It is quite difficult to pull off a NAT slipstreaming attack and it does go back to the original point about not browsing websites on an unsupported device. There would have to be quite a few things go wrong in order for this sort of attack to be executed against a home user and to then be subsequently able to exploit the machine and somehow steal data. There does need to be a certain amount of perspective applied to these so-called exploits.

For an ISP provided router you should probably work on the premise it is not secure enough to be useful. It is adequate for people who have no security concerns to get them on the internet.

Regarding even half decent routers (in their day in my case) there are limits on what the low cost hardware can do.
Example - I recently retired an Asus RT-N66U (I never used the wifi) which was running Advanced Tomato as there had not been any updates since 2017.
This router could apparently route upto 900mbit/s.
I swapped this for an appliance type device, an APU2 running OPNSense which has much better hardware and this again is capable of gbit routing but only as long as you are not doing any of the more useful security measures such as IDS or DPI in which case you'll be lucky to get 300mbit


I would look to at least segregate wifi from everything else and only allow what is necessary. This is a pain though which is why most people do not entertain it.

Long story short, decent security requires fairly beefy hardware so if your router is really low energy then assume it offers basic security only.

@OP - Have you looked at OpenCore? You may be able to get a bit more life out of your MacPro
I'm running Big Sur 11.2.3 on an HP 800 G2 mini with 100% compatiblity e.g. iServices, no issues with updates, Apple Watch unlock, handoff, Airdrop etc.
I'm also just waiting on a Mac Mini update but I might cave and get the standard M1 if I see one for the right price.

Edited by smouty (Wed 21-Apr-21 14:35:49)

In reply to a post by smouty:

@OP - Have you looked at OpenCore? You may be able to get a bit more life out of your MacPro
I'm running Big Sur 11.2.3 on an HP 800 G2 mini with 100% compatiblity e.g. iServices, no issues with updates, Apple Watch unlock, handoff, Airdrop etc.
I'm also just waiting on a Mac Mini update but I might cave and get the standard M1 if I see one for the right price.

Yes I saw OpenCore the other day and wondered about the relative pros & cons of attempting that route. My brief understanding was that it would allow me to run Big Sur but entailed further compromises in performance and security, which sort of defeats the object if true, however I would need to study this further.

One thing holding me back from attempting the switch is that I would lose access to Photoshop CS6 and Lightroom that still work well enough and I don't want to be on the hook for subscription payments with CC. Most of the time Affinity apps are pretty good, but there are times when I still want to reach for the old guns. It would have to be tested but theoretically I could run those on Windows from the same computer or my wife's laptop.

You made a good point about keeping the Mac Pro on a separate network and I have just done this. I think the big step here would actually be removing it from iCloud, since anything breached there would automatically lead to the main computer.

Like yourself I am basically waiting on a Mac mini update that should really be a great machine. I picked up a top spec i7 Intel based 2018 model a year ago and that is already pretty good. As a web designer the biggest workflow block in productivity is usually me sitting confused in front of the computer.

I don't see how OpenCore compromises security. It fundamentally applies ACPI patches on PC hardware in order for MacOS to be installed WITHOUT affecting security. I'm no expert on Mac hardware but I think you would be patching the SMBIOS so your MacPro appeared as a later model. No OS files are touched like they were in other loaders and security enhancements such as System Integrity Protection remain enabled at all times. -

Example - https://forums.macrumors.com/threads/opencore-on-the...

Edited by smouty (Wed 21-Apr-21 16:10:36)

In reply to a post by smouty:

I don't see how OpenCore compromises security. It fundamentally applies ACPI patches on PC hardware in order for MacOS to be installed WITHOUT affecting security. I'm no expert on Mac hardware but I think you would be patching the SMBIOS so your MacPro appeared as a later model. No OS files are touched like they were in other loaders and security enhancements such as System Integrity Protection remain enabled at all times.

I don't really know enough about this, though I've read some say they lost graphics acceleration or had to switch of hyper threading. No matter how much we might want this to work we cannot ignore that Big Sur was never intended to run on these machines, so there could be any number of potential exploits or future bugs, especially with any third party software.

Loss of Graphic acceleration or having to reduce cores etc is a misconfiguration topic.
The hardware you use needs to match an Apple SMBIOS but CPU IDs can be spoofed and drivers need to be available so for example recent Nvidia cards will never work.

I've been involved with the OpenCore sub Reddit for some time and and there are no generic issues.

In reply to a post by smouty:

Loss of Graphic acceleration or having to reduce cores etc is a misconfiguration topic.
The hardware you use needs to match an Apple SMBIOS but CPU IDs can be spoofed and drivers need to be available so for example recent Nvidia cards will never work.

I've been involved with the OpenCore sub Reddit for some time and and there are no generic issues.

From what you are saying it sounds like this is fundamentally different from the Dosdude patch I recall being used in the past by many. I was never too enthusiastic about that.

Yeah. Completely different.

It is known as a vanilla installer as nothing is touched on the MacOS side but ACPIs are tweaked at boot to meet Apple naming conventions.

In reply to a post by smouty:

Yeah. Completely different.

It is known as a vanilla installer as nothing is touched on the MacOS side but ACPIs are tweaked at boot to meet Apple naming conventions.

It looks like I would need to change the wifi chip but that shouldn't be overly difficult. The graphics card is already metal enabled, but now I think about it, I think I read something about it not working with Big Sur, so I would need to check that. It's an RX560 and I basically bought it as the cheapest way to upgrade from High Sierra to Mojave at the time.

I fitted an internal Apple airport card - BCM943602CS from ebay which works perfectly with Apple keyboard and trackpad etc.
These can be fitted to PCI-e adapters in desktops or there is a Fenvi card which is 100% compatible.

Your GPU should be fine in Big Sur.

Edited by smouty (Thu 22-Apr-21 12:53:46)