Focus on Apple
Re: What's George Ou smoking? Feb 22 2007 05:35PM
Thor (Hammer of God) (thor hammerofgod com) (1 replies)
Re: What's George Ou smoking? Feb 22 2007 07:34PM
Michael Dalling (mtdalling gmail com)
On Thu, 2007-02-22 at 09:35 -0800, Thor (Hammer of God) wrote:

Thank you for the clarifications. As you say, not all of this is
relevant to OS X and hence here, although some is.

> If people are really bent on running as admin, yet still think that malware
> will run rampant because the default elevation prompt is "click to approve,"
> then all they have to do is set the "Behavior of the elevation prompt for
> administrators in Admin Approval Mode" to "Prompt for credentials" rather
> than "Prompt for consent." Vista will then require username and password
> just like OSX.

But if a user has that clear a conception of what he is doing and of the
consequences of his choices and knows where to find and change the
option would he be likely to be running as an administrative user
anyway? (Perhaps if some software he wants to use forces him to, I'd
guess, not otherwise.)

It seems to me that what matters is what is likely to be done in the
typical situation--or, to be more precise, in the typical home (and
perhaps small business?) situation. And, of course, that means a
default install that hasn't been set up by knowledgeable administrator.

It seems to me what a non-professional user is, so to speak, led to
do--for example, by the design of the OS installation/set-up wizards and
the assumptions they might seem to him to embody--could be quite
important. I hasten to add that that's not a professional opinion but a
statement of how things seem to me, and I'm more interested to hear
comment on that than to say it.

This being focus-Apple I guess it would be better to put this in terms
of what Apple does. As a point of reference, how about the PDF guides
at the bottom of this page?

<http://www.apple.com/macosx/features/security/>

It seems to me that there's something of a gulf between the
recommendations there and what a user is typically led to do by the
Tiger installer--and between the settings as left by the installer and
as recommended there.

(It's a nice irony that Apple's security page has this message for the
visitor:

"Please enable JavaScript to view this page properly."

But I digress ...)

--
Michael

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus