I recently overheard two techies in my college talking of course about Linux then they talked about Mac OS X which really interested me. First they were talking about how bad windows security is which I agree with them, then if LInux and Macs only existed and Windows has a small market share the world would be a better place. Then one of the techies said "but in OS X you could log in as root and "reset" the password". I think he was insisting that anybody could just walk on by and change the password and have total control over the Mac. I just would like to know your people opinion on this. Thanks
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
MAC OS X SECURITY? OVERHEARD A STUPID.....
- Thread starter jc0481
- Start date
- Sort by reaction score
I can't see how... even if you have automatic logon switched on you would still need to supply your current password to change your password or do anything that needs root privileges.
Although if someone has physical access to your computer then unless you store everything encrypted you are pretty much screwed no matter what with any operating system as they could just pop in something like a Knoppix Live CD, mount your file systems and do whatever they like.
Physical security is somethign people often overlook when locking down their systems.
Although if someone has physical access to your computer then unless you store everything encrypted you are pretty much screwed no matter what with any operating system as they could just pop in something like a Knoppix Live CD, mount your file systems and do whatever they like.
Physical security is somethign people often overlook when locking down their systems.
Well, yes, on most Macs you can - with an OS X install DVD - boot from the DVD and reset the root password and log on. Assuming no one bothers you while doing that.
If you've locked down your Mac appropriately, then that person would need to open the Mac, change the RAM configuration, then boot from the DVD and change the root password.
It's not like you can just walk over and, ten seconds later, control the machine.
Of course, if they think it's that easy, just have them show you at a local Apple Store.
If you've locked down your Mac appropriately, then that person would need to open the Mac, change the RAM configuration, then boot from the DVD and change the root password.
It's not like you can just walk over and, ten seconds later, control the machine.
Of course, if they think it's that easy, just have them show you at a local Apple Store.
you can do that with windows too. booting into Safe Mode activates the hidden "Administrator" user, which is able to reset passwords, and change other user settings. ive done it many times.
It's not nearly as easy as it sounds. It's not posible to log in as root and change the password without having the current password. Like it was already mentioned, the only way to change the password is with an install DVD. They make it sound easy, but it's really not possible. FileVault is even more impossibe to get past.
I guess this is a reason never to keep your Tiger DVD with your computer - dope.
But my computers are either behind lock and key or in my bag (both ususally).
Of course, if someone has physical access to your Mac, and they are at all tech savvy, they could do all sorts of things - for one they could simply steal the Mac!
On the other hand, OS X is EXTREMELY difficult to hack remotely, which is the main point these days, and it's what windows doesn't have.
It is unheard of that someone has hacked a Mac from a remote site without the user giving them (manually) an administrator password as far as I know.
But my computers are either behind lock and key or in my bag (both ususally).
Of course, if someone has physical access to your Mac, and they are at all tech savvy, they could do all sorts of things - for one they could simply steal the Mac!
On the other hand, OS X is EXTREMELY difficult to hack remotely, which is the main point these days, and it's what windows doesn't have.
It is unheard of that someone has hacked a Mac from a remote site without the user giving them (manually) an administrator password as far as I know.
i think os x is secure as it is... i mean heck, the irony here is that most of its code is open source and available on apples dev page so you would think that if hackers really wanted to hack os x they could easily do so.. but then i figure because os x only has 5% of the market... there probablity of getting attacked is virtually small.
James Philp said:
Not true at all. There are a variety of attack vectors. Unpatched apache, ssh, OS pieces, etc. It's definitely happened. Unfortauntely, the easy of setting up OS X and some of it's nicer services makes it a rich target for attack. Grandma Jones doesn't know or care about security, but she does want to show those pictures of her grandchildren on her website!
My problem with the whole market share thing is yes, Windows is a riper target. Yes, Mac OS X has a significantly smaller market share. But we're talking about 10s of millions of Mac OS X boxes out there! If a hacker wanted to hit a Mac, there's plenty to choose from. It might take you a little longer to find one, but they are there.
You can follow all sorts of "best practices" to protect yourself, but if malicious dude A has physical access to your comptuer (no matter what flavor it is), you are in danger. End of story.
As for needing root to change passwords, naah..
Single User Mode -> use niutil to change the password properties. That should work, no?
Good time to use the OF Password!
Wow. I'm so used to setting up the OF password that I completely forgot that it isn't something everyone does....yellow said:
jsw said:
Same here. I expect because it's 1) not something they think/know about and/or 2) yet another password they fear to forget.
So surely someone has created a way to infiltrate OS X? I can't believe that if it is possible no-one has done it yet, even out of pure interest?yellow said:
P.S. Don't you need administrator passwords to change anything in the system folders?
Beyond proof-of-concept viruses & rootkits? Apparently not. But, I don't run in hacker/cracker circles, so I'm certainly not in the loop on this one. I suspect that there are people working on it. If not a MS-fanboi looking to shut up all the Apple-fanbois, then a serious hacker. But I think it's more subjective then looking for viruses and trojans. All it takes (generally) is a talented individual who took the time and energy. Probe, probe, probe until you find a hole to exploit. Exploit it and you're in. Then leave it alone until you need it. I think there's a low % of Mac OS X users that are serious about their security. They might never notice. I might never notice and I like to think I'm fairly serious about security.James Philp said:
I'm curious about "Switchers". Will people jumping ship because of security problems mean that there will be more Macs with better security because these people are using to doing things that way? Or will there be more Macs with less security because "you don't have to worry about that on a Mac", and people get lazy? Only time will tell. IF Apple gains any marketshare out of this, it'll be years before we see it.
Not in Single User Mode. In SUM, you're automatically equivalent to root. Unless you're meaning something else.James Philp said:
Just don't forget that you've got it installed (and don't forget that password!) and freak when you can't boot from a CD. Which I did shortly after I started using it back in the day. 
Much cursing and sobbing ensued..
Much cursing and sobbing ensued..
This thread just made me remember how dumb the IT department is for the company with whom I am employed. We use all Windows 2000 pro machines at work and one of our graphics designers got a DP G4 system a few years back. He never hooked it up to the network and we went on like that for a few years. Then, when he was let go the new designer wanted to network the mac so he could use our high resolution laser printers for photo sheets and what not. The IT guy actually told us "there is no way I'm putting a MAC on this network! Those things are full of viruses and they have horrible security!" I almost soiled myself right there. It took A YEAR for us to convince him to let us put the mac on the network.... yes, this is what I have to deal with at work.....
That seems to be a pretty common excuse for IT people who know nothing of Macs. Since that excuse always works for Windows, why not apply it to a Mac?
How many people actually use an open firmware password? Granted it's the ultimate lock-down for the Mac, but outside of a computer lab environment, how useful is it really?
Note that this is only for pre-Tiger versions. The Tiger version comes on the install disk.emw said:
Riiight...
Are you kidding? Imagine the acclaim and prestige a hacker would gain by defeating an "impenetrable" system.
There have a been a few rewards offered by various companies with cash prizes to those able to hack into Apple computers using only regular security settings. It has not been accomplished yet.
CubaTBird said:
Are you kidding? Imagine the acclaim and prestige a hacker would gain by defeating an "impenetrable" system.
There have a been a few rewards offered by various companies with cash prizes to those able to hack into Apple computers using only regular security settings. It has not been accomplished yet.