Administrator vs. User?

Discussion in 'MacBook Pro' started by GamerDad, Mar 3, 2011.

  1. GamerDad macrumors member

    Feb 24, 2011
    I am new to Mac, and I am reading that for security reasons, one should create another regular user account and only use the administrator account for certain things.

    I am the sole user of my laptop, and with the ways around the security, and having to log off and on to get administrator privileges, this would seem more of a PITA than anything else. I have never done this with any of my PC laptops.

    Is this really a common practice and should I really consider doing this for my general use?
  2. simsaladimbamba

    Nov 28, 2010
    I don't know if it is common practice, but I only use one admin account, or others if I have to test something.
    As Mac OS X asks for your password to gain access to system files and folders, you will be safe, unless you install everything you find, despite the source.

  3. axu539 macrumors 6502a

    Dec 31, 2010
    I don't see a point. In terms of security, the only real way you can get infected with a Trojan (note: Trojan, not virus, as viruses for Mac DO NOT exist), is if you deliberately install it yourself. You have to actually enter your password and allow the software to install. If someone were to get physical access to your computer, where you keep your data will not matter if they really want to get to it. Either way, creating a separate user account is pointless.
  4. munkery, Mar 3, 2011
    Last edited: Mar 4, 2011

    munkery macrumors 68020


    Dec 18, 2006
    Mac OS X admin accounts are set up to give the admin as much privileges as possible while avoiding almost all of the pitfalls of running as root.

    Almost all of the sensitive areas of OS X require admin authentication to modify in an admin account. An admin account in Mac OS X is not like an admin account in Windows XP (and earlier Windows NT based OS).

    The security sensitive folders in an admin account that can be modified without authentication can not be abused to install malicious software that will compromise apps such as Safari, Mail, iTunes, or any other default OS X app.

    The only security sensitive folder that I can think of that can be modified without authentication in an OS X admin account is "username"/Library/LaunchAgents. Even this folder is not that security sensitive.

    If you decide to use a standard account to further increase your security, you will not have to log out/in to perform tasks. You can use the admin credentials from the standard account to perform admin tasks.

Share This Page