mac virus?

[GGJstudios]

Any drive-by exploit that targets the browser or any other plugin that you have installed.

Name one.

Nonsense. Whether you execute virus replication code, a trojan dropper or an adware installer makes very little difference. The system is infected in any case.

Again, false. A Trojan can be avoided by practicing safe computing alone, without need for any antivirus software. A true virus cannot be avoided in the same way.

I named one. If you can't understand the most basic computer security precautions I can't help you.

No, you haven't named one real-world example of a disadvantage in running an admin account on OS X. You named a hypothetical situation which has never occurred in the wild. That's not the same thing.

You keep claiming that I don't know what I'm talking about or don't understand computer security, yet you have made repeated false statements. You don't seem to understand I've had discussions on this topic literally hundreds of times in this forum over the years and not once has anyone provided any factual evidence to disprove my statements. I very certainly know what I'm talking about, as hundreds of threads in this forum will demonstrate. I recommend you read a few of them. You may find them educational.

 

[Rigby]

Name one.

Here's one that attacked the Flash plugin on Mac OS:

http://www.adobe.com/support/security/bulletins/apsb13-04.html

"Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content."

Again, false. A Trojan can be avoided by practicing safe computing alone, without need for any antivirus software. A true virus cannot be avoided in the same way.

Oh really? Care to explain why exactly a Trojan can be avoided and a virus can't? Of course I assume that you count not executing arbitrary code as part of your "safe computing practices", don't you?

No, you haven't named one real-world example of a disadvantage in running an admin account on OS X. You named a hypothetical situation which has never occurred in the wild. That's not the same thing.

You have no idea how many exploits are out there in the wild today. And most of them are not viruses, neither on OS X nor on Windows. Your "virus" rants are besides the point, because other types of exploits, mostly phishing and drive-by ones, are much more prevalent today. And OS X is just as vulnerable to those as Windows is.

You keep claiming that I don't know what I'm talking about or don't understand computer security

Your statements here show that you are a layman. That's OK.

 

[adamhenry]

That would be a worm. And of course even that requires that the code is somehow executed on the first infected machine. If you are careful about running code with dubious or unkown origins, an infection is unlikely. The same applies to regular viruses and trojan droppers. Once you do execute the code for whatever reason, OS mitigations might or might not help to protect the system from infection.

You are right, that was a worm. When you are in a building with thousands of PCs and a significant number of them are infected, how the infection started is pretty irrelevant. We were playing whack-a-mole for several days.

 

[Rigby]

You are right, that was a worm. When you are in a building with thousands of PCs and a significant number of them are infected, how the infection started is pretty irrelevant. We were playing whack-a-mole for several days.

Yeah. But's that's more a consequence of Windows' market share and more open ecosystem. MS has actually done a great job hardening Windows since Win7 (and offering tools like EMET for advanced users). It's just that Windows is still a much larger and juicier target for blackhats. But OS X has been and is being attacked as well.

 

[GGJstudios]

Here's one that attacked the Flash plugin on Mac OS:

http://www.adobe.com/support/security/bulletins/apsb13-04.html

"Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content."

Attempts to trick a user into opening an infected document from an unknown or untrusted source is easily avoidable by practicing safe computing (tip #8 on the list). Because a vulnerability exists (all software has vulnerabilities), doesn't mean a successful exploit has been achieved. There is no report that any malware was delivered to OS X systems; only that malicious Flash content targeted the Flash Player.

Oh really? Care to explain why exactly a Trojan can be avoided and a virus can't?

Read the Mac Virus/Malware FAQ posted earlier to learn the difference between a Trojan and a virus. That will answer your question.

You have no idea how many exploits are out there in the wild today.

You still haven't named one real-world disadvantage in running an admin account on OS X. It's OK. I wasn't expecting you to, because there aren't any.

Your "virus" rants are besides the point, because other types of exploits, mostly phishing and drive-by ones, are much more prevalent today. And OS X is just as vulnerable to those as Windows is.

That proves my point, that practicing safe computing is all that is required to successfully avoid all OS X malware that has ever existed in the wild.

 

[Rigby]

Attempts to trick a user into opening an infected document from an unknown or untrusted source is easily avoidable by practicing safe computing (tip #8 on the list).

You obviously don't understand how the attack works. No explicit opening of a document was necessary. Flash content plays automatically once you open the web page unless you are using something like Noscript, click-to-play or similar to prevent it. There are many more exploits like this in the wild. If you followed one of the security alert networks you'd be shocked how frequent they are.

Because a vulnerability exists (all software has vulnerabilities), doesn't mean a successful exploit has been achieved.

Adobe says the contrary. You are obviously so set in your "nothing in the wild" mantra that you are blind to reality.

Read the Mac Virus/Malware FAQ posted earlier to learn the difference between a Trojan and a virus. That will answer your question.

It doesn't answer anything.

You still haven't named one real-world disadvantage in running an admin account on OS X.

Unbelievable. It's obviously completely useless to discuss with you.

For the benefits of others reading this: The above claim is dead wrong and irresponsible. Not using an administrator account for daily work is one of the best and easiest ways to improve your security, probably the best step you can take right behind using common sense security practices.

If you are still running on an administrator account, I recommend the following:

1) Go into Users&Group preferences and check if there is another account with Admin privileges; if no, create one (name it "admin" or similar).
2) Click on your standard account and disable the option "Allow user to administer this computer". Restart the computer.

This will, among other things, remove your standard account from the admin group, which makes it harder for any malware to make certain permanent changes to your system. Apple made this approach very easy, since the OS X GUI layer will automatically ask for the admin credentials if needed (e.g. when installing applications or making certain changes to the system preferences), so you normally won't even have to log in to that account.

 

[GGJstudios]

Not using an administrator account for daily work is one of the best and easiest ways to improve your security, probably the best step you can take right behind using common sense security practices.

That is absolutely false, and you have not provided any evidence of any real-world (not hypothetical) disadvantage in running an OS X admin account. Your posts reveal that you don't understand why admin accounts are different on OS X than on Windows, where there are benefits in not running an account with elevated privileges.

 

[Rigby]

I'm beginning to wonder, what are you trying to achieve by spreading these irresponsible claims?

Some reading material for the others:

- Apple Security Guide

When you log in to Mac OS X, you use a nonadministrator or administrator account. The main difference is that Mac OS X provides safety mechanisms to prevent nonadministrator users from editing key preferences, or from performing actions critical to computer security.
[...]
Each user needing administrator access should have an administrator account in addition to a standard or managed account. Administrator users should only use their administrator accounts for administrator purposes.

- SANS OS X checklist (see pages 6 and 7)

- NSA flyer on hardening OS X (see section "Don't Surf or Read Mail using Admin Account")

- And an example incident where running with a non-admin account would have made it harder for a trojan to conceal itself:

http://www.zdnet.com/article/new-mac-malware-spies-on-you-via-adium-firefox-safari-skype/

This Mac Trojan is like most: when run, it installs silently to create a backdoor. What makes this threat particularly worrying is that depending on whether or not it runs on a user account with Admin permissions, it will install different components, which use low-level system calls to hide their activities. Either way, it will always create a number of files and folders to complete its tasks; the backdoor component calls home for instructions to the IP address 176.58.100.37 every five minutes.

If the dropper runs on a system with Admin permissions, it will drop a rootkit to hide itself. [...]

Last not least: When it comes to security, beware of snakeoil salesmen ...

 

[GGJstudios]

Some reading material for the others:

Not one of those sources gives any disadvantage in running an admin account, other than restricting the user from changing system settings or inadvertently deleting certain files, none of which represents a threat to a reasonably intelligent user. In a scenario such as a business, where restricting users from changing things on a company-owned computer, there may be applications where this is useful. However, for most Mac users who are the sole user of their computer, there is no benefit. Name one real-world scenario where a user running an admin account encountered any malware or security violation that could have been prevented by running a non-admin account.

As for your example of OSX/Crisis, that threat has never existed in the wild. Proof-of-concept threats cannot affect average users; only those threats that are in the wild.

Intego, which had to update its anti-malware signatures upon discovering the threat, refers to it as "OSX/Crisis." The good news is that the security firm has yet to find OSX/Crisis in the wild; the company only stumbled upon it over at VirusTotal, a service for analyzing suspicious files and URLs.

 

[aquajet]

It is true virtually every hardening and best practice guide would dictate the use of a standard account over an admin account for daily uses, Macs included. On the Mac, an "Administrator" account is really just a GUI front end for the sudo command. When an action is performed that requires admin (root) privileges, a user is prompted with a dialog to input a password. This is actually not all that different in daily use from Windows' UAC, which like sudo, is configurable and prompts a user to elevate privileges. Both Mac OS X and Windows have the concept of a "root" account (in OS X, it is actually called root by name, and in Windows, it is called Administrator by name, both of which are disabled by default) and neither of which require user intervention to elevate privileges. The biggest difference between Windows and OS X, is that Windows doesn't require a user to type a password whereas OS X does.

As to why it is best practice to use a "standard" account for day-to-day activities on a Mac, there are many reasons. At my institution, we do not allow the use of admin account because in practice, there are many folks who do not understand "safe computing practices" despite our training regimen, who might be tricked into a really well-done spearphish, or who do not think about the implications of installing software where the licensing agreement is troublesome. There's also the potential for breakdown of security controls that we take for granted, such as CVE-2013-1775 as an example. This was a vulnerability that essentially broke the safeguards that sudo provides and allowed an "administrator" to have unfettered access to system files and settings without re-authenticating. This is really why best practices exist, because computers are highly complex systems that can break and act in unpredictable ways at times and following the principle of least privilege in this case can reduce the potential attack surface.

 

[Rigby]

It is true virtually every hardening and best practice guide would dictate the use of a standard account over an admin account for daily uses, Macs included. On the Mac, an "Administrator" account is really just a GUI front end for the sudo command. When an action is performed that requires admin (root) privileges, a user is prompted with a dialog to input a password.

That is true, but the way the filesystem permissions are set by default, programs running under an administrator account (member of group "admin") have write access to parts of the system that standard users (by default member of group "staff") don't, even without being prompted for a password. E.g., try opening a shell under a standard and an admin account and enter "touch /Applications/EvilTrojan.app". There are quite a few locations throughout the filesystem that are writable for group admin, mostly in /Applications and /Library. This is what allowed e.g. the OSX/Crisis dropper to silently install a rootkit if the user was working under an admin account.

The equivalent is also true for Windows. Even with UAC, it is safer not to use an administrator account there too.

Both Mac OS X and Windows have the concept of a "root" account (in OS X, it is actually called root by name, and in Windows, it is called Administrator by name, both of which are disabled by default) and neither of which require user intervention to elevate privileges. The biggest difference between Windows and OS X, is that Windows doesn't require a user to type a password whereas OS X does.

By default, OS X does not allow a direct login as root (whereas you can usually log in as user Administrator in Windows).

This is really why best practices exist, because computers are highly complex systems that can break and act in unpredictable ways at times and following the principle of least privilege in this case can reduce the potential attack surface.

Exactly. And under OS X there is very little penalty for following this best practice, since Apple implemented automatic prompts for admin credentials in the GUI when a standard user wants to perform common administrative tasks.

 

[GGJstudios]

This is what allowed e.g. the OSX/Crisis dropper to silently install a rootkit if the user was working under an admin account.

Again, you're back to hypotheticals. OSX/Crisis was never in the wild. There has never been a threat in the wild that infected or compromised OS X running an admin account that would not have also infected or compromised a non-admin account. That is why I said there is no real-world disadvantage in running an OS X admin account.