Question about Mac passwords and malware

Discussion in 'Mac Basics and Help' started by Ilbabgui, Dec 12, 2016.

  1. Ilbabgui macrumors newbie

    Dec 11, 2016
    Hello and sorry for another thread! I promise, this is the last for at least a month! If I break my word, you can ban me! :D

    Mac relies a lot on applications needing to ask password. But how easy is it for malware/trojan/adware to infect Mac and steal said password, then start using it itself?
    Or would malware send it to its master outside and said criminal can therefore connect from outside to Mac? Is that a possibility - for someone from outside using Internet connection to connect to my Mac, change things by using my password they have somehow found out through electronic means (meaning me not telling them it in "real life")?
  2. Kissmyne macrumors 6502


    Apr 21, 2015
    If the question is whether it is possible... it is. Whether it is likely, no. Since most malware needs to interact with components of the OS, in all likelyhood you would have to enter a password just to install it, in other words.. watch what you install and from where.

    If you are really worried about the admin password being vulnerable, you could also set up a standard user to use day to day, and just have the admin acct for sys maintenance and installing applications. My two cents :)
  3. Zazoh macrumors 6502a


    Jan 4, 2009
    San Antonio, Texas
    Keep the questions coming, most of us come here everyday so we can talk a little Mac ... ;-)
  4. KALLT, Dec 13, 2016
    Last edited: Dec 13, 2016

    KALLT macrumors 601

    Sep 23, 2008
    This is something you learn through experience. At some point you will know when and why programs need to ask for your password and you recognise authentication prompts that are presented by the system rather than the program directly (though this is never absolutely reliable).

    To give a few rules of thumb:
    • Programs almost never need your account password. By far most of them can just run with the standard permissions that they already have. This applies to many programs that you ‘install’ by dragging them into the /Applications directory. Sometimes, programs need to do something that they cannot do with their standard permissions. They can ask the system to ask you for additional access and this is handled by a password prompt that the system shows you. Here you can enter the password safely, the credentials are not exposed to the program. However, this process can be mimicked by a malicious program to steal your password. Be alerted when a program needs addition privileges and check with the vendor why this is necessary.

    • Some programs that you drag into the /Applications directory will prompt you to install additional components when you open them, for which they need administrator access (see image below). Malwarebytes Anti-Malware for Mac is such a program. This is actually something Apple encourages developers to do when they need to work with elevated privileges, for instance, to read and write in certain system locations. Apple encourages developers to bundle privileged ‘helper applications’ to compartmentalise more dangerous operations, so that the main program does not need to run with elevated privileges. The installation of these components is handled by both the program and the system, where the authentication prompt is presented by the system and the program will never see your credentials. Here you have to check with the vendor why a program needs this kind of access.

    • Some applications are shipped as installer packages (.pkg files), which often look like yellow boxes. These packages are run by Apple’s Installer program and will take care of the installation for you. Here you can also safely enter your credentials, because the authentication is handled by the Installer program. Just be aware that installer packages can contain custom scripts that can be malicious.
    Generally, make sure you install programs from trusted sources only and do a bit of research into the credibility of the vendor before you install a program. Avoid downloading programs from websites such as MacUpdate or Softtonic.

    Screen Shot 2016-12-13 at 14.23.09.png
  5. Ilbabgui thread starter macrumors newbie

    Dec 11, 2016
    Thank you for your advice! :)

    Than you for the kind words!

    Thank you very much! This was really informative! It's normal though that all those password prompts in my Mac have my username automatically already written there?
  6. KALLT macrumors 601

    Sep 23, 2008
    Only when your current account is an administrator account. When you are running as a standard user, that field will be left blank too. One of the minor reasons why it is a good idea to run as a standard user, because you will be more aware of what you are doing.
  7. Ilbabgui thread starter macrumors newbie

    Dec 11, 2016
    Ah, that's how it is then...
    Curious question: if malware asks this prompt, does it change how user name is displayed when in admin or user account?
    Like the username is missing, even if it is in admin account?
  8. KALLT macrumors 601

    Sep 23, 2008
    Programs can easily probe the account database for your full name or username. It will be trivial to mimic this. There is not much you can do to spot such fake prompts if they are copied to perfection. Curiously, many hackers do not seem to pay that much attention to it and create sloppy GUI that looks fake if you pay a little attention and know where to look for. I rarely see alerts that I have confused with system prompts.
  9. Ilbabgui thread starter macrumors newbie

    Dec 11, 2016
    That's good to know! Thank you!

Share This Page