 |
 |
Admin account security risk.
|
|
|
|
|
Mac Elite
Join Date: Jan 2003
Location: San Diego
Status:
Offline
|
|
I keep reading more and more "security experts" mention that you should not use an administrative account for routine day to day tasks because it represents a security risk. I'm trying to figure this one out because Mac OS (and Ubuntu for that matter) don't provide root privileges to admin accounts unless you temporarily elevate to root with a password. How am I more exposed to security risks by using an admin account when I'm not elevated to root? What am I missing?
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Oct 2008
Location: UKland
Status:
Offline
|
|
That you CAN easily elevate your admin account to root level with a password. Given that 90% of mac users have no idea what is happening when they do this, it's an obvious security weakness.
However those same 90% are exactly the same users who probably don't even realise that they can run multiple accounts on a mac so are very unlikely to have gone to the bother of creating a standard user account to work daily in whereas those that do understand, don't really need the security, so it's a bit catch 22.
I guess it's most useful where many/several macs are used by normal users but have an overall sysadmin.
Personally its not worth the hassle to me to run my mac this way although I understand the logic behind the idea.
|
|
This space for Hire! Reasonable rates. Reach an audience of literally dozens!
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Jan 2003
Location: San Diego
Status:
Offline
|
|
So, the logic is: you would be using your Mac and all of a sudden, a malware app would try to get you to volunteer your root privileges with a password. Couldn't the same scenario take place with a standard account, assuming you knew the admin user/pass?
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
Of course. "Ordinary" users generally do not supply an Admin name for the dialog box, making it slightly more annoying, but beyond that, no difference.
I was under the impression that Apple's default manages a pretty good compromise between security and not-getting-in-your-face.
|
|
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Dec 2001
Location: Land of Enchantment
Status:
Offline
|
|
I agree with Doc, those who would know how and why to not use admin don't need to change. And Apple can scarcely ship devices just in User, I do think Apple could begin set up with a warning about admin, then allow either login option choice.
|
|
|
| |
|
|
|
|
|
|
|
Moderator  Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
Originally Posted by iMOTOR 
How am I more exposed to security risks by using an admin account when I'm not elevated to root?
Traditionally this used to be because the admin account had write privileges to a bunch of places that were supposed to be possible to modified by the local administrator without being system critical. In essence, /System/Library required root, /Library required admin, and ~/Library was for any user, although there were exceptions with root-only files in /Library. Lion changed this around a bit, however (the old setup had some security deficiencies in how the access was set up), and you need root for a lot more. I don't think that there is much risk to running as admin any more, but I really should check what the defaults are now under ML.
|
|
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
Top