Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
thank you coward virus/worm poster
- Thread starter M-theory
- Start date
- Sort by reaction score
I knew it was confusing, so here is another go at it...
My old Admin account was demoted to be a non-admin account.
I created a new Admin account, and assigned ownership of the /applications and /library to it.
So the only difference from my previous setup is that i have to install programs via the new Admin account in order to keep my non-Admin account "safe"?
My old Admin account was demoted to be a non-admin account.
I created a new Admin account, and assigned ownership of the /applications and /library to it.
So the only difference from my previous setup is that i have to install programs via the new Admin account in order to keep my non-Admin account "safe"?
iMeowbot said:
iMeowbot, I have a question... Rather than having to log in with the admin account each time I want to install software, wouldn't it be as easy to just use the standard account, and then after installing change ownership through command + I? Just a question as to what the difference between both methods is.
You could do that, but there are drawbacks. Some installers like to scatter files all over the world, not always in the directories you may be expecting. By running installers from the dedicated account, you won't have to worry about missing anything.frenetic said:
I would NOT trust installers to do the right thing with permissions and ownership in other directories. If installers were working with security in mind, this wouldn't be an issue in the first place (there's no need for even the admin user to have write access to all those files!).
It's interesting. When ever in the past I have mentioned to fellow Mac users that I have an antivirus application installed mainly because I don't want to unknowingly pass a virus to my pc using friends and colleagues, the general response I get is "...... stuff the pc users. It's their responsibility to deal with virus' not ours..." or "... hey if pc users aren't smart enough to use the proper precautions to avoid downloading virus' then why should we Mac users worry about it..."
Now this small event has taken place and suddenly I read people moaning and berating the person who posted it here. What ever happened to self responsibility?
Now this small event has taken place and suddenly I read people moaning and berating the person who posted it here. What ever happened to self responsibility?
iMeowbot said:
About changing ownership of /Library - which library folder does that mean? If it's the library when I'm logged in as admin I'm ok (it's already owned by system).
But if it's the library when I'm logged in as my every-day user, is it the Library under Ann, or the Library under Macintosh HD?
I should probably understand which account you're talking about, but my brain's on overload here, sorry.
I assume I can use a variant of the terminal command I learned yesterday to do this, cd /Library, but then sudo chown -R adminname:admin *.lib (or something like that???)
It's very weird, iMewobot, but your Spock avatar really makes me take everything you say as gospel. I hear the words in your post in Spock's voice
^^^Its the one under MacintoshHD (or whatever your name for it is)..at least thats typically what the "/library" or "/applications" means.
annk said:
It's the Library folder directly under Macintosh HD (or whatever you call it).
There is another one called /System/Library that you may also want to glance at, but generally it is less of an issue because user programs rarely install things there.
Yeah. I would just use sudo chown root * (and leave the group alone).
That settles it, next week I'm switching to Tinky-WinkyIt's very weird, iMewobot, but your Spock avatar really makes me take everything you say as gospel. I hear the words in your post in Spock's voice
AppleTalk Aust said:
That's a good point.
I admit I was early to judge and say thsoe who did allow this to run wre stupid. I was wrong. I didn't know that this thing could open without an Admin password.
You're right, but a lot of virus and trojans and worms infect Windows without User interaction. This one has to be initiated by the user. So, as far as Anti-virus goes? I still feel like I'm safe. I know i have to watch out for these things, but I don't worry about it.
I'm sure the webmasters on this site would be happy to give the IP address to the police. It's not hard, already known three malware creators and one scammer get arrested and charged off other forums for doining similar things.
It wasn't a well written script. Guessing it was made by a 13 year old scriptkiddie.
Read more here: http://securityresponse.symantec.com/avcenter/venc/data/osx.leap.a.html
It wasn't a well written script. Guessing it was made by a 13 year old scriptkiddie.
Read more here: http://securityresponse.symantec.com/avcenter/venc/data/osx.leap.a.html
howesey said:
1. Anyone who's even remotely intelligent wouldn't submit this to an IP they can be traced from. IT's called Starbucks or a Cyber Cafe'
2. Script kiddies do not write their own code. Script Kiddies USE scripts and apps OTHERS have written to do what they do.
3. The basics of understanding how they could use Spotlight to inflict the damage is a harder conectp to understand than just some average 13 year old kid. Why do you think so few malicious scripts have been found for OS X?
When I'm logged in as user, or as admin?
So that's a complete command? I just use:
sudo chown root * (after I type in the first command I mentioned)??? I know nothing about commands...
That settles it, next week I'm switching to Tinky-Winky
NOOOO!!! I LOVE Spock!
You would have to be logged in as the admin or sudo won't work.annk said:
Yup. And if you want to let it run down the subdirectories,
sudo chown -R root *
(that would be instead of the other chown command you mentioned earlier.)
But it's EVIL SPOCK! He's got a beard!
annk said:
Right here is the reason things like this will always happen. You say you have no idea what this command does but you are prepared to listen to someone on a forum and just type exactly what they said. This is how this dumbware spreads in the first place. OS X is a UNIX like OS if you have no idea what a command does check out its man page to make sure you aren't breaking your system.
So...
man sudo
man chown
then yeah feel free to do it, it wont hurt!
The problem with these kind of malicious programs is they really can't do crap unless someone is dumb enough to run them in the first place. If you have no idea how a UNIX like OS runs how about you don't muck around with it, and don't use the command line, and don't download and run programs from people you don't know?
risc said:
Umm...point taken, but you have to account for the fact that someone who's been following the forum for a couple years (me), and sees who tends to post helpful advice (iMeowbot among others), can feel reasonably safe in following those peoples' instructions. It's by asking questions and getting information here (among other places) that I've learned and become a more intelligent computer user. I'm sure I'm not alone in feeling that way about MR.
risc said:
excellent point! don't just type what someone says without understanding what's going on...hypothetically, what if he was really 'evil spock' and gave you the command to erase your HD!
annk said:
I have no problem with you listening to iMeowbot but this whole entire thread (and the rest of them) are caused by people downloading and running an app linked to by a NEWBIE. Alarm bells should of gone off right then. This is why I say above "people you don't know" if you trust iMeowbot and I can't see why you wouldn't go for it, take some responsibility though and consider learning how the OS actually works. Also don't take it the wrong way I'm not picking you out of the crowd I just think people need to wake up to how powerful any UNIX like OS is.
I think there needs to be a little more of a set up if one wants to be safe.
It requires have 3 accounts.
1 admin account that everything is installed on and all admin stuff is done though.
1 user account that does not have admin accesses
and lastly
1 admin acount that is never used. The last admin account is only used if something goes wrong with the computer because it never been messed with so it is still clean.
But even if you dont want to go though all that trouble everyone should have 1 admin account set aside that is never mess with and it is just a clean admin account.
It requires have 3 accounts.
1 admin account that everything is installed on and all admin stuff is done though.
1 user account that does not have admin accesses
and lastly
1 admin acount that is never used. The last admin account is only used if something goes wrong with the computer because it never been messed with so it is still clean.
But even if you dont want to go though all that trouble everyone should have 1 admin account set aside that is never mess with and it is just a clean admin account.