OS X Blizzard asks for admin privileges?

Discussion in 'Mac and PC Games' started by HunPro, Mar 24, 2015.

  1. HunPro macrumors member

    Joined:
    Oct 28, 2013
    Location:
    Budapest, Hungary
    #1
    Weird.

    I was trying to install the starter edition of Starcraft 2 just to do some benchmarking, and the installer asked for administrator privileges.

    I said no.

    I expected a greater uproar from the community, but barely found any posts.

    I mean, games should be games, they shouldn't ask for these privileges.

    It's unacceptable, invasive and dangerous. There's no explanation on why I should allow their agent to have admin rights.
     
  2. Cougarcat, Mar 25, 2015
    Last edited: Mar 25, 2015

    Cougarcat macrumors 604

    Joined:
    Sep 19, 2003
    #2
    That's pretty normal for an installer. It's not dangerous. It's required when anything is installed outside your user folder.
     
  3. chrono1081 macrumors 604

    chrono1081

    Joined:
    Jan 26, 2008
    Location:
    Isla Nublar
    #3
    Anything you install is going to ask you for your username and password to be entered. It's so someone can't up and install something without you knowing about it.

    There's no way for a game to install everything it needs (which is a lot) without these permissions.
     
  4. antonis macrumors 68000

    antonis

    Joined:
    Jun 10, 2011
    #4
    It tries to install the game under /Applications (which of course is outside your home folder), hence a user verification is needed. If it didn't ask for that, everything would be installed somewhere under your home folder and would be available only for the current user.
     
  5. HunPro thread starter macrumors member

    Joined:
    Oct 28, 2013
    Location:
    Budapest, Hungary
    #5
    Well, it would be better if it would install under ~/Applications.

    I'll try to manually create the .app folder, and give it access for my user, maybe that will help.

    Thanks!
     
  6. antonis macrumors 68000

    antonis

    Joined:
    Jun 10, 2011
    #6
    Be careful, though, as you might create security holes where they do not exist by default. The confirmation pop-up window is actually a security enhancement, rather than something that it should make you nervous. Normally, you don't want to compromise that.
     
  7. thekev macrumors 604

    thekev

    Joined:
    Aug 5, 2010
    #7
    This is typical for a lot of applications, especially when custom permissions are required. How have you never seen this before?
     
  8. MH01 Suspended

    MH01

    Joined:
    Feb 11, 2008
    #8
    Its normal behaviour in installing applications, as others have stated in the thread.
     
  9. HunPro thread starter macrumors member

    Joined:
    Oct 28, 2013
    Location:
    Budapest, Hungary
    #9
    So the problem is that it wants to install to /Applications.

    Which makes sense if it's a multi-user Mac. Or not, because you need Battle.net accounts.

    Anyway, somehow I managed to launch an install that let me choose a folder, and I installed it to ~/Applications, so root access wasn't necessary.
     
  10. antonis macrumors 68000

    antonis

    Joined:
    Jun 10, 2011
    #10
    No worries about that. Unix architecture (as OS X is) allows you to keep an application installed on a common place (e.g. /Applications) while its user settings are always stored in each user's home. That way, several users can run the same application e.g. battle.net client, and everyone will have his personal separated settings, totally safe from the others.
     
  11. HunPro thread starter macrumors member

    Joined:
    Oct 28, 2013
    Location:
    Budapest, Hungary
    #11
    The problem is that I don't trust Blizzard. I don't like daemons and other bloatware that companies in this era feel entitled to install in the background. Even if it's for anonymous reporting to "enhance my experience".

    One reason to choose Apple is because one values his own privacy. I even pay for e-mail hosting, $4 a month worth not having Google's eyes on my private e-mail.

    Giving a blank root access is not an option if an installer is involved. I have no problem with giving root access to copy a single .app folder to /Applications.

    Anyway, somehow I managed to get a prompt while installing SC2 for a target folder, and I choose ~/Applications.
     
  12. Cougarcat macrumors 604

    Joined:
    Sep 19, 2003
    #12
    Why don't you trust Blizzard? They are one of the most well established gaming companies in existence. But in any case, you don't need to trust blizzard because Unix will worry about it for you. You're being paranoid.

    And you probably know this already, but Apple itself sends anonymous diagnostics by default in iOS and OS X.
     
  13. HunPro thread starter macrumors member

    Joined:
    Oct 28, 2013
    Location:
    Budapest, Hungary
    #13
    Unix will not worry about me, if I give an installer root privileges, it can do whatever it wants. It's an installer, so I have no idea what it does in the background. I can't limit its operations to a folder. But I know that there's no reason for it to modify anything anywhere, this is a game after all.

    Blizzard, just like any other gaming company feels entitled to screw their paying customers over in the name of stopping piracy. Needing a continuous uninterrupted internet connection to play single player is not enhancing my experience in any way.

    Sony was one of the most established tech companies in 2000, and over the next few years they did some nasty stuff to their customers. Rootkit, anyone?

    Lenovo is a well established brand, ThinkPad is a well established brand, and yet they shipped their laptops with dangerous crapware.

    Don't underestimate corporate cynicism in a world of Android flashlight apps that ask for total access to all of your data, and yet they are downloaded by hundreds of millions of users.
     
  14. dollystereo macrumors 6502a

    dollystereo

    Joined:
    Oct 6, 2004
    Location:
    France
    #14
    I couldn't agree more!
    +1
    By the way, I wouldn't trust apple. Paying for the mail is not enough, you should crypt.
     
  15. garirry macrumors 68000

    garirry

    Joined:
    Apr 27, 2013
    Location:
    Canada is my city
    #15
    You have a point, although that's not exactly it works. Blizzard is a stand-alone game company which is CONFIRMED to not have any malware installed on it. Companies like Lenovo, Dell, etc. have those "crapware" because stupid companies like McAffee and Yahoo! are promoting their products and paying them to do this. You can safely install those games, I can assure you that. The password confirmation is like the security question thing in Windows Vista and further.
     
  16. Huntn macrumors P6

    Huntn

    Joined:
    May 5, 2008
    Location:
    The Misty Mountains
    #16
    It's said for security that you should always function in Windows in a non-admin account. It will alert you if something sneaky is going on when the request for admin permission pops up, if it's not something you have initiated. For program installs this will happen. Check out your Windows security settings which are variable.
     
  17. Naio macrumors member

    Naio

    Joined:
    Apr 2, 2015
    #17
    The Agent for Battle.net is a root user. Not sure if I understand why that is necessary...
     
  18. macRumor1231 macrumors newbie

    Joined:
    Oct 10, 2016
    #18
    Hi HunPro!

    Can't agree more with your arguments.
    As a computer scientist I'm also concerned about the installer requiring root priviledges.
    How did you manage to get that prompt, where you could choose the target folder?

    I know it's been some days since your posting, but I can't find that solution.
    Thanks in advance!

    Cheers,
    Chris
     
  19. wubsylol macrumors 6502

    Joined:
    Nov 6, 2014
    #19
    Games require write access to their own folders in /Applications/ so they won't run or install correctly as non-admin users.
    The launcher only installs things into your home dir, /Applications/, and /Users/Shared, and none of those should require your password.

    If you're being asked, sounds like you have other permissions issues.

    What do you mean? Agent runs as you.
     
  20. T'hain Esh Kelch macrumors 601

    T'hain Esh Kelch

    Joined:
    Aug 5, 2001
    Location:
    Denmark
    #20
    Hell no. macOS is a multiuser system at its core. I loathe whenever installers install anything into that folder.

    Putting in your admin password does *not* grant root privileges.
     
  21. Janichsan macrumors 65816

    Janichsan

    Joined:
    Oct 23, 2006
  22. dmelgar macrumors 68000

    Joined:
    Apr 29, 2005
    #22
    Putting in your admin password CAN grant root privileges without your knowledge. Provide a link to prove otherwise.
    Once admin password is given during an install, it can escalate to root and do anything on the system including installing a rootkit which is undetectable. This type of behavior may be typical for games in the Windows world but it is unnecessary and a dangerous pattern on a Mac. This creates a potential attack vector to an otherwise secure system.
     
  23. Cougarcat macrumors 604

    Joined:
    Sep 19, 2003
    #23
    I thought this debate was settled...anyway, root isn’t even enabled by default, and requires specific steps to do so. And since Apple introduced System Integrity Protection in 10.11, even root doesn’t have unfettered access to the system anymore. See https://support.apple.com/kb/PH26295?viewlocale=en_US&locale=en_US
     
  24. antonis, Oct 13, 2017
    Last edited: Oct 13, 2017

    antonis macrumors 68000

    antonis

    Joined:
    Jun 10, 2011
    #24
    'sudo' is not a windows command nor it was invented by microsoft, though. It is common for an application to ask for privilege esclatation on mac as well, when they need to write on specific directories or install a service, or both. Lots and lots of respected and famous applications do than on mac. The risk of being used in a negative way from a shady application is the same as it is on the windows side. It still relies on the user.
    --- Post Merged, Oct 13, 2017 ---
    Indeed, root account is not enabled by default (actually it is, it just has a random password that needs to be changed and you're good to go). But 'sudo' does not need root account to be enabled to work, that's the whole purpose of the command itself anyway.

    Rootless feature prevents indeed an app to write on specific system folders or modify specific OS binaries, but it does not prevent it from doing something equally bad like install a backdoor service, a malware etc.
     

Share This Page