1 2 Previous Next 17 Replies Latest reply: Nov 8, 2013 2:23 AM by donald92
bpbpbp Level 2 Level 2 (205 points)

I have just loaded 'Steam' (after a relation of mine virtually insisted I do it and not wishing to offend I loaded it). Now I have it on my Macbook it wants me to enable access for assistive devices.


I did a search of enabling access to assistive devices and it took me to a keylogger website where people can monitor your keystrokes!


Is enabling assistive devices a security risk? I'm inclined to remove Steam at present because it seems that I am giving access to my Mac that I am not comfortable doing.



MacBook Pro (15-inch Late 2011), Mac OS X (10.7.3)
  • 1. Re: 'Steam' - Enabling 'Access for assistive devices'
    thomas_r. Level 7 Level 7 (27,930 points)

    That setting is a normal part of the Mac OS, and does not pose a security risk.  Just because a search with those same terms also pulled up a keylogger page does not mean there's any relation between the two.


    As to Steam, it's a perfectly safe app for buying and playing games.  If you don't actually want that, then you can certainly delete it.

  • 2. Re: 'Steam' - Enabling 'Access for assistive devices'
    bpbpbp Level 2 Level 2 (205 points)

    Thanks Thomas,


    I am a little re-assured by what you say but I still do not really understand what I am 'allowing' or 'opening' by ticking this option in the preferences area?


    What does ticking this box actually do to my laptop - do you know?



  • 3. Re: 'Steam' - Enabling 'Access for assistive devices'
    cheeseb Level 1 Level 1 (20 points)

    Turning on access for assistive devices enables Apple's built-in Mac OS X accessibility features, which are available in all standard Mac OS X applications once you turn on this setting. "Assistive software" for persons with disabilities takes advantage of these accessibility features. So, if you have difficulties with vision, you turn it on so you can use VoiceOver. If you have motor control difficulties, you turn it on so you can use pointing devices and associated software to take the place of the mouse and the keyboard. And you leave it turned on, of course.


    In addition, many applications that are not targeted at persons with disabilities use the accessibility features to control other applications in useful ways. For example, Apple's own "GUI Scripting" AppleScript technology lets you write scripts that control other applications' menus, buttons, and so on, even if they are not scriptable in the normal AppleScript fashion. There are many third-party application examples. All of them require you to leave access for assistive devices turned on.


    I've had it turned on on all of my computers for about 10 years now (Accessibility was introduced in Jaguar).


    Apple has always left the default setting at "disabled" because there is a theoretical risk. If somebody sneaks an application onto your computer that uses the accessibility features, it can control other applications on your computer without your knowledge. So, if you don't need it, it makes sense to leave it turned off. But if you pay attention to what you install on your computer, I believe the risk is quite small. In the end, you have to make a decision like that for yourself.

  • 4. Re: 'Steam' - Enabling 'Access for assistive devices'
    bpbpbp Level 2 Level 2 (205 points)

    Thanks cheeseb. I read somewhere a while ago that people that play on-line computer games run this sort of risk of outside interference/hacking on a computer. Whilst this risk is probably small, it is still out there. This has nothing to do with Steam itself but by virtue of enabling/opening features for on-line gaming the computer itself becomes more vunerable.


    I do appreciate the time you took to explain this. It confirms what I have read earlier but I feel I have more faith in my Apple's system over a PC. However, because I am not a technically savvy person I still need re-assurance ocassionally on 'what not to do' to minimise the risks.


    I noted, by watching a TV doco on hackers/terrorism, that there is now a university course/degree conducted in the US to train hackers for employment by the US government to counter computer terrorists. One of the first graduates was interviewed after graduating and was asked what he had learned from this studies. His reply surprised me - "it has taught me to never store my personal information on any computer".


    Revealing - and helping me to become even more concerned.



  • 5. Re: 'Steam' - Enabling 'Access for assistive devices'
    softwater Level 5 Level 5 (5,370 points)

    bpbpbp wrote:


    His reply surprised me - "it has taught me to never store my personal information on any computer".


    Revealing - and helping me to become even more concerned.



    Plays well on TV, but really you can reduce that expression to what they taught spies in the OSS back in the 1940s:


    "Never keep a record of any information"


    Computers, per se, haven't got anything to do with. It follows logically that any storage device from paper to disk drive to your brain must be accessible in order to function as a storage device, just as a safe must have a door and a lock. For that reason, all such devices are inherently breachable by some means or other (easiest way to get into information in your brain is for someone to threaten you or someone you value more highly than the information you are keeping).


    The trick is not to stop storing information, on computers or elsewhere, but to learn about the vulnerabilities, know the risks of what you do, and take steps to minimize them.

  • 6. Re: 'Steam' - Enabling 'Access for assistive devices'
    bpbpbp Level 2 Level 2 (205 points)

    Thanks softwater.


    I accept your comments with grace.


    The difference between 1940 and now is drastically different - now we have rampant identity fraud and people like me feel threatened because we are basically poorly educated on computer technology. I am 63 and like all old people we need to keep up and use computers. We need to learn (obviously) but the skillset needed is lacking - we were taught on an Abacus at school (well my sons think I was).


    Millions upon millions of dollars are being milked out of Australia alone by internet fraud - I have no doubt that this is in the Billions worldwide and whilst the OSS might have been trained to fight spies - oldies like me haven't been.


    I hear you ask why am I trying to use Steam - this is what happens when well intentioned nephews and grandchildren come to visit oldies and take over their computer to bring them into the 21st century - maybe the 1940's weren't so bad (still a bit before my time though).



  • 7. Re: 'Steam' - Enabling 'Access for assistive devices'
    softwater Level 5 Level 5 (5,370 points)

    You seem pretty rational and intelligent to me and computers aren't really that difficult to master once you get through the hype. Indeed, they are in one sense very simplistic in their logic, it's just that there's a lot layers upon layers that make undersanding them not a little like peeling an onion. You have to go down one layer at a time.


    Back to practical rather than philosophical matters, the steps you need to take against protecting yourself and your data online are fairly straightforward on a Mac - assuming, that is, that you're not being targeted by the CIA (in which case your computer is probably the least of your worries...).


    1. Don't run your Mac from your Admin account. Set up a Standard user account for general stuff, especially browsing the internet.


    2. Make sure you've turned on Firewall here:


     > System Preferences > Security > Firewall


    3. Don't use simple passwords for any online accounts, gmail, hotmail etc. Best advice with passwords is use a password manager like 1Password to generate and save unmemorable 16 character (or more) passwords for you. Use an acronym of some phrase or book title that's meaningful to you combined with some symbols or numbers (not a year, as there's only 2012 of these for a brute force algorithm to run through) for your master password to 1Password.


    4. Make sure that in Safari > View menu you have


    Show Status Bar


    turned on, and always inspect a link's address in the status bar before clicking on it (EDIT: YOU do this by letting the cursor arrow hover over the link without clicking. The link's real address will be shown in the Status bar at the bottom of Safari's window). This will give you some idea of whether the address shown on the link is really the address that it is going to.


    5. Use something like SafariAdblocker to reduce your exposure to irritating (but sometimes persuasive) ads that link to dodgy websites.


    6. Never ever download MacKeeper or other so-called 'performance' or 'utility' software for your mac. They are all scamming you in one way or another.


    7. Whenever you're unsure of what you're doing, don't do it. Post in these forums for advice first.


    8. Maybe a personal one this, but avoid all online banking services. Too much to risk for too little benefit of 'convenience'.


    9. Never download anything without first doing a google search with 'review ' first. That includes App store stuff. Read and research what you let into your computer environment.


    10. Don't let your nephews pwn your computer


    Hope some of this helps (and I was only half-joking with the last one ), and don't worry so much.

  • 8. Re: 'Steam' - Enabling 'Access for assistive devices'
    bpbpbp Level 2 Level 2 (205 points)

    Very interesting information - I was not aware of the first tip (running from Admin). Having other user accounts that do not have admin rights seem to be difficult to manage day to day - that is, you can't do this and can't do that when signed into the computer. Thanks for this one particularly.


    2. yes have done that.


    3. never heard of 1Password - where do you find this?


    4. I use Firefox but this will available on Firefox (I assume). Firefox has a master password system.


    5. I use Adblocker.


    6. I have loaded from the Ap Store FreeMemory - suppose it is OK?


    7. good advice.


    8. I don't bank online - my sons tried to get me to to put my credit card on Sony's Playstation for some games on the PS3 - so I can play with the grandkids when they visit. I was told by them that I was paranoid because I refused and only used pre-paid vouchers. 'Dad' is not always wrong as it turns out - their attitude has changed a bit now too after Sony has been hacked.


    9. what is google search with 'review'? Do you mean type in 'review then  the name'?


    10. too late!


    I am not as paranoid as I might sound actually. My sense of foreboding, when it comes to computer security, is from a combination of life experience (greater than many around me) and a lack of computer knowledge (less than many around me). I find that to be concerned is much better than to be blissfully unaware - the latter can be more costly. My first post on this topic was me tryng to 'peel the onion'.


    Your comments have been invaluable to me - thank you.

  • 9. Re: 'Steam' - Enabling 'Access for assistive devices'
    softwater Level 5 Level 5 (5,370 points)

    A couple of basic ones I forgot:


    11. Turn off java. In Firefox, you do this by going to the Tools menu in the menu bar, then


    Add Ons > Plugins > Java Plug in for Mac


    and hit the 'disable' button.


    12. Restrict Cookies.

    Best security is to forbid cookies, but that will also make your web browsing laborious. A good compromise it to block 3rd party cookies. More information here:




    Back to the previous list:


    1. Yes, I agree, but it's useful for web browsing if nothing else. If you enable fast-user switching here:


     > System Preferences > Users & Groups


    Down at the bottom of the pane you'll see something called 'Login Options'. Click on it (you may need to unlock the padlock below it first, if it's not unlocked already), and enable 'Fast User switching'.


    then you'll be able to switch between user and admin accounts quite easily by clicking the user name up in the top right of your screen.




    3. Click on the blue text that says '1Password' in my previous post. It'll take you to their site where you can read about it. It's paid software I'm afraid. I don't have any connection with them, I only recommend it because its the only one I've ever used. I beleive Ffx has a pwd manager to, but it's not quite as sophisticated. If it meets your needs though, fair enough.


    4. Yes, Ffx has this feature, though I've been unable to find out where it's turned on. Hopefully someone else will be able to chime in for that one!




    6. The FreeMemory app is fine.






    9. Yes, I just meant use the term 'review' in a search.



  • 10. Re: 'Steam' - Enabling 'Access for assistive devices'
    bpbpbp Level 2 Level 2 (205 points)

    Hey softwater - WOW! thank you so much for the information. This sort of information should be in a short Mac101 training video or something.


    I can't thank you enough.


    Just one thing - what do I do when I have to switch on the Java? Is that easy to do - just go back and enable I guess in the same spot.


    Thanks again.

  • 11. Re: 'Steam' - Enabling 'Access for assistive devices'
    softwater Level 5 Level 5 (5,370 points)

    Yes, if you find you need it for some specific site, you can just enable it in the same place, then switch it off again after you're done with that site.

  • 12. Re: 'Steam' - Enabling 'Access for assistive devices'
    softwater Level 5 Level 5 (5,370 points)

    bpbpbp wrote:


    This sort of information should be in a short Mac101 training video or something.




    Not strictly about security, but a lot of people aren't aware that Apple provide a free 'Mac 101' manual here:



  • 13. Re: 'Steam' - Enabling 'Access for assistive devices'
    bpbpbp Level 2 Level 2 (205 points)

    Thanks again - I hope a lot of newbies visit this forum and see what you have provided here.



  • 14. Re: 'Steam' - Enabling 'Access for assistive devices'
    Stultitia Level 1 Level 1 (0 points)

    I agree on all the things softwater says and this information is really helpful for newbies as bpbpbp puts it, and should be taught in IT classes in elementary schools. =))


    For (1), just to support the advice for the newbies visiting;


    I've always been kind of a semi-power user on both Windows and Mac for almost 10 years; and never had any serious trouble or lost time while using via a standard user*. In fact, I almost never had virus or trojan troubles, or threats, possibly thanks to that. If it asks for my password for the admin account for something, now and then, I review it, if OK, put in the pass; if hesitate, I do the quick research. =)) That is probably the best advice one should give to a new computer user.


    And it's pretty easy to use the computer that way, don't think it's inconvenient.




    *The only time I have trouble is with Skype, I can't update it, and till this day I still can't sort it out; I always have to delete and install the app back again onto my mac OS. =D

1 2 Previous Next