Focus on Apple
Mac Trojan Nov 01 2007 12:26PM
David Harley (david a harley gmail com) (1 replies)
Re: Mac Trojan Nov 01 2007 06:45PM
Dave Schroeder (das doit wisc edu) (2 replies)
Re: Mac Trojan Nov 01 2007 08:34PM
David Fedoruk (david fedoruk gmail com) (1 replies)
RE: Mac Trojan Nov 06 2007 06:41PM
Todd Woodward (todd_woodward symantec com) (1 replies)
RE: Mac Trojan Nov 06 2007 08:07PM
Paul Schmehl (pauls utdallas edu) (1 replies)
Re: Mac Trojan Nov 06 2007 09:10PM
Philippe Devallois (phdevallois intego com) (3 replies)
Mac OS X Security and Common Sense Nov 07 2007 07:03PM
Todd Woodward (todd_woodward symantec com) (2 replies)
RE: Mac OS X Security and Common Sense Nov 07 2007 07:57PM
David Harley (david a harley gmail com) (1 replies)
Re: Mac OS X Security and Common Sense Nov 07 2007 08:28PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (1 replies)
RE: Mac OS X Security and Common Sense Nov 11 2007 04:09PM
David Harley (david a harley gmail com) (1 replies)
Re: Mac OS X Security and Common Sense Nov 11 2007 05:32PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (2 replies)
Re: Mac OS X Security and Common Sense Nov 12 2007 04:52PM
Paul Schmehl (pauls utdallas edu) (1 replies)
RE: Mac OS X Security and Common Sense Nov 13 2007 04:12PM
Thor \(Hammer of God\) (thor hammerofgod com)
RE: Mac OS X Security and Common Sense Nov 11 2007 07:33PM
David Harley (david a harley gmail com) (1 replies)
Re: Mac OS X Security and Common Sense Nov 11 2007 09:01PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (1 replies)
RE: Mac OS X Security and Common Sense Nov 12 2007 09:43AM
David Harley (david a harley gmail com)
Re: Mac OS X Security and Common Sense Nov 07 2007 07:30PM
Paul Schmehl (pauls utdallas edu)
Re: Mac Trojan Nov 07 2007 04:33PM
Kevin Long (kevin long verizonbusiness com) (3 replies)
Re: Mac Trojan Nov 14 2007 01:32PM
Dave Piscitello (dave corecom com) (1 replies)
Re: Mac Trojan and Last Security Update Nov 15 2007 03:03PM
Philippe Devallois (phdevallois intego com) (1 replies)
RE: Mac Trojan and Last Security Update Nov 15 2007 08:01PM
David Harley (david a harley gmail com)
Re: Mac Trojan Nov 07 2007 05:35PM
Paul Schmehl (pauls utdallas edu)
Re: Mac Trojan Nov 07 2007 05:31PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr)
RE: Mac Trojan [and a proposed book] Nov 07 2007 11:59AM
David Harley (david a harley gmail com)
Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 07:11PM
Roland Dobbins (rdobbins cisco com) (6 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 10:33PM
Thor \(Hammer of God\) (thor hammerofgod com) (1 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 09:08PM
John Ladwig (John Ladwig csu mnscu edu)
Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 08:13PM
John Ladwig (John Ladwig csu mnscu edu)
Re: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 07:31PM
Edward R. Marczak (marczak radiotope com) (1 replies)
Re: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 02 2007 01:35AM
Roland Dobbins (rdobbins cisco com)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 07:29PM
Todd Woodward (todd_woodward symantec com) (1 replies)
Roland Dobbins wrote:
> This brings up an interesting point - how many Mac users go to the
> trouble of setting up a nonprivileged account and then do their
> normal work under that? I don't know, but my guess is that it's a
> pretty low percentage, especially as, at least with Tiger, one runs
> into some issues such as borked /Applications perms/ownership which
> require a *NIX background to even understand, much less remedy.

This is a really critical point.

I have advocated and even officially requested that Apple consider the
[sarcasm]wholly radical and industry changing step of[/sarcasm]
modifying the wizard to walk new users through creating two accounts
during initial setup: An administrative account and a non-administrative
account. Most people I know use an administrative account for ALL of
their Mac OS X use. (For that matter, it's pretty much the same for
Windows users, although it doesn't exactly compare.)

> How many Mac users have been faced with a seemingly-random request to
> grant a non-obvious background app/utility Keychain access, not to
> mention commonly-used apps asking for it without an easily-discerned
> reason? And in such situation, what do they typically tend to do
> (I've my own opinion about this, but clue welcomed).

Another excellent point. I think most users have an ingrained
subconscious response to click "OK" on whatever comes up on the screen
without reading it or consider the impact of their choice.

Security Response Researcher
Focus-Apple Moderator

Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
www.symantec.com
Springfield, Oregon

Office: 541-335-7441

[ reply ]
Re: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 07:45PM
Edward R. Marczak (marczak radiotope com) (1 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 08:05PM
Todd Woodward (todd_woodward symantec com) (1 replies)
Re: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 09:14PM
Edward R. Marczak (marczak radiotope com) (1 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 04 2007 09:25PM
Thor \(Hammer of God\) (thor hammerofgod com) (3 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 05 2007 03:24PM
Paul Schmehl (pauls utdallas edu) (2 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 05 2007 07:26PM
Chris Pepper (pepper reppep com)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 05 2007 06:14PM
Jeramey Valley (ValleyJR mps k12 mi us) (1 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 05 2007 07:25PM
Paul Schmehl (pauls utdallas edu) (1 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 05 2007 11:39PM
Thor \(Hammer of God\) (thor hammerofgod com) (1 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 05 2007 08:14PM
Jeramey Valley (ValleyJR mps k12 mi us) (1 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 06 2007 01:09AM
Thor \(Hammer of God\) (thor hammerofgod com) (2 replies)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 06 2007 05:59PM
Paul Schmehl (pauls utdallas edu)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 06 2007 12:13PM
Jeramey Valley (ValleyJR mps k12 mi us)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 04 2007 11:25PM
Thor \(Hammer of God\) (thor hammerofgod com)
RE: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 04 2007 08:29PM
Todd Woodward (todd_woodward symantec com)
Re: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 07:22PM
Dave Schroeder (das doit wisc edu)
Re: Privileged vs. non-privileged? (was Re: Mac Trojan) Nov 01 2007 07:16PM
Jason Pruim (japruim raoset com)


 

Privacy Statement
Copyright 2010, SecurityFocus