Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Will malware spread to other accounts/areas of the mac is you're using a standard account?
- Thread starter otherguy5
- Start date
- Sort by reaction score
Generally no, but being prompted for admin rights tends to be so automatic most people blindly authenticate. If that's the case, it doesn't matter if your user account is a standard user or admin user the result will be the same.
Safe computing practices is your. best bet, never open an attachment that you're not sure who it came from, don't visit naughty sites or places that are pirate focused. Only download software from known places. Never respond to urgent emails, regarding money owed, accounts being locked out, etc.
Last edited:
I follow these guidelines but I was fooled recently. I was asked to prove that "I was not a robot" similar to a CAPTCHA test. After I clicked on it, I got Malware.
Wow, what happened - did it download software? I'm not sure how clicking on a link would have infected the computer, at least on a Mac.
I clicked on what I thought was a valid CAPTCHA and then it went to a page asking me to allow permissions. It was only after allowing permission that I realized something was wrong
.So yes, clicking on a link did not cause the problems but my subsequent actions did.
Yeah, that's where things went south - thanks for expounding how that worked, so i can be a bit more careful
Are you asking a hypothetical question, or do you think that you have malware?
The malware would need manual authorization from an admin account to install itself in another user account or in the system domain. (Even for a admin user account.) Unless it was exploiting some vulnerabilities in the OS.
The malware would need manual authorization from an admin account to install itself in another user account or in the system domain. (Even for a admin user account.) Unless it was exploiting some vulnerabilities in the OS.
Right, that last part is key. Sophisticated attackers will leverage multiple vulnerabilities. A foot-in-the-door exploit like the one Plutonius described would normally be limited to the logged-in account, but if the attacker can find some other opportunity once they're in a position to execute code, they could get into other accounts or private data.
Granted, if your production user account is a non-admin account, and that's where you keep all of your files and private data, then getting in to the non-admin account is enough to create some havoc.
If you're creating a non-admin account in the hopes of creating a "safe space" to do some experimental web browsing or software installation, I'd consider:
- Enable FileVault on your production startup disk (everybody should just do this, period)
- Add a volume to your Mac's internal storage (or use an external disk, or use a VM)
- Install macOS onto that new volume (enable FileVault on this volume too)
Don't provide the password for your production startup disk when booted to the experimental volume, detach your backup disk when booting from this volume, and be really careful about granting full disk access to software that you install. If the software you're installing is making those sorts of requests, then a VM might be a better fit (or even a second Mac). This sort of setup would be more effective at isolating "your stuff" than a separate user account. When you're done or you feel that the environment is sufficiently tainted, you can just boot from the production startup volume and delete the experimental volume in Disk Utility.