New 'MACDefender' Variant Installs Without Admin Password Requirement

[dmelgar]

No, you don't need to be running as admin. It makes no difference if you run as a standard or admin user.



It makes no difference whatsoever whether you run as a standard or admin user.

Because an installer is a "safe" program. It's the app that gets installed that may not be safe.

You're fine running as admin, as long as you're careful about what you install.

If you had unchecked the "Open "safe" files after downloading" option, the installer would not have opened without you opening it. Even with that aside, common sense suggests you actually read the screens that come up during installation and think about what you're doing.

Here's the bottom line(s):

• It makes no difference if you run as a standard or admin user.
  

Post is ok except for that statement that it doesn't make a difference if you're running as an admin user or not.

What is this statement based on?

A non admin user cannot install an application to the Applications directory without the additional safeguard of asking the user for the admin userid and password. As a matter of policy this should not be given to any untrustworthy app and should cause pause to investigate why it is needed.

In this particular case, this malware may not do much harmful to the system, and may allow installation locally. However, malware which has admin, and therefore root access can be much more destructive, can destroy the entire operating system, can embed itself and hide it's tracks so that it cannot be removed. An application installed within a non admin userid can only damage that userid unless an privilege escalation exploit it taken advantage of.

 

[GGJstudios]

Post is ok except for that statement that it doesn't make a difference if you're running as an admin user or not.

What is this statement based on?

A non admin user cannot install an application to the Applications directory without the additional safeguard of asking the user for the admin userid and password.

The only way an app can achieve privilege escalation is by the user granting that by entering an admin password. It makes no difference at all whether that user is a standard or admin user. There is little or no benefit to running as a standard user vs as an admin user. In both cases, some common sense and reasonable caution when selecting and installing software is recommended.

 

[munkery]

A non admin user cannot install an application to the Applications directory without the additional safeguard of asking the user for the admin userid and password.

Apps that can be installed in an admin account without a password can also be installed in a standard accounts home folder without a password.

However, malware which has admin, and therefore root access can be much more destructive, can destroy the entire operating system, can embed itself and hide it's tracks so that it cannot be removed.

Admin is not root. Root userid is 0. Admin userid is 501 and up.

Items owned by system belong to root. Activity Monitor shows processes running as root. Look at the ownership and privileges of user installed apps in the applications folder. Most do not run as root and are not owned by system.