing Apple's lack of a roadmap as the biggest sticking point for companies that increasingly must manage Macs alongside Windows PCs. "That's not enterprise-friendly," he said.