Require an administrator password to access system-wide settings? Turn On or Off?

[iphonefreak450]

Hi all,

Just noticed this setting under the Privacy and Security/Advanced settings called Require an administrator password to access system-wide settings, which is turned off by default.

Is it still a good added layer of security to turn on this setting EVEN when I’m the only person using my MacBook device as an Administrator?

The only reason I would think of turning it on, in case malware would get into my system and this setting would at least prevent major system file damages or prevent malware from performing critical system changes.

 

[ipaqrat]

It is absolutely a good idea, and your reasoning is correct, but limited in a critical respect: You should NEVER go about your ordinary daily activities as an admin, anyway. Here are a few layers of behavioral security that'll support your peace of mind... or wreck it, depending on your philosophical leanings...

• Create a separate admin account through which to accomplish installs, updates and settings changes. Make your normal account a regular USER, and get used to supplying that Admin credential. All the friggin' time.
• When browsing casually, use a throw-away browser, like Chrome or Firefox, with No Script, AdBlocker, Ghostery and Leechblock. You can loosen it up to make sites work temporarily, or permanently, case by case.
• For important sites and online business, use Safari (with an ad blocker), which integrates with the OS' underpinning security systems.
  • Use only your own curated bookmarks, that you create yourself.
  • Do not EVER click on any link delivered in any form of messaging or search results, even from people you recognize, who might be pwned (see below about suffering).
  • If you're not a safari user, and worry about compatibility, don't sweat it. In my experience, the Safari WebKit engine is quite compatible with banks, schools, medicals, state/fed, etc. Know that you WILL have to go to settings, site by site, to allow Safari to render certain site features. The only persistent problem I've experienced is friggin' hickoryfarms.com, though Safari in iPad OS does run it (it's all about the sausage party, am I right?).
• Use bogus personal information wherever you can. Don't trust the browser's privacy or tracking or content security features. Remember, even Apple runs an advertising arm, and they take profitability very, very seriously.

The delays and extra steps will seem frustrating as hell at first. Maybe forever <shrug>. World we live in; pranksters, karens, thugs and politicians ensure that we all suffer. Way I see it, I don't have to farm or hunt food, nor carry water from a well in the dead of winter. Cybersecurity is what I do instead. There's no point trying to escape responsibilities; I'd only die even more tired.

 

[Fishrrman]

"You should NEVER go about your ordinary daily activities as an admin, anyway."

I've been using Mac OS X like that (with my primary account as an administrator) since 2004 with no ill effects, ever. Not once.

If this is such a bad idea, why is EVERY Mac that Apple sells configured so that the user establishes his/her own administrative account during setup?

 

[svenmany]

Create a separate admin account through which to accomplish installs, updates and settings changes. Make your normal account a regular USER, and get used to supplying that Admin credential. All the friggin' time.

If I always just enter the admin user and password whenever prompted, am I at the same risk I would be at if I were just logged in as an admin user? Put another way, are there things that would be prevented when running as a normal user that I wouldn't have the opportunity to allow by responding to a prompt?

 

[ipaqrat]

If I always just enter the admin user and password whenever prompted, am I at the same risk I would be at if I were just logged in as an admin user? Put another way, are there things that would be prevented when running as a normal user that I wouldn't have the opportunity to allow by responding to a prompt?

Hypothetically, yes, things can be snaked past that particular authentication & authorization mechanism when you operate with sudo (super-user do) and admin permissions. Plus one might pre-approve certain actions for convenience, i.e., "Fine, quit bugging me!", where a separate admin account would not accept that. I'm thinking of "Chained" style exploits that use sequences of innocuous, pre-approved processes, that later combine into unexpected, perhaps malicious, behaviors.

I haven't been over Sonoma in enough detail to know what actions would trigger MacOS to prompt, and what actions would "just work", because the account is admin level. I may never get around to that; frankly IT Security is making me tired. I'd rather work on my cars and pet my horsies.

In professional security circles, we are all deeply invested in explicitly enumerated logs. Can't get enough of 'em. One requirement for compliance reporting, and unfortunately sometimes, forensics, is seeing which user performs what activity and when. Creating separate accounts disambiguates the fire hose of log data. We have some system that absorb terabytes of log data every day, parse it out and flag on suspicious events for investigations. So segregating accounts is force of habit.

 

[ipaqrat]

"You should NEVER go about your ordinary daily activities as an admin, anyway."

I've been using Mac OS X like that (with my primary account as an administrator) since 2004 with no ill effects, ever. Not once.

If this is such a bad idea, why is EVERY Mac that Apple sells configured so that the user establishes his/her own administrative account during setup?

Whether its "such a bad idea" depends on your recognition and tolerance of risk. Cybersecurity pros encounter IT shenanigans every day, and read all about dire outcomes from sloppy configuration and cavalier behavior. Every tech blog has stories of data/privacy loss and suffering.

All OSs, and most multi-user applications, require the end user to establishes an admin account during setup. Sometimes, software comes with a built-in admin account to ensure the product can be deployed smoothly. Ideally, no one uses that account for operations. In professional configurations, default local admin accounts are disabled and new admin accounts created, ensuring that outsiders' knowledge of the product is useless. At least, in Apple's and Microsoft's case, as svenmany posited, the "Require an administrator password" setting goes some way towards reducing risk by reuserfying an admin account.

This is really the crux: When it comes to the internet, you cannot avoid risk; you can only manage it. Fortunately, behavioral precautions are free, such as segregating user and admin accounts, work and personal profiles, secure and throw-away browsers. Backup systems can cost a little something (do not rely solely on cloud hosted backups), but worth it. Sometimes the careless stay lucky; sometimes the careful get punk'd.