Can user infect whole iMac?

Discussion in 'iMac' started by 2012Tony2012, May 3, 2014.

  1. 2012Tony2012 macrumors 6502a

    2012Tony2012

    Joined:
    Dec 2, 2012
    #1
    If I create a user, or they use the "guest account", if they get malware or virus, can it infect and affect the whole iMac, even my admin account?

    Or is creating a new user, similar to running a virtual machine for them and whatever they do or whatever they get infected by, it will remain "sandboxed" in their user account and not infect or affect the whole iMac?
     
  2. Nuke61 macrumors 6502

    Joined:
    Jan 18, 2013
    Location:
    Columbia, SC
    #2
    The account is not sandboxed, so if the standard user gets infected, the Admin can also get infected. But there's a big caveat to that first sentence, which is that most infections are from an app that's run which then surreptitiously installs software. If the non-admin user cannot install software with the Admin password, most infections will be stopped.

    The guest account gets wiped when the guest logs out, so this would severely limit any malware or virus infection, if not stop it completely. To put this in context, I recently listened to a computer security podcast where they discussed that of Windows malware infections, >90% would have been prevented if the user had been running as a user without program installation rights.

    So, it's not a guarantee, but doing what you're asking about will go a LONG way to preventing infection.
     
  3. 2012Tony2012 thread starter macrumors 6502a

    2012Tony2012

    Joined:
    Dec 2, 2012
    #3
    You use the term, "most infections", so does that mean you believe and teach that "some infections" can be installed when visiting a website without user intervention and without a user or admin entering a password?
     
  4. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #4
    It happened before with the Flashback trojan. All you had to do was visit a compromised web site and you got Flashback on your system. OS X has since been patched to prevent Flashback from installing, but it could certainly happen again with a different trojan if the trojan's author discovered an exploit like the one used with Flashback.
     
  5. casperes1996 macrumors 65816

    casperes1996

    Joined:
    Jan 26, 2014
    Location:
    Horsens, Denmark
    #5
    Nothing is completely secure

    It's simply impossible to secure yourself from everything. The password authentication process is software as well, so if the malicious software were to make this software think it had admin privileges, it would have no trouble screwing everything.
     
  6. DeltaMac macrumors 604

    DeltaMac

    Joined:
    Jul 30, 2003
    Location:
    Delaware
    #6
    When discussing security issues, you have to stay away from absolutes, such as "never", and "always".
    For example, even though none exist in the wild, it's still "possible" that an active virus could spread from one Mac to another - however unlikely that may be.
    Making yourself aware of where malware comes from, and taking care to avoid "dangerous" surfing activities should be part of your security plan that will make even "most" malware end up in someone else's backyard - not yours :D
     
  7. Nuke61 macrumors 6502

    Joined:
    Jan 18, 2013
    Location:
    Columbia, SC
    #7
    Yes, this type of malware is in the minority, but it can and has happened.
     
  8. 2012Tony2012 thread starter macrumors 6502a

    2012Tony2012

    Joined:
    Dec 2, 2012
    #8
    So what do you do to protect yourself? If we had a sandbox browser or sandbox app for Mac like Sandboxie for Windows, problem solved. But NO way to browse internet using a sandbox on Mac, right? :(

    ----------

    We keep saying "no virus exists in the wild", however one may exist from last 1 hour that was released 1 hour ago, that is still not widely known about.
     
  9. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #9
    For now, Safari and OS X were updated so the Flashback trojan could not install itself like it did. My point is up until Flashback everybody thought you could not get a trojan like this from simply visiting a web site, and of course that turned out to be wrong. No matter what you do there are baddies out there trying to figure out a way around any security measures and there is no perfect solution to avoid that.

    All you can do is do what you can to avoid known threats and keep up on the security news to learn about new threats as they unfold.

    http://www.thesafemac.com

    This site does a very good job of staying up with Mac security issues and you can follow him on Twitter for updates.
     
  10. GreatDrok macrumors 6502a

    GreatDrok

    Joined:
    May 1, 2006
    Location:
    New Zealand
    #10
    Flashback was an interesting example of why companies running forks and not patching in a timely manner is a bad thing. In this case, the Java vulnerability was still present on the Mac where it had been patched on other platforms that were directly supported by the Java vendor (Oracle) so the Mac was behind for a period of time. Wind forward to today and Java on Mac is now a 1st class supported platform and gets the updates through the same mechanism as any other OS that has Java. Of course, if you don't need Java, don't install it. The same could be said for many other programs (flash for instance, nasty POS) so if you don't need it, don't install it.

    If you really want a sandbox for your guests to play in, download VirtualBox and set up a nice Linux install on there and take a snapshot of it. Let them do whatever they want in there and when they've finished, just revert the snapshot and you're clean. This is exactly how I deal with Windows on my Mac - I have snapshots of a clean environment and I do whatever I need to on the Windows install and then restore the snapshot and apply any updates that MS may put out. This way I always have a clean Windows fully patched environment to work from. I only use Windows for software testing and would never use it for anything serious but at least this configuration makes it reliable and allows me to remove malware. I have a real Windows 7 box at home and that doesn't get used for anything beyond a bit of casual gaming and I certainly wouldn't do banking on it for instance. This is after I discovered a trojan had been merrily running on the machine for a fortnight before MS Security Essentials or AVG picked it up.
     
  11. 2012Tony2012 thread starter macrumors 6502a

    2012Tony2012

    Joined:
    Dec 2, 2012
    #11
    Yeah so it seems only Virtual Box can give a "sandbox" environment for someone to web browse wherever they want?

    Any history of something "jumping out" of the Virtual Box into Mac and infecting the Mac?
     
  12. 2012Tony2012 thread starter macrumors 6502a

    2012Tony2012

    Joined:
    Dec 2, 2012
    #12
    Is that website author safe and trusted?
     
  13. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #13
    Yes, but the Applescript code is included, so if you open that script in Applescript Editor you can see exactly what it will do. You can even execute it from within the Applescript Editor. So it is not like it is some compiled app where you can't see what it is doing.
     

Share This Page