There are vulnerabilities in every OS, including SL and Lion. Just because you close some in an upgraded version doesn't mean the new version is not at risk from others.
It's a devil-you-do vs. devil-you-don't situation.
With Leopard, you're running an OS that has both
known and unknown problems. With Snow Leopard or later, you're running an OS that, for the most part, only has unknown problems.
What's the difference? Put simply, you can exploit Leopard just by being a decent programmer and following the maps laid out in the vulnerability reports.
To exploit Lion or Snow Leopard, you first have to
find vulnerability on your own, which is a fairly difficult thing to do.
Then you have to exploit it, as above. The finding of the weakness is far more difficult than the exploiting.
There is no completely secure OS.
No, but there sure are a lot of straw men in here!
Also, the fact that a vulnerability exists doesn't mean it will be exploited. Many vulnerabilities, both patched and unpatched, have never been exploited.
Well, it's pretty hard for a patched vulnerability to be exploited.
And as I said, Leopard is a pretty tiny portion of a minority OS, so it's a very small target to hit.
If someone upgrades to SL or Lion because they think by doing so that they no longer have to employ safe computing practices, then they're upgrading for the wrong reason.
Again with the straw men. Nobody said that having a patched OS was the only thing you had to do. Only that is the first step.
And your motivation to post such *YouKnowWhat* is?
To inform the dangerously ignorant. To wit:
Many Leopard users use File Vault, other encrypted disk images or PGPdisk Whole Disk Encryption. + Leopard supports encrypted virtual memory.
Neither of which is of any protection whatsoever against the myriad of code execution vulnerabilities that Leopard has.
[size=-2](Security features that
would help are sandboxing and ASLR. Leopard does
support these features, but they are not used by the system, hence the widespread vulnerabilities.)[/size]
Leopard is pretty secure, if you use it in the right environment.
Leopard is pretty insecure, from a technical standpoint. Operationally, it
can be used securely...so long as you strictly limit how it is used. The vast, vast majority of people won't do that; they simply don't have the skills and understanding necessary.