Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Malware vs mac user accounts

M

Magrão

macrumors newbie
Original poster
Mar 4, 2011
11
0
UK
In the wake of all the recent noise about the Mac Defender malware, I read several posts around the internet where people mentioned maintaining one standard user profile for general day to day use, and then a separate admin profile.

I've been playing around with the above idea; prior to this I just had my sole user set up as admin. When I would download and install apps I would get prompted for my password. However, now with my standard user account, when I download an app, I can open and run the app from the download folder with no problem. It only prompts me for the username and password of an admin if I try to move the app to the Applications folder.

Where is the security in that? If I wasn't thinking straight, or someone else was using my mac, and downloaded some malware, the app could simply be run from the download folder.

Opinions? Thanks
 
It doesn't matter if you're running as a standard or admin user. Yes, you can launch an app from the downloads folder, but it can't achieve privilege escalation and affect your OS X installation without entering your admin password. There are several threads where this is discussed in detail. If you want technical detail, pay special attention to posts by munkery. The bottom line is you can avoid all Mac malware by simply exercising caution in where you get software that you install or run.

Mac Virus/Malware Info
 
But as malware still needs an admin password to get access to system files and folders, be it in a Standard Account or Administrator Account, it still can't do anything. And most Mac OS X applications don't need to access system files and folders, thus no password is needed to execute it either way.

Mac Virus/Malware Info by GGJstudios
There are currently no viruses for Mac OS X in public circulation, only a handful of trojans and other malware, which have to be installed manually via entering the administrator password.
The only anti-virus you need to protect your Mac is education and common sense.
 
Magrão said:
In the wake of all the recent noise about the Mac Defender malware, I read several posts around the internet where people mentioned maintaining one standard user profile for general day to day use, and then a separate admin profile.

I've been playing around with the above idea; prior to this I just had my sole user set up as admin. When I would download and install apps I would get prompted for my password. However, now with my standard user account, when I download an app, I can open and run the app from the download folder with no problem. It only prompts me for the username and password of an admin if I try to move the app to the Applications folder.

Where is the security in that? If I wasn't thinking straight, or someone else was using my mac, and downloaded some malware, the app could simply be run from the download folder.

Opinions? Thanks
Click to expand...

I've been running a standard user account for a week or so now and one annoying 'quirk' of this is that software update won't run automatically, I have to manually update after entering user name and password.
I've searched the 'net and macrumors forums and there doesn't seem to be an answer to this.
In the interests of security keeping the system up to date with the latest patches etc, seems quite high and not being able to do this automatically seems to negate any possible benefits of using the standard user account (of which, going by the last two posts on this thread, there doesn't seem to be any running as the only user of my mac)

One other thing that i've noticed is that if I download from the app store it will ask for my admin name and password when using a standard account, if I do it from my admin account it just downloads and installs without asking.
 
Last edited:
Rowf said:
I've been running a standard user account for a week or so now and one annoying 'quirk' of this is that software update won't run automatically, I have to manually update after entering user name and password.
Click to expand...
That's not a quirk since software update is used to update the OS and applications. That's a task for an admin not a standard user.
 
Thanks for those responses, I'll check out those links. In any case, from what GGJstudios & simsaladimbamba have said, there doesn't seem to me to be a great deal to be gained from running two accounts like this (especially in light of what Rowf mentions). Either way, if I were to mistakenly download and install some malware, installing it in the applications folder, I'd still have to enter a password in some cases. Or did I misunderstand? :confused:
 
Magrão said:
Thanks for those responses, I'll check out those links. In any case, from what GGJstudios & simsaladimbamba have said, there doesn't seem to me to be a great deal to be gained from running two accounts like this (especially in light of what Rowf mentions). Either way, if I were to mistakenly download and install some malware, installing it in the applications folder, I'd still have to enter a password in some cases. Or did I misunderstand? :confused:
Click to expand...

You didn't misunderstand.

I run admin accounts on my Mac daily, I have no Standard Account. I do that since 2004, the year I switched.
And since then I have never installed any kind of malware, just with the use of common sense.
 
Standard account: requires admin password to install applications (such as the trojan malware)

Admin account: requires admin password to install applications (such as the trojan malware)

Just don't install anything shady / didn't download. Result = no malware in either case.
 
simsaladimbamba said:
You didn't misunderstand.

I run admin accounts on my Mac daily, I have no Standard Account. I do that since 2004, the year I switched.
And since then I have never installed any kind of malware, just with the use of common sense.
Click to expand...

I've run the same way since 2005 when I switched. No malware, just a bit of common sense. Unfortunately "common sense" is sadly lacking in many computer users today.
 
old-wiz said:
I've run the same way since 2005 when I switched. No malware, just a bit of common sense. Unfortunately "common sense" is sadly lacking in many computer users today.
Click to expand...

It's called "human condition" and can be applied to all fields of existence, meaning the lack of that legend called "common sense" (which I lack in some other areas).
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-gb) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Thanks for all responses :)
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back