Welcome to the MacNN Forums.

coopns · Mar 22, 2005, 10:21 AM

My brother is getting a new mac and he was wondering if there are is a quick and dirty type guide. He is pretty comfortable on the PC but is a bit nervous heading to the mac.

Thanks.

IamBob · Mar 22, 2005, 01:20 PM

quick and dirty....

Boot the machine, enter your info and (optionally) send the registration. The first account you create is the admin account which you won't be using (if you're smart) on a day to day basis. To create another account open the Accounts pane in System Preferences.

You might hit up google to find one of those "switcher" sites with Windows->OSX type tips. Past that, if there are any specific problems or questions have your brother come here.

theolein · Mar 22, 2005, 10:38 PM

The Missing Manual series by David Pogue might be of use to him. There's one for Panther.

discotronic · Mar 22, 2005, 11:08 PM

Originally posted by theolein:
The Missing Manual series by David Pogue might be of use to him. There's one for Panther.

I couldn't agree more.

Moose · Mar 22, 2005, 11:37 PM

Originally posted by IamBob:
The first account you create is the admin account which you won't be using (if you're smart) on a day to day basis.

Why do you persist in considering daily use of an Administrative account to be not smart?

Dog Like Nature · Mar 22, 2005, 11:55 PM

Originally posted by Moose:
Why do you persist in considering daily use of an Administrative account to be not smart?

Because it isn't! Not because of malware, but simply anyone can accidentally trash an important system file or type in the wrong command. It's easily done (trust me!), but when logged in as a non-admin, there's much less potential for damage.

larkost · Mar 23, 2005, 09:25 AM

I am going to disagree. To do anything truly bad (other than to your user) you have to supply a password (we are not talking about the root user). If you don't think about things when giving your password, then that is your problem, and is not going to be fixed by using a non-admin user.

Moose · Mar 23, 2005, 10:04 AM

Originally posted by Dog Like Nature:
Because it isn't! Not because of malware, but simply anyone can accidentally trash an important system file or type in the wrong command. It's easily done (trust me!), but when logged in as a non-admin, there's much less potential for damage.

You can't accidentally trash ANYTHING that is an "important system file" without entering a password, either in the Finder, or in Terminal. If you are somehow able to do that, you have problems bigger than being logged in as a member of the admin group.

You can, however, wreak havoc within your own home directory, or in /Applications, or in places where third-party software installs things.

/System/, however, is off-limits.

IamBob · Mar 23, 2005, 11:08 AM

Why do you persist in considering daily use of an Administrative account to be not smart?

Regardless of what you can or can't mess up without a prompt, someone new to OSX should not be using an admin account on a daily basis. Quite simply, there's no need; you'll be prompted if an action requires admin privileges and you can always FUS into an admin account.

Would you consider running as admin good practice? If so, why?

Moose · Mar 23, 2005, 11:48 AM

Originally posted by IamBob:
Would you consider running as admin good practice? If so, why?

Yes.

Anything with the potential to harm your system requires you to type your password. Typing your password encourages you to think about what you're about to do.

Requiring that you sign in as a different user to do it ensures only that it takes thirty seconds longer to have the potential to screw up your system. It's security masturbation. Feels good, but doesn't get anything done.

If you want new users to be truly safe, have them use a non-admin account, and make sure they don't know the password to an admin account, and make them call you every time they want to install something--but then they won't learn how to use the computer, and they won't learn that actions have ramifications.

Useability and security are the two ends of the spectrum. Apple set the default behavior in the right place between them.

IamBob · Mar 23, 2005, 01:41 PM

Since you seem to think running as admin is so safe lets say you download a program (which happens to be a trojan) and run it as admin. No harm, it can't modify system files, right? Ok, it wasn't useful so you trash it. However!...

When you ran it it quietly installed an InputManager (/Library/InputManagers is admin-writable) that gets loaded into Safari (besides every other Cocoa app). And now you've got this unauthorized code running in your browser waiting for you to access your online bank.

Woops, I guess running as admin isn't as safe as you thought.

Moose · Mar 23, 2005, 02:03 PM

Originally posted by IamBob:
Since you seem to think running as admin is so safe lets say you download a program (which happens to be a trojan) and run it as admin. No harm, it can't modify system files, right? Ok, it wasn't useful so you trash it. However!...

When you ran it it quietly installed an InputManager (/Library/InputManagers is admin-writable) that gets loaded into Safari (besides every other Cocoa app). And now you've got this unauthorized code running in your browser waiting for you to access your online bank.

And when you log in as an admin to install it, it can do whatever it likes, too. Only it took you half a minute longer to shoot yourself in the foot.

Woops, I guess running as admin isn't as safe as you thought.

Whoops! Looks like running as a regular user and then logging in as an admin to install my trojan didn't make me any safer!

What you do makes you think you're safer, but you don't pick up any appreciable security gain for the layers of crap you have to do to make your computer useful.

Chuckit · Mar 23, 2005, 02:14 PM

Originally posted by Moose:
And when you log in as an admin to install it, it can do whatever it likes, too. Only it took you half a minute longer to shoot yourself in the foot.

You shouldn't ever need to log in as an admin to install programs, and any programs that require an admin password to install should automatically be put under scrutiny.

However, since input managers can also be put into ~/Library/InputManagers (as far as I recall), you're only protecting other users on your machine this way, not yourself.

Moose · Mar 23, 2005, 02:27 PM

Originally posted by Chuckit:
You shouldn't ever need to log in as an admin to install programs, and any programs that require an admin password to install should automatically be put under scrutiny.

Enough "big boy" applications (Adobe Creative Suite, Final Cut *, even goddamned iWork) require it that users are accustomed to doing it without giving it a second's thought. This is one area where logging in as a non-admin user and only installing things as an admin DOES NOT PROVIDE YOU WITH ANY MORE SECURITY.

However, since input managers can also be put into ~/Library/InputManagers (as far as I recall), you're only protecting other users on your machine this way, not yourself.

I'd forgotten about this one. Thanks for pointing it out.

Logging in as a non-admin user will still allow you to shoot yourself in the foot. Badly. You get almost no security from it, and a lot of hassle.

Apple set the default behavior properly.

IamBob · Mar 23, 2005, 02:45 PM

And when you log in as an admin to install it, it can do whatever it likes, too. Only it took you half a minute longer to shoot yourself in the foot.

Who says you need to "install" it? It's a normal Mac app, drag it to the desktop (or ~/Applications/) and double-click. My point stands, people running as admin get screwed and normal users are immune.

edit; my bad, forgot about ~/Library/InputManagers

What you do makes you think you're safer, but you don't pick up any appreciable security gain for the layers of crap you have to do to make your computer useful.

Typing a name/pass (or using FUS) every once in a while is a small price to pay for the extra piece (heh) of mind. I rarely need to perform admin-level actions anyway and my system is plenty functional, thanks.

Moose · Mar 23, 2005, 04:53 PM

Originally posted by IamBob:
Who says you need to "install" it? It's a normal Mac app, drag it to the desktop (or ~/Applications/) and double-click.

And doing this, even as a non-admin user, exposes your personal account and data to abuse by malicious users. All it doesn't do is expose other users' accounts and data to it. Given that most Macs are single-user, this distinction is effectively moot.

Typing a name/pass (or using FUS) every once in a while is a small price to pay for the extra piece (heh) of mind. I rarely need to perform admin-level actions anyway and my system is plenty functional, thanks.

Run your computer how you want.

But don't equate "running as an admin user" with an intelligence level.

You're still performing security masturbation.

discotronic · Mar 23, 2005, 09:09 PM

Looks like the thread went way off topic.

IamBob · Mar 23, 2005, 10:00 PM

Apple set the default behavior properly.

No, they set the default behavior the only(/best) way they could. If you booted a new machine and were only given a standard account you'd be stuck.

Run your computer how you want.

Thanks, but I don't need permission.

But don't equate "running as an admin user" with an intelligence level.

I can equate anything any which way I please.

You're still performing security masturbation.

You're still saying that like I care.

...yeah, just kind of off topic.

kcmac · Mar 23, 2005, 10:10 PM

Good lord. We are talking about OS X are we not?

Trojans? Administrative accounts?

Turn the dang thing on, register, get to work. That's a Mac.

Chuckit · Mar 23, 2005, 10:37 PM

Originally posted by kcmac:
Good lord. We are talking about OS X are we not?

Trojans? Administrative accounts?

Macs do have administrative accounts. Look in the Accounts prefpane if you don't believe it.

kcmac · Mar 23, 2005, 10:46 PM

No doubt. Guess I had to hit the sarcasm button for you.

This thread is off topic.

I recommend the Pogue book as well. Just get your brother in front of his new mac. Let him play around. It won't really be all that unfamiliar even as a PC guy. Macs are fun. Hope he enjoys himself.

Apfhex · Mar 24, 2005, 01:43 AM

Originally posted by kcmac:
Turn the dang thing on, register, get to work. That's a Mac.

EXACTLY. *applauds*

Just make sure he's not expecting it to be Windows. The complaints I hear daily in the Mac labs are based on people expecting them to be just like Windows. "Why can't I ctrl-alt-del???"

sminch · Mar 24, 2005, 02:35 AM

more to the point is "why do you want to cont-alt-del"? it's not like it crashed (just like windows...)

i definitely liked pogue's book, too - taught me everything i know. which may be a scary thought.

sminch

IamBob · Mar 24, 2005, 10:05 AM

From the a-bit-more department..

Check out http://www.macosxhints.com/

Dr. Smoke · Mar 27, 2005, 05:13 PM

See my Learning About Mac OS X FAQ.