Hold off on updating to Mojave – a good rule of thumb for any new OS

0

MacOS Mojave has been released to the public, and everyone wants the shiny new toy, but hang on before you click update.  As with any OS, you should always wait for the first round of bugs and flaws to be fixed.

Mojave brings a lot of great security features to MacOS – like locking down Documents and other user folders most often targeted by malware and ransomware.  It also brings some cool features to MacOS outside the security realm, like Dark Mode.  In time, this OS will no doubt become the new standard for Apple’s desktops and laptops; just like High Sierra and Sierra before it.  But that doesn’t mean you should run out and immediately upgrade to the new OS today, or even in the next few weeks.

Unlike iOS, which is a much more limited (from a technical perspective) platform, MacOS is much more open.  I say this because a desktop or laptop running any OS can load and run software from thousands of sources – where an iPhone or iPad can only run software that has been at least somewhat vetted by Apple themselves before it is available in the app store.  The system isn’t perfect, but for the most part updating to iOS 12 is safe because attackers have to first find a way to execute their code on the device, and they have a really hard time doing that through a downloaded app.  iOS vendors (those that are still in business, anyway) also tend to update their stuff for the new iOS way ahead of time – since iOS typically allows for more backwards compatibility.  MacOS, on the other hand, can run Chrome, Firefox, and other 3rd-party browsers alongside Safari – all of which can easily download malware.  Since MacOS does allow non-signed applications to run, that means that a Mac-specific payload can easily find its way onto your machine.  MacOS software developers also seem to require a few weeks to update their apps to either take advantage of new features, or to just plain work on the new version of MacOS – this is even more of a problem since Mojave is starting the process of ending 32-bit applications, making many apps that rely on 32-bit components rendered semi- or totally-non-functional until the vendor moves off those bits.  So while iOS security and updating isn’t bulletproof by any stretch of the imagination, it’s far easier for a malware developer to get a Mac infected when compared to an iPhone or iPad, and for some reason more likely that your apps will be ready for a new version if iOS than MacOS.

What does this have to do with Mojave?  Simple; both security researchers and malware developers have been pouring over the betas of the new desktop/laptop OS for months.  There have already been several security holes found – and that’s before the OS officially even launched.  Since malware makers can find many more ways to trick you into launching their code on MacOS, that’s where they will focus their time and effort, and most likely already have.  A brand new OS will always have flaws that take some time to find.  This is mostly because what happens in the lab isn’t always representative of what happens on hundreds of thousands of computers out in the real world.  Developers can only check for so many things, and often they don’t even think of some of the ways that users and attackers find to break things.

Software developers have also been working with Mojave betas, but major software packages like Zoom web conferencing and others still haven’t ditched all the 32-bit code and are already experiencing major problems.  Since Apple doesn’t test these apps, it’s up to the developers – who may often be focused on Windows or other platforms – to correct any conflicts with the new MacOS, and that takes time.  In many cases, especially with enterprise apps, developers themselves may not have a full contingent of MacOS testers; and may not even realize how big the problem is until users start screaming.

When a new version of any OS (Windows, Linux, MacOS, etc.) is released, you should always wait until at least the first major patch.  That means waiting for TWO “patch Tuesdays” on Windows (the first usually squashes bugs, while the second will include more security fixes); and until the 10.x.1 update for MacOS.  It only takes 2-3 weeks, and you’re not missing out on much in the meantime.  In fact, since there are always at least a few major non-security bugs and tons of application issues in the first few weeks of a new OS, waiting will make life a lot easier for you on many different levels beyond just safety and security.

So hang in there, and stick to High Sierra for a few more weeks.  Everything still works just fine, and you don’t need Dark Mode today.  Your frustration levels will be lower, and overall security will be higher, if you hold off for just a little time now.