MAC OS X SECURITY? OVERHEARD A STUPID.....

Discussion in 'macOS' started by jc0481, Jun 2, 2005.

  1. jc0481 macrumors regular

    Joined:
    Mar 16, 2005
    #1
    I recently overheard two techies in my college talking of course about Linux then they talked about Mac OS X which really interested me. First they were talking about how bad windows security is which I agree with them, then if LInux and Macs only existed and Windows has a small market share the world would be a better place. Then one of the techies said "but in OS X you could log in as root and "reset" the password". I think he was insisting that anybody could just walk on by and change the password and have total control over the Mac. I just would like to know your people opinion on this. Thanks
     
  2. jaseone macrumors 65816

    jaseone

    Joined:
    Nov 7, 2004
    Location:
    Houston, USA
    #2
    I can't see how... even if you have automatic logon switched on you would still need to supply your current password to change your password or do anything that needs root privileges.

    Although if someone has physical access to your computer then unless you store everything encrypted you are pretty much screwed no matter what with any operating system as they could just pop in something like a Knoppix Live CD, mount your file systems and do whatever they like.

    Physical security is somethign people often overlook when locking down their systems.
     
  3. jsw Moderator emeritus

    jsw

    Joined:
    Mar 16, 2004
    Location:
    Andover, MA
    #3
    Well, yes, on most Macs you can - with an OS X install DVD - boot from the DVD and reset the root password and log on. Assuming no one bothers you while doing that.

    If you've locked down your Mac appropriately, then that person would need to open the Mac, change the RAM configuration, then boot from the DVD and change the root password.

    It's not like you can just walk over and, ten seconds later, control the machine.

    Of course, if they think it's that easy, just have them show you at a local Apple Store.
     
  4. JeDiBoYTJ macrumors 6502a

    JeDiBoYTJ

    Joined:
    Jun 22, 2004
    Location:
    Ft. Lauderdale, FL
    #4
    you can do that with windows too. booting into Safe Mode activates the hidden "Administrator" user, which is able to reset passwords, and change other user settings. ive done it many times.
     
  5. dsharits macrumors 68000

    dsharits

    Joined:
    Jun 19, 2004
    Location:
    The People's Republic of America
    #5
    It's not nearly as easy as it sounds. It's not posible to log in as root and change the password without having the current password. Like it was already mentioned, the only way to change the password is with an install DVD. They make it sound easy, but it's really not possible. FileVault is even more impossibe to get past.
     
  6. James Philp macrumors 65816

    James Philp

    Joined:
    Mar 5, 2005
    Location:
    Oxford/London
    #6
    I guess this is a reason never to keep your Tiger DVD with your computer - dope.
    But my computers are either behind lock and key or in my bag (both ususally).
    Of course, if someone has physical access to your Mac, and they are at all tech savvy, they could do all sorts of things - for one they could simply steal the Mac!
    On the other hand, OS X is EXTREMELY difficult to hack remotely, which is the main point these days, and it's what windows doesn't have.

    It is unheard of that someone has hacked a Mac from a remote site without the user giving them (manually) an administrator password as far as I know.
     
  7. CubaTBird macrumors 68020

    Joined:
    Apr 18, 2004
    #7
    i think os x is secure as it is... i mean heck, the irony here is that most of its code is open source and available on apples dev page so you would think that if hackers really wanted to hack os x they could easily do so.. but then i figure because os x only has 5% of the market... there probablity of getting attacked is virtually small.
     
  8. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #8
    Not true at all. There are a variety of attack vectors. Unpatched apache, ssh, OS pieces, etc. It's definitely happened. Unfortauntely, the easy of setting up OS X and some of it's nicer services makes it a rich target for attack. Grandma Jones doesn't know or care about security, but she does want to show those pictures of her grandchildren on her website!

    My problem with the whole market share thing is yes, Windows is a riper target. Yes, Mac OS X has a significantly smaller market share. But we're talking about 10s of millions of Mac OS X boxes out there! If a hacker wanted to hit a Mac, there's plenty to choose from. It might take you a little longer to find one, but they are there.

    You can follow all sorts of "best practices" to protect yourself, but if malicious dude A has physical access to your comptuer (no matter what flavor it is), you are in danger. End of story.

    As for needing root to change passwords, naah..

    Single User Mode -> use niutil to change the password properties. That should work, no?

    Good time to use the OF Password!
     
  9. jsw Moderator emeritus

    jsw

    Joined:
    Mar 16, 2004
    Location:
    Andover, MA
    #9
    Wow. I'm so used to setting up the OF password that I completely forgot that it isn't something everyone does....
     
  10. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #10
    Same here. I expect because it's 1) not something they think/know about and/or 2) yet another password they fear to forget.
     
  11. James Philp macrumors 65816

    James Philp

    Joined:
    Mar 5, 2005
    Location:
    Oxford/London
    #11
    So surely someone has created a way to infiltrate OS X? I can't believe that if it is possible no-one has done it yet, even out of pure interest?

    P.S. Don't you need administrator passwords to change anything in the system folders?
     
  12. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #12
    Beyond proof-of-concept viruses & rootkits? Apparently not. But, I don't run in hacker/cracker circles, so I'm certainly not in the loop on this one. I suspect that there are people working on it. If not a MS-fanboi looking to shut up all the Apple-fanbois, then a serious hacker. But I think it's more subjective then looking for viruses and trojans. All it takes (generally) is a talented individual who took the time and energy. Probe, probe, probe until you find a hole to exploit. Exploit it and you're in. Then leave it alone until you need it. I think there's a low % of Mac OS X users that are serious about their security. They might never notice. I might never notice and I like to think I'm fairly serious about security.

    I'm curious about "Switchers". Will people jumping ship because of security problems mean that there will be more Macs with better security because these people are using to doing things that way? Or will there be more Macs with less security because "you don't have to worry about that on a Mac", and people get lazy? Only time will tell. IF Apple gains any marketshare out of this, it'll be years before we see it.

    Not in Single User Mode. In SUM, you're automatically equivalent to root. Unless you're meaning something else.
     
  13. emw macrumors G4

    emw

    Joined:
    Aug 2, 2004
    #13
    Okay, I'll bite. What the hell is the OF Password?
     
  14. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #14
  15. emw macrumors G4

    emw

    Joined:
    Aug 2, 2004
    #15
  16. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #16
    Just don't forget that you've got it installed (and don't forget that password!) and freak when you can't boot from a CD. Which I did shortly after I started using it back in the day. :D Much cursing and sobbing ensued..
     
  17. csubear macrumors 6502a

    csubear

    Joined:
    Aug 22, 2003
    #17
    Just about every *nix I know of can be booted into single user mode, and have the root password changed. That is unless you put a password on your bootloader.
     
  18. Chrispy macrumors 68020

    Chrispy

    Joined:
    Dec 27, 2004
    Location:
    Avon, IN
    #18
    This thread just made me remember how dumb the IT department is for the company with whom I am employed. We use all Windows 2000 pro machines at work and one of our graphics designers got a DP G4 system a few years back. He never hooked it up to the network and we went on like that for a few years. Then, when he was let go the new designer wanted to network the mac so he could use our high resolution laser printers for photo sheets and what not. The IT guy actually told us "there is no way I'm putting a MAC on this network! Those things are full of viruses and they have horrible security!" I almost soiled myself right there. It took A YEAR for us to convince him to let us put the mac on the network.... yes, this is what I have to deal with at work..... :(
     
  19. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #19
    That seems to be a pretty common excuse for IT people who know nothing of Macs. Since that excuse always works for Windows, why not apply it to a Mac? :)
     
  20. IJ Reilly macrumors P6

    IJ Reilly

    Joined:
    Jul 16, 2002
    Location:
    Palookaville
    #20
    How many people actually use an open firmware password? Granted it's the ultimate lock-down for the Mac, but outside of a computer lab environment, how useful is it really?
     
  21. jsw Moderator emeritus

    jsw

    Joined:
    Mar 16, 2004
    Location:
    Andover, MA
    #21
    Note that this is only for pre-Tiger versions. The Tiger version comes on the install disk.
     
  22. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #22
    That depends on your level of paranoia, I think.
     
  23. emw macrumors G4

    emw

    Joined:
    Aug 2, 2004
    #23
    Yup, I'm pre-Tiger on my work box still. At home I'll have to search out the install disk.
     
  24. emw macrumors G4

    emw

    Joined:
    Aug 2, 2004
    #24
    The IT guys at work are out to get me, so it's in my best interest to install this.
     
  25. tdhurst macrumors 68040

    tdhurst

    Joined:
    Dec 27, 2003
    Location:
    Portland, OR
    #25
    Riiight...

    Are you kidding? Imagine the acclaim and prestige a hacker would gain by defeating an "impenetrable" system.
    There have a been a few rewards offered by various companies with cash prizes to those able to hack into Apple computers using only regular security settings. It has not been accomplished yet.
     

Share This Page