Half of all Macs will lack access to security updates by summer

Mountain Lion's impending debut means Apple will likely stop supporting Snow Leopard, unless it changes a decade-old habit

Unless Apple changes its security update practice, nearly half of all Mac users will be adrift without patches sometime this summer. Apple will launch OS X 10.8 Mountain Lion in the next few months, and then will -- barring a change in a decade-old habit -- stop serving patches to OS X 10.6 Snow Leopard.

Although Apple has never spelled out its support policy for older operating systems, it has always dropped an edition around the time it has two newer versions in play. In other words, patches are provided only to the newest OS X and the one immediately preceding it. If Apple continues this policy, Snow Leopard users will stop seeing patches about the time Mountain Lion ships. Apple has not set a hard date for Mountain Lion's debut, although it has pegged "late summer."

[ For tips and tools for managing an enterprise Mac fleet, download InfoWorld's free "Business Mac" Deep Dive PDF special report today. | See InfoWorld's slideshow tour of Mac OS X Lion's top 20 features and test your Apple smarts with our Apple IQ test: Round 2. | Keep up with key Apple technologies with the Technology: Apple newsletter. ]

Snow Leopard currently accounts for 41.5 percent of all versions of OS X in use, according to Web metrics company Net Applications' latest statistics. Assuming Snow Leopard's share continues to drop at the average pace of the last six months, it will still power 34.4 percent of all Macs in August and 32.6 percent in September.

With earlier OS X editions included, that means 48.4 percent of all Macs will be without security updates if Apple stops serving Snow Leopard in August. If it continues patching until September, the number without fixes drops to 45.9 percent.

Some security professionals see those numbers as too high, and Apple's support lifespan too short. "[Apple has] been complacent in terms of their attitude to security and support, especially when compared to their chief competitor [Microsoft],"wrote Robin Stevens, part of the University of Oxford's network security team, in a blog post last month. Stevens wanted Apple to commit to a support lifetime of at least five years.

Other experts don't see Apple's support practice as the biggest problem, but instead tagged the company's notorious silence. OS X's average support lifetime measures 35 months, but if the short-lived Cheetah is dropped from the mix, the number climbs to 41 months. "The average seems to be about three years," said Andrew Storms, director of security operations for nCircle Security. "That's not bad if you compare it to hardware amortization. But really, the bigger issue is that no one really knows. Apple doesn't communicate how long it will support a version or a roadmap for future releases."

John Pescatore, a Gartner analyst, agreed, citing Apple's lack of a roadmap as the biggest sticking point for companies that increasingly must manage Macs alongside Windows PCs. "That's not enterprise-friendly," he said.

Apple's opacity stands in contrast to Microsoft, which has long clearly laid out its support life cycle, and regularly reminds users when an edition of Windows or Office is nearing its end. "When they decide to release a new OS X, if you're behind two [versions], you're DOA or SOL, take your pick," said Storms. "But we never see those blogs from Apple that we do from Microsoft reminding that you need to upgrade [to keep receiving security updates]."

Pescatore didn't have a problem with Apple's support life cycle, calling it "in the middle" between Microsoft's 10-year policy for Windows and the constantly updating cloud services like Google Apps and Microsoft's Office 365.

More to the point, Apple's shorter support stretch is how things are quickly leaning, said Pescatore, ticking off the typical two-year turnover of smartphones and businesses taking to the cloud because of continuous updates.

Customers, including IT managers, better get used to it. "In the real world, IT is going to have less and less control over the OS," said Pescatore. "IT really doesn't want to operate that way -- they'll try to fight it -- but they're going to have to learn how. Fighting the trend is going to be impossible."

Even though the recent Flashback malware campaign has demonstrated that unsupported Leopard Macs were infected at a rate almost double its market share, Pescatore said the move to shorter support lifespans will continue. And customers will adopt. If they can't, the market will provide solutions -- as it has before for Windows -- to keep Macs safer. And most users can upgrade when Apple releases a new operating system, both Pescatore and Stevens noted.

While Apple has yet to define the migration path for Snow Leopard users, it has dropped hints that they may be able to upgrade to Mountain Lion: Snow Leopard machines can be boosted to Mountain Lion's developer preview.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com. See more by Gregg Keizer on Computerworld.com. Read more about mac os in Computerworld's Mac OS Topic Center.

This story, "Half of all Macs will lack access to security updates by summer" was originally published by Computerworld.

Copyright © 2012 IDG Communications, Inc.