Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Question about Mac passwords and malware

I

Ilbabgui

macrumors newbie
Original poster
Dec 11, 2016
26
1
Hello and sorry for another thread! I promise, this is the last for at least a month! If I break my word, you can ban me! :D

Mac relies a lot on applications needing to ask password. But how easy is it for malware/trojan/adware to infect Mac and steal said password, then start using it itself?
Or would malware send it to its master outside and said criminal can therefore connect from outside to Mac? Is that a possibility - for someone from outside using Internet connection to connect to my Mac, change things by using my password they have somehow found out through electronic means (meaning me not telling them it in "real life")?
 
If the question is whether it is possible... it is. Whether it is likely, no. Since most malware needs to interact with components of the OS, in all likelyhood you would have to enter a password just to install it, in other words.. watch what you install and from where.

If you are really worried about the admin password being vulnerable, you could also set up a standard user to use day to day, and just have the admin acct for sys maintenance and installing applications. My two cents :)
 
  • Like
Reactions: Ilbabgui
This is something you learn through experience. At some point you will know when and why programs need to ask for your password and you recognise authentication prompts that are presented by the system rather than the program directly (though this is never absolutely reliable).

To give a few rules of thumb:
  • Programs almost never need your account password. By far most of them can just run with the standard permissions that they already have. This applies to many programs that you ‘install’ by dragging them into the /Applications directory. Sometimes, programs need to do something that they cannot do with their standard permissions. They can ask the system to ask you for additional access and this is handled by a password prompt that the system shows you. Here you can enter the password safely, the credentials are not exposed to the program. However, this process can be mimicked by a malicious program to steal your password. Be alerted when a program needs addition privileges and check with the vendor why this is necessary.

  • Some programs that you drag into the /Applications directory will prompt you to install additional components when you open them, for which they need administrator access (see image below). Malwarebytes Anti-Malware for Mac is such a program. This is actually something Apple encourages developers to do when they need to work with elevated privileges, for instance, to read and write in certain system locations. Apple encourages developers to bundle privileged ‘helper applications’ to compartmentalise more dangerous operations, so that the main program does not need to run with elevated privileges. The installation of these components is handled by both the program and the system, where the authentication prompt is presented by the system and the program will never see your credentials. Here you have to check with the vendor why a program needs this kind of access.

  • Some applications are shipped as installer packages (.pkg files), which often look like yellow boxes. These packages are run by Apple’s Installer program and will take care of the installation for you. Here you can also safely enter your credentials, because the authentication is handled by the Installer program. Just be aware that installer packages can contain custom scripts that can be malicious.
Generally, make sure you install programs from trusted sources only and do a bit of research into the credibility of the vendor before you install a program. Avoid downloading programs from websites such as MacUpdate or Softtonic.

Screen Shot 2016-12-13 at 14.23.09.png
 
Last edited:
  • Like
Reactions: Ilbabgui
Kissmyne said:
If the question is whether it is possible... it is. Whether it is likely, no. Since most malware needs to interact with components of the OS, in all likelyhood you would have to enter a password just to install it, in other words.. watch what you install and from where.

If you are really worried about the admin password being vulnerable, you could also set up a standard user to use day to day, and just have the admin acct for sys maintenance and installing applications. My two cents
Click to expand...

Thank you for your advice! :)


Zazoh said:
Keep the questions coming, most of us come here everyday so we can talk a little Mac ... ;-)
Click to expand...

Than you for the kind words!


KALLT said:
This is something you learn through experience. At some point you will know when and why programs need to ask for your password and you recognise authentication prompts that are presented by the system rather than the program directly (though this is never absolutely reliable).

To give a few rules of thumb:
  • Programs almost never need your account password. By far most of them can just run with the standard permissions that they already have. This applies to many programs that you ‘install’ by dragging them into the /Applications directory. Sometimes, programs need to do something that they cannot do with their standard permissions. They can ask the system to ask you for additional access and this is handled by a password prompt that the system shows you. Here you can enter the password safely, the credentials are not exposed to the program. However, this process can be mimicked by a malicious program to steal your password. Be alerted when a program needs addition privileges and check with the vendor why this is necessary.

  • Some programs that you drag into the /Applications directory will prompt you to install additional components when you open them, for which they need administrator access (see image below). Malwarebytes Anti-Malware for Mac is such a program. This is actually something Apple encourages developers to do when they need to work with elevated privileges, for instance, to read and write in certain system locations. Apple encourages developers to bundle privileged ‘helper applications’ to compartmentalise more dangerous operations, so that the main program does not need to run with elevated privileges. The installation of these components is handled by both the program and the system, where the authentication prompt is presented by the system and the program will never see your credentials. Here you have to check with the vendor why a program needs this kind of access.

  • Some applications are shipped as installer packages (.pkg files), which often look like yellow boxes. These packages are run by Apple’s Installer program and will take care of the installation for you. Here you can also safely enter your credentials, because the authentication is handled by the Installer program. Just be aware that installer packages can contain custom scripts that can be malicious.
Generally, make sure you install programs from trusted sources only and do a bit of research into the credibility of the vendor before you install a program. Avoid downloading programs from websites such as MacUpdate or Softtonic.

View attachment 677711
Click to expand...

Thank you very much! This was really informative! It's normal though that all those password prompts in my Mac have my username automatically already written there?
 
Ilbabgui said:
Thank you very much! This was really informative! It's normal though that all those password prompts in my Mac have my username automatically already written there?
Click to expand...

Only when your current account is an administrator account. When you are running as a standard user, that field will be left blank too. One of the minor reasons why it is a good idea to run as a standard user, because you will be more aware of what you are doing.
 
  • Like
Reactions: Ilbabgui
KALLT said:
Only when your current account is an administrator account. When you are running as a standard user, that field will be left blank too. One of the minor reasons why it is a good idea to run as a standard user, because you will be more aware of what you are doing.
Click to expand...

Ah, that's how it is then...
Curious question: if malware asks this prompt, does it change how user name is displayed when in admin or user account?
Like the username is missing, even if it is in admin account?
 
Ilbabgui said:
Ah, that's how it is then...
Curious question: if malware asks this prompt, does it change how user name is displayed when in admin or user account?
Like the username is missing, even if it is in admin account?
Click to expand...

Programs can easily probe the account database for your full name or username. It will be trivial to mimic this. There is not much you can do to spot such fake prompts if they are copied to perfection. Curiously, many hackers do not seem to pay that much attention to it and create sloppy GUI that looks fake if you pay a little attention and know where to look for. I rarely see alerts that I have confused with system prompts.
 
  • Like
Reactions: Ilbabgui
KALLT said:
Programs can easily probe the account database for your full name or username. It will be trivial to mimic this. There is not much you can do to spot such fake prompts if they are copied to perfection. Curiously, many hackers do not seem to pay that much attention to it and create sloppy GUI that looks fake if you pay a little attention and know where to look for. I rarely see alerts that I have confused with system prompts.
Click to expand...

That's good to know! Thank you!
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back