Focus on Apple
Mac Trojan Nov 01 2007 12:26PM
David Harley (david a harley gmail com) (1 replies)
Re: Mac Trojan Nov 01 2007 06:45PM
Dave Schroeder (das doit wisc edu) (2 replies)
Re: Mac Trojan Nov 01 2007 08:34PM
David Fedoruk (david fedoruk gmail com) (1 replies)
RE: Mac Trojan Nov 06 2007 06:41PM
Todd Woodward (todd_woodward symantec com) (1 replies)
RE: Mac Trojan Nov 06 2007 08:07PM
Paul Schmehl (pauls utdallas edu) (1 replies)
Re: Mac Trojan Nov 06 2007 09:10PM
Philippe Devallois (phdevallois intego com) (3 replies)
Mac OS X Security and Common Sense Nov 07 2007 07:03PM
Todd Woodward (todd_woodward symantec com) (2 replies)
RE: Mac OS X Security and Common Sense Nov 07 2007 07:57PM
David Harley (david a harley gmail com) (1 replies)
Re: Mac OS X Security and Common Sense Nov 07 2007 08:28PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (1 replies)
RE: Mac OS X Security and Common Sense Nov 11 2007 04:09PM
David Harley (david a harley gmail com) (1 replies)
Re: Mac OS X Security and Common Sense Nov 11 2007 05:32PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (2 replies)
Re: Mac OS X Security and Common Sense Nov 12 2007 04:52PM
Paul Schmehl (pauls utdallas edu) (1 replies)
RE: Mac OS X Security and Common Sense Nov 13 2007 04:12PM
Thor \(Hammer of God\) (thor hammerofgod com)
RE: Mac OS X Security and Common Sense Nov 11 2007 07:33PM
David Harley (david a harley gmail com) (1 replies)
Re: Mac OS X Security and Common Sense Nov 11 2007 09:01PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (1 replies)
RE: Mac OS X Security and Common Sense Nov 12 2007 09:43AM
David Harley (david a harley gmail com)
Re: Mac OS X Security and Common Sense Nov 07 2007 07:30PM
Paul Schmehl (pauls utdallas edu)
Re: Mac Trojan Nov 07 2007 04:33PM
Kevin Long (kevin long verizonbusiness com) (3 replies)
Re: Mac Trojan Nov 14 2007 01:32PM
Dave Piscitello (dave corecom com) (1 replies)
Re: Mac Trojan and Last Security Update Nov 15 2007 03:03PM
Philippe Devallois (phdevallois intego com) (1 replies)
RE: Mac Trojan and Last Security Update Nov 15 2007 08:01PM
David Harley (david a harley gmail com)
Re: Mac Trojan Nov 07 2007 05:35PM
Paul Schmehl (pauls utdallas edu)
Re: Mac Trojan Nov 07 2007 05:31PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr)
RE: Mac Trojan [and a proposed book] Nov 07 2007 11:59AM
David Harley (david a harley gmail com)
Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 07:11PM
Roland Dobbins (rdobbins cisco com) (6 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 10:33PM
Thor \(Hammer of God\) (thor hammerofgod com) (1 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 09:08PM
John Ladwig (John Ladwig csu mnscu edu)
Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 08:13PM
John Ladwig (John Ladwig csu mnscu edu)
Re: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 07:31PM
Edward R. Marczak (marczak radiotope com) (1 replies)
Re: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 02 2007 01:35AM
Roland Dobbins (rdobbins cisco com)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 07:29PM
Todd Woodward (todd_woodward symantec com) (1 replies)
Re: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 07:45PM
Edward R. Marczak (marczak radiotope com) (1 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 08:05PM
Todd Woodward (todd_woodward symantec com) (1 replies)
Re: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 09:14PM
Edward R. Marczak (marczak radiotope com) (1 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 04 2007 09:25PM
Thor \(Hammer of God\) (thor hammerofgod com) (3 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 05 2007 03:24PM
Paul Schmehl (pauls utdallas edu) (2 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 05 2007 07:26PM
Chris Pepper (pepper reppep com)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 05 2007 06:14PM
Jeramey Valley (ValleyJR mps k12 mi us) (1 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 05 2007 07:25PM
Paul Schmehl (pauls utdallas edu) (1 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 05 2007 11:39PM
Thor \(Hammer of God\) (thor hammerofgod com) (1 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 05 2007 08:14PM
Jeramey Valley (ValleyJR mps k12 mi us) (1 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 06 2007 01:09AM
Thor \(Hammer of God\) (thor hammerofgod com) (2 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 06 2007 05:59PM
Paul Schmehl (pauls utdallas edu)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 06 2007 12:13PM
Jeramey Valley (ValleyJR mps k12 mi us)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 04 2007 11:25PM
Thor \(Hammer of God\) (thor hammerofgod com)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 04 2007 08:29PM
Todd Woodward (todd_woodward symantec com)
Re: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 07:22PM
Dave Schroeder (das doit wisc edu)
Re: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 07:16PM
Jason Pruim (japruim raoset com)

On Nov 1, 2007, at 3:11 PM, Roland Dobbins wrote:

>
> On Nov 2, 2007, at 1:45 AM, Dave Schroeder wrote:
>
>> But it's a Trojan, which requires user interaction, downloading
>> something manually, and expressly granting it administrative
>> privileges to your machine.
>
> This brings up an interesting point - how many Mac users go to the
> trouble of setting up a nonprivileged account and then do their
> normal work under that? I don't know, but my guess is that it's a
> pretty low percentage, especially as, at least with Tiger, one runs
> into some issues such as borked /Applications perms/ownership which
> require a *NIX background to even understand, much less remedy.
>
> How many Mac users have been faced with a seemingly-random request
> to grant a non-obvious background app/utility Keychain access, not
> to mention commonly-used apps asking for it without an easily-
> discerned reason? And in such situation, what do they typically
> tend to do (I've my own opinion about this, but clue welcomed).

From my own experience, I've run in both admin and non admin
accounts, Here at work, my desktop is setup as an admin account which
I run in and don't worry about bad things happening. But then again,
with what I'm doing, some of which involves programming I am very
careful to look at all the messages that pop up on my computer.

At home, I have a macbook running leopard which I intentionally set up
with an admin account and then 2 separate non admin accounts for me
and my wife. I've never had any issues running with a non-admin
account in tiger which is how the macbook started.

So for my opinion, to an extent, if someone was to download a file off
the internet, and it asked for an admin password I would hope that
people would look at it and at least be relatively certain that it's
what they expect it... None of the "Please give us your username/
password to open this picture of naked people" (Those people get what
they deserve in my opinion) :)

But I'm also not a normal user.
--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424
www.raoset.com
japruim (at) raoset (dot) com [email concealed]

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus