Sign In
Register
Help
"Maybe there should be such an alert then."
Can't be, for two reasons:
1) There are many processes that don't run under the auspices of a user login. There'd be no way to present a confirmation dialog for them and often noone to whom such dialog can be presented.
2) You might be surprised to find out how modular many OS X programs are - they've often got standalone utility apps embedded in them. From a human factors standpoint, I think you're asking for a lot of trouble (or a lot of people fleeing your platform) if people feel they have to be around to respond to a large, unknown number of confirmation dialogs in order for their stuff to keep getting done.
Reports emerge of Mac OS X Trojan horse or worm
MultiQuote
#73
jdb8167 
- Veteran
-
- Group: Members
- Posts: 1,578
- Joined: 30-August 04
Posted 24 February 2006 - 09:03 AM
In reply to:
Mac os X can have more than one administrator.
The point is that you are more at risk if you run your day to day account as an admin. It is not necessary for the vast majority of users to run as anything but a regular user. Even without a password, the admin account has much wider access to critical files than does a regular user. Mac os X can have more than one administrator.
To firm up your security, run your day to day account as a regular user.
#74
Nobody
- Power User
-
- Group: Members
- Posts: 58,347
- Joined: 18-October 07
Posted 24 February 2006 - 10:04 PM
In reply to:
It is not necessary for the vast majority of users to run as anything but a regular user.
It is not necessary for the vast majority of users to run as anything but a regular user.
I don't even use iChat though. But seriously thinking about the whole matter, I will look into the matter more. I use 10.3.9 so from what I know about OS 10.4.X it can be much more secure. I'll be reading my book Maximum Mac OS X security By J. Ray and W. Ray as soon as it comes in the mail.
Thank You.
#76
Nobody
- Power User
-
- Group: Members
- Posts: 58,347
- Joined: 18-October 07
Posted 26 February 2006 - 01:31 PM
In reply to:
The point is you are more at risk if you run your day to day account as an admin.
/forums/ubbthreads/images/graemlins/smirk.gif O.K. I just lowered my account to standard.... And I recently created a new Admin. account /forums/ubbthreads/images/graemlins/laugh.gif Is there anything else I need to do or am I in the safe zone... Any applications, utilities, I should disable for my standard account you recommend? The point is you are more at risk if you run your day to day account as an admin.
Thank You jbd :>).
#77
jdb8167
- Veteran
-
- Group: Members
- Posts: 1,578
- Joined: 30-August 04
Posted 26 February 2006 - 04:06 PM
In reply to:
I just lowered my account to standard.... Is there anything else I need to do
You should make sure that there are no writable folders or applications in /Applications and in /Library. They shouldn't be writable from your regular user account. You can change the permissions with the command line:I just lowered my account to standard.... Is there anything else I need to do
chown -R root:admin /Applications
This will change all owners on your applications and folders to the root user and the admin group.
Do the same for /Library
Then run repair permissions to make sure that there aren't any special permissions needed in those directories.
When you install new software, either install it from the new Admin account or when you are done with the install, do the chown on the new directories.
One more thing, if you run into any oddities, can you post the problems on the OS X Forum
