Snow Leopard support is dead, or so it seems; time to upgrade or lock down (update: OS X Lion, Mountain Lion, too)

**Update 27 Jan 2016: Apple did release a Mac App Store update for Snow Leopard, but I’m not convinced this means that they are still supporting Snow Leopard. I believe this is just a small tweak so that the upgrade path to the latest OS continues to work**

With the last round of updates for Mavericks, Mountain Lion, and Lion, Apple appears to have left Snow Leopard off of the update list. Apple has never announced end-of-life for products, so it’s left up to the consumer to notice when Apple no longer releases security updates.

What does this mean? If you’re still running OS X Snow Leopard 10.6.8, you may have already seen your last security update. In other words, if a security hole is discovered, your computer may be vulnerable to attack. It also means that application developers will be more likely to discontinue Snow Leopard support, leaving you missing out on new features and security updates from third-party applications.

What are my options?

Upgrade or replace. You can upgrade your software and/or computer. This is what I recommend because it means that your computer will be receiving the attention from Apple that keeps your computer safe. Any Mac since about 2007 is capable of running Lion 10.7 or later, though you may need to give your computer a simple and inexpensive RAM (memory) upgrade. PowerPC or 32-bit Intel Macs can’t be upgraded though, and may need to be retired or you may need to be extra careful.

Security Audit. If you simply must stay with Snow Leopard because you run a legacy program or because you can’t afford to replace your computer, you can do things such as disable unused services, turn on your firewall, and check your router settings. Not an optimal solution but sometimes you have little choice.

Alternative OS. Even if Apple isn’t supporting your computer anymore, other software can replace OS X. You may want to check out a Linux distribution such as Fedora or Ubuntu. These systems, though fairly easy to use, are often difficult to set up and require a bit more technical skill than many users are comfortable with. I won’t be covering this option any further here, but if this is something you can handle you’ll know where to begin. I only mention it because it’s a solution that people often overlook. Windows might not be an appealing alternative because BootCamp on the the Macs which are obsolete only supports Windows Vista, which will stop receiving security updates in 2017. Apple publishes a table of which Macs support which Windows systems.


Most Macs since 2007 can run at least OS X 10.7 Lion, though they may need an inexpensive RAM upgrade to be really usable. The minimum requirement is technically 2 GB, but I always recommend at least 4 GB if your computer can handle it. On Mavericks you will likely notice a further performance boost with 8 GB.

Can my Mac run 10.7 Lion? **UPDATE** It seems that now Lion is in the same boat with no more security updates. Any Mac with a 64-bit Intel processor can run Lion. To find your processor click the Apple menu and then click “About This Mac…”. Look for the processor section. It will likely say something about Intel. If it says “Core Duo” or “Core Solo” you can’t run Lion and you’re stuck with Snow Leopard. If it says “PowerPC” you are stuck with an even older version of Mac OS.  If it says anything else, including “Core 2 Duo” you can upgrade to at least 10.7 Lion.

About This Mac
This is an Intel Mac, but it has a Core Duo processor (not to be confused with a Core 2 Duo) so it can’t run anything more recent than 10.6 Snow Leopard.

Can my Mac run 10.8 Mountain Lion or 10.9 Mavericks? Both 10.8 and 10.9 **UPDATE** 10.10 and 10.11, too have identical system requirements. This question is a bit more difficult to answer. You’ll need to visit the Apple menu > About This Mac > More Info. If you are running 10.6.8 or earlier, in the Hardware Info section that comes up, look for the Model Identifier, which should look something like “MacBook 1,1”. Or you’ll see a year, depending on what version of OS X you have.

MacBook Model

More Info

If your computer is any of the following or higher you can run 10.8/10.9/10.10/10.11.

  • MacBook 5,1 (Late 2008)
  • MacBook Pro 3,1 (Mid/Late 2007)
  • MacBook Air 2,1 (Late 2008)
  • Mac Mini 3,1 (Early 2009)
  • iMac 7,1 (Mid 2007) The easy way to tell is that if your iMac has a white plastic body you can’t run Mountain Lion or Mavericks. The aluminum bodied ones can.
  • Mac Pro 3,1 (Early 2008)
  • Xserve 3,1 (Early 2009)

Additionally, though the official system requirements for OS 10.7 Lion through 10.11 El Capitan are only 2 GB of RAM (memory), I recommend at least 8 GB if using a mechanical hard drive or at least 4 GB if using an SSD or flash drive. Any computer capable of running these systems can be upgraded to at least 4 GB except for the MacBook Air which does not have replaceable RAM.

Installation. If you are not already running OS X 10.6.8 you will first need to upgrade to 10.6 using a DVD. Once you have installed from a DVD and have installed all available software updates, you can then purchase and install a more recent version of Mac OS. 10.6.8 can be directly upgraded to any newer version. In other words, you can go straight from Snow Leopard to Yosemite without having to install Lion first.

Purchasing. Previous versions of Mac OS are still available through Apple’s online store. The current version is available for instant download on the Mac App Store.

  • OS X 10.6 Snow Leopard ($19.99 DVD, old version)
  • OS X 10.7 Lion ($19.99 download code, old version, also no longer receiving security updates)
  • OS X 10.8 Mountain Lion ($19.99 download code, old version, also no longer receiving security updates)
  • OS X 10.9 Mavericks (doesn’t seem to be available anymore)
  • OS X 10.10. Yosemite (doesn’t seem to be available anymore)
  • OS X 10.11 El Capitan (free download, current version)

Security Audit

Disclaimer: I am not a security professional, so I can’t promise that taking these measures will guarantee that your system is safe, but they are some basic common-sense measures you can take if upgrading isn’t an option for you.

Disable all sharing services. Make sure that your computer isn’t running any server software such as file sharing, screen sharing, or printing. Disabling these exposes far fewer places for hackers to connect to your computer to look for known security holes. Click the Apple menu > System Preferences > Sharing (3rd row). Make sure to uncheck all of the items in the left column. If you need any of these services I suggest you find another way to get the same job done. If you can’t uncheck these items you may need to click to unlock the padlock in the bottom left corner.

Sharing Services preference pane

Enable the firewall. Enabling the firewall isn’t something I normally push people to do on systems that are maintained with current patches. But if you’re running out-of-date software I highly recommend it. Click the Apple menu > System Preferences > Security (first row). Click the Firewall tab. Click the padlock to unlock if necessary. Click “Start”. The default settings should be fine. From now on, any new program that needs access to the internet or network will need to request your permission the first time unless it has a valid certificate from Apple.

Security preference pane

Install antivirus software. Most Mac users don’t run virus scanners, since keeping your software updated is the best protection against viruses. And what Mac virus scanners are most useful for is finding Windows viruses so you don’t accidentally send them on to Windows users you know. But since Apple has seemingly abandoned Snow Leopard, I recommend that you do run a virus scanner on your older software. Lifehacker’s recommendation is Sophos. Sophos 9 requires at least OS X 10.6. Sophos 8 which works on 10.5 will be retired next month. **UPDATE** Unfortunately Sophos no longer supports OS X 10.6. One of the few remaining options is the $29 ClamXav.

Install a web filter. I am a big fan of Web of Trust, which is a browser plugin that attempts to prevent you from visiting websites with malicious software so it doesn’t even get onto your computer in the first place. Just remember that you’ll need to install it on each web browser on each user account to be fully effective. It has the additional benefit of helping to protect you from a phishing attack.

Do not use Safari. From now on, use only a web browser that is actively maintained for your OS. Chrome, Firefox, and Opera all work well. To change your default browser, you can open Safari and Visit the Safari menu > System Preferences > General tab. The first item should let you choose the default web browser. Then be sure to quit Safari and remove it from your Dock by dragging the icon off. This will need to be done for each user account on the computer.

**UPDATE Dec 30 2014*** Google Chrome has dropped support for 32-bit processors, effectively ending Snow Leopard support for those of you who are stuck running Snow Leopard because your computer can’t be upgraded. If you are running Snow Leopard but your computer can be upgraded to a newer OS but you’ve opted not to upgrade, Chrome will continue to work. Firefox and Opera are now your options. If Chrome updates to the latest version it means that your computer can handle at least Lion even if you aren’t running it.

Safari preferences

Disable Bluetooth. If you don’t have a need for Bluetooth, it’s probably a good idea to turn it off. Use the Bluetooth menu in the menu bar or visit Apple menu > System Preferences > Bluetooth.

Bluetooth menu

Delete unused accounts. Visit Apple menu > System Preferences > Accounts (4th row). Remove any accounts from the left column that are no longer in use, and disable guest account access. You may need to click the padlock in the bottom left corner to change the settings here. Note that this will likely delete their documents, music, preferences, email, etc. so be sure their content is moved elsewhere if needed.

Accounts preference pane

Disable DMZ on your router. Most routers have a setting called DMZ (demilitarized zone) which is off by default. When enabled, a request that comes into the router from the internet will be sent to a set computer if it doesn’t know what else to do with it. This was quite common a few years back with gaming or people running other specific servers. Most software these days are designed so that DMZ isn’t required, but it’s worth combing through your router settings to be sure that you don’t have it enabled. I can’t go into the details of how to do this, however, because every brand and model of router is completely different.

Be cautious. Only download and run software from sources that you trust. This also means that you shouldn’t download a trusted program from an untrusted source, because someone could attach malware to an otherwise legitimate program.