Why shouldn't I use my Mac as an administrator?

[moonman239]

Apparently, Apple does not recommend using my administrator account on a daily basis. I understand that I don't need administrator privileges for some tasks. I would still like to know why I should create a separate user.

1) I am the only one who will use this computer.
2) Mac OS X requires that I type in my administrator password any time I want to do something like modify system files or settings.
3) I can see if an application is or contains malware by doing some research on the Internet.

 

[Ddyracer]

Apparently, Apple does not recommend using my administrator account on a daily basis. I understand that I don't need administrator privileges for some tasks. I would still like to know why I should create a separate user.

1) I am the only one who will use this computer.
2) Mac OS X requires that I type in my administrator password any time I want to do something like modify system files or settings.
3) I can see if an application is or contains malware by doing some research on the Internet.

Who the hell cares what they think? So long as it works for you go for it

 

[LV426]

I would still like to know why I should create a separate user.

It's a belt & braces approach. If some ghastly operating system exploit were devised that could allow, for example, arbitrary software to be installed as a drive-by to a naughty website, you are more at risk if the current user has admin privileges. Low-level blocks get in the way for non-admin accounts.

Fortunately, security in OSX is very very good, and this is extremely unlikely to happen.

 

[Fishrrman]

From the very first time I "signed into" OS X (back in 2004) I've been "an administrator".

All my Macs are still running just fine...

 

[GGJstudios]

Apparently, Apple does not recommend using my administrator account on a daily basis.

Please link to that recommendation.

There is zero benefit to running on a standard vs administrator account if you are the only user on your Mac. That's a carryover from Windows mentality.

If some ghastly operating system exploit were devised that could allow, for example, arbitrary software to be installed as a drive-by to a naughty website, you are more at risk if the current user has admin privileges.

If software needs to install in areas that require the admin password, the password is requested even if the user is logged in as an administrator. There is no added protection provided by running a standard account.

 

[chabig]

Apparently, Apple does not recommend using my administrator account on a daily basis.

I agree with GGJstudios. Apple doesn't "not recommend" using an administrator account. If they did, the new Mac setup procedure would prompt you to create both an administrator and a user account.

 

[sjinsjca]

It's a safety issue.

If you're signed in as an administrator and some piece of malware (such as may be burrowed into a dodgy website) decides to try to install itself on your machine, there's one less level of authentication standing in its way than if you were signed in as a non-privileged user.

Similarly, if you're away from your desk for a moment and some Bad Guy wants to install a key logger or camera-snapper on your machine, if you're logged in as an admin it's that much easier to do so. (Don't laugh-- I first got paranoid about security when I did a quick U-turn after leaving my office for lunch and found a creepy co-worker poking around on my laptop.)

And so on. It's just a defense, and a good one. And on the Mac (and other *nix-like OSes) the incremental inconvenience is very small.

It's recommended for a reason, and the folks who say "I don't do it and everything is just fine" may come to regret their smug complacency someday.

 

[simsaladimbamba]

It's a safety issue.

If you're signed in as an administrator and some piece of malware (such as may be burrowed into a dodgy website) decides to try to install itself on your machine, there's one less level of authentication standing in its way than if you were signed in as a non-privileged user.

Similarly, if you're away from your desk for a moment and some Bad Guy wants to install a key logger or camera-snapper on your machine, if you're logged in as an admin it's that much easier to do so. (Don't laugh-- I first got paranoid about security when I did a quick U-turn after leaving my office for lunch and found a creepy co-worker poking around on my laptop.)

And so on. It's just a defense, and a good one. And on the Mac (and other *nix-like OSes) the incremental inconvenience is very small.

It's recommended for a reason, and the folks who say "I don't do it and everything is just fine" may come to regret their smug complacency someday.

Even when running as an admin, one still needs the admin password to install such software. Unless there is no password, but that is up to the actual user and its competence and knowledge.

Anyway, I recommend running a Parental Controlled user account, with all limitations enabled as a daily account, thus one cannot harm anything.

 

[GGJstudios]

If you're signed in as an administrator and some piece of malware (such as may be burrowed into a dodgy website) decides to try to install itself on your machine, there's one less level of authentication standing in its way than if you were signed in as a non-privileged user.

Similarly, if you're away from your desk for a moment and some Bad Guy wants to install a key logger or camera-snapper on your machine, if you're logged in as an admin it's that much easier to do so.

In both of those scenarios, being logged in as an admin user does not change the vulnerability at all. If the admin password is required to install software, it will be required whether logged in as a standard or admin user. There is no security advantage in running as a standard user.

 

[heisenberg123]

It's a safety issue.

If you're signed in as an administrator and some piece of malware (such as may be burrowed into a dodgy website) decides to try to install itself on your machine, there's one less level of authentication standing in its way than if you were signed in as a non-privileged user.

Similarly, if you're away from your desk for a moment and some Bad Guy wants to install a key logger or camera-snapper on your machine, if you're logged in as an admin it's that much easier to do so. (Don't laugh-- I first got paranoid about security when I did a quick U-turn after leaving my office for lunch and found a creepy co-worker poking around on my laptop.)

And so on. It's just a defense, and a good one. And on the Mac (and other *nix-like OSes) the incremental inconvenience is very small.

It's recommended for a reason, and the folks who say "I don't do it and everything is just fine" may come to regret their smug complacency someday.

even if you dont have password turned on for things like logging in or waking up the mac, you always need a password to install system files

 

[janitor3]

I have a Mac mini and a MacBook Pro and, as well as having an admin account on both, I use a standard account for normal everyday use.

 

[GGJstudios]

I have a Mac mini and a MacBook Pro and, as well as having an admin account on both, I use a standard account for normal everyday use.

Of course, you're free to do that if you wish. There is, however, no security advantage in doing so.

 

[Bruno09]

Please link to that recommendation.

Apple doesn't "not recommend" using an administrator account.

Here is what Apple says :

Unless you need administrator access for specific system maintenance tasks that cannot be accomplished by authenticating with the administrator’s account while logged in as a normal user, always log in as a nonadministrator user.

Log out of the administrator account when you are not using the computer as an administrator. Never browse the web or check email while logged in to an administrator’s account.

Page 119 : https://ssl.apple.com/support/security/guides/docs/SnowLeopard_Security_Config_v10.6.pdf

 

[simsaladimbamba]

Here is what Apple says :

Unless you need administrator access for specific system maintenance tasks that cannot be accomplished by authenticating with the administrator’s account while logged in as a normal user, always log in as a nonadministrator user.

Log out of the administrator account when you are not using the computer as an administrator. Never browse the web or check email while logged in to an administrator’s account.

Page 119 : https://ssl.apple.com/support/security/guides/docs/SnowLeopard_Security_Config_v10.6.pdf

For something that important, "always" and "never" seem to indicate that, it is quite well hidden, but then again, that guide is not meant for the average consumer.

Important: This document is intended for use by security professionals in sensitive environments. Implementing the techniques and settings found in this document impacts system functionality and may not be appropriate for every user or environment.

 

[GGJstudios]

Page 119 : https://ssl.apple.com/support/security/guides/docs/SnowLeopard_Security_Config_v10.6.pdf

In addition to the post by simsaladimamba, it should also be pointed out that this doucment is entitled

"Mac OS X Security Configuration For Mac OS X Version 10.6 Snow Leopard"​

And goes on to say:

If you are logged in as an administrator, you are granted privileges and abilities that you might not need. For example, you can potentially modify system preferences without being required to authenticate. This authentication bypasses a security safeguard that prevents malicious or accidental modification of system preferences.

Changing System Preferences is not the same as installing software that requires the admin password.
The document further states:

Audience

This guide is for users of Mac OS X v 10.6 Snow Leopard or later. If you’re using this guide, you should be an experienced Mac OS X user, be familiar with the Mac OS X user interface, and have experience using the Terminal application’s command-line interface. You should also be familiar with basic networking concepts.

Some instructions in this guide are complex, and use could cause serious effects on the computer and its security. These instructions should only be used by experienced Mac OS X users, and should be followed by thorough testing.

 

[LV426]

If software needs to install in areas that require the admin password, the password is requested even if the user is logged in as an administrator. There is no added protection provided by running a standard account.

That's not correct. It's possible to conceive of an OS flaw / exploit that completely bypasses this particular level of security (password request) if the current user has admin rights. But there would be one more hurdle for the exploit to jump if the current user is not granted admin rights.

 

[heisenberg123]

That's not correct. It's possible to conceive of an OS flaw / exploit that completely bypasses this particular level of security (password request) if the current user has admin rights. But there would be one more hurdle for the exploit to jump if the current user is not granted admin rights.

example?

I am the admin on my mbp, I have passwords turned off of loggin in or waking from sleep, yet I still have to enter a password when I change something important

 

[paulrbeers]

That's not correct. It's possible to conceive of an OS flaw / exploit that completely bypasses this particular level of security (password request) if the current user has admin rights. But there would be one more hurdle for the exploit to jump if the current user is not granted admin rights.

Yes I too would like to see proof of this. I've used Macs as Admin for 4+ years now and my wife for 2+ years (and she was terrible in Windows for getting viruses/malware/etc) and we haven't had an issue.

I am not saying it is impossible, rather I want to be educated!

 

[GGJstudios]

That's not correct.

Yes, my statement is correct. You claiming otherwise doesn't change that fact. If you want to effectively challenge it, provide proof.

It's possible to conceive of an OS flaw / exploit that completely bypasses this particular level of security (password request) if the current user has admin rights. But there would be one more hurdle for the exploit to jump if the current user is not granted admin rights.

Conceiving some imagined flaw is quite different from providing factual evidence that such a flaw currently exists. Your hypothesis is not a threat until it becomes reality, which it hasn't.

 

[LV426]

Yes, my statement is correct. You claiming otherwise doesn't change that fact. If you want to effectively challenge it, provide proof.

Conceiving some imagined flaw is quite different from providing factual evidence that such a flaw currently exists. Your hypothesis is not a threat until it becomes reality, which it hasn't.

Your statement is not correct. See a statement by Apple here that lists just one possible advantage of an administrator account over a regular account, namely the ability to escalate privileges to root level where, basically, anything is possible including installation of malware.

Who said that such OSX flaws/exploits exist? I certainly didn't. But the possibility that they may exist is always there.

You don't have to Google very far to find advisories on past vulnerabilities whose effects are very much linked to the privileges of the current user.

I think you'll find this is one reason that Apple themselves make the recommendation about not using a non-admin account for your day-to-day work.

 

[simsaladimbamba]

Your statement is not correct. See a statement by Apple here that lists just one possible advantage of an administrator account over a regular account, namely the ability to escalate privileges to root level where, basically, anything is possible including installation of malware.

Who said that such OSX flaws/exploits exist? I certainly didn't. But the possibility that they may exist is always there.

But one does need manual access and an admin password to enable the root account.

Enter an administrator account name and password, then click OK

from that article you linked to

Anyway, I have fared well on all the admin accounts I ran over the past ten years on my five or six Macs. I even tried those shady sites once per day, the ones with naked images of cute kittens, man, that was hilarious.
One "l" only? Where is the second one gone? Mister GiGolo, have you fed the cat tonight?

 

[GGJstudios]

Your statement is not correct. See a statement by Apple here that lists just one possible advantage of an administrator account over a regular account, namely the ability to escalate privileges to root level where, basically, anything is possible including installation of malware.

You are misinformed. You cannot enable the root user without entering the administrator password, which is exactly proves my original statement.

I think you'll find this is one reason that Apple themselves make the recommendation about not using a non-admin account for your day-to-day work.

As already stated, Apple makes no such recommendation for average users. The example you posted was clearly not intended for the millions of OSX users.

 

[LV426]

You are misinformed. You cannot enable the root user without entering the administrator password, which is exactly proves my original statement.

As already stated, Apple makes no such recommendation for average users. The example you posted was clearly not intended for the millions of OSX users.

This is what Apple Say (they may well have more to say on the matter):

Users with administrator privileges can make broad changes to a computer’s settings, install software, and perform a variety of tasks that other users can’t. To keep your computer secure and maintain a consistent and stable configuration, limit the number of administrators your computer has.

Ergo, the less administrators on your computer, the better. Because users with admin rights can make your computer insecure.

We've already established that exploits have existed in the past, get patched from time to time, and will exist in the future. Such exploits run in the context of the logged in user.

Do you even know what an exploit is? That they rely on coding flaws to, for example, work around existing security limitations such as password requirements?

Get real. We don't like in a secure world. Apple's software is far more secure than most, but it is not invulnerable. No software is. Apple say limit your admin accounts because they can make your computer insecure. You seem to have a problem understanding their advice.

 

[GGJstudios]

This is what Apple Say (they may well have more to say on the matter):

Please read the earlier posts in this thread. It has already been established that the document that you're quoting from is not intended for the average Mac user.

Apple's software is far more secure than most, but it is not invulnerable. No software is.

No one is claiming that any software is invulnerable. However, my original statement is completely true:

If software needs to install in areas that require the admin password, the password is requested even if the user is logged in as an administrator. There is no added protection provided by running a standard account.

Could that change at some point in time in the future? It's possible. But it is true in today's operating environment. Might there be an advantage in running a standard versus administrator account at some point in the future? Quite possibly. However, such is not the case today.

If you want to run on a standard account, that certainly your choice. But it is false and misleading to claim that everyone needs to do the same in order to operate securely.

 

[LV426]

If you want to run on a standard account, that certainly your choice. But it is false and misleading to claim that everyone needs to do the same in order to operate securely.

And nobody is suggesting any such thing.

I'm not going to do security experts' work for them. Interested readers may care to download this guide from the SANS Institute on using OS X securely, and - in particular - note the following paragraph.

Use a standard user account for daily operations. Administrator accounts should only be used for operations that require administrative privileges. Administrator privileges are required for tasks like installing software, running updates and configuring various settings in the operating system. When running as an administrator, malicious software could affect the operating system or applications. Malicious software is often not able to
exploit a given system if the local user executing the code does not have sufficient privileges to install or change the configuration of the system. Administrator accounts should not be used for writing documents, checking e-mail or browsing websites. Administrators of systems should always keep the segregation of duties when dealing with administrator and user actions.