johnfkitchen wrote:
This time, I'd like to take security more seriously, and run my "normal" account as "STANDARD" instead of "ADMINISTRATOR", at least most of the time.
I run all of my computers like this.
I plan to switch to "administrator" when I am installing software, and back to "standard" when those tasks are done.
You don't need to do that. If you ever need administrator credentials, you will be prompted for them. If you were running an admin account, you would get the same prompt, but the account name would be filled in. If you are running as a standard user, then you must fill in both an admin account name and password.
That default name being filled in for you is probably the biggest functional difference between running as an admin user and as a standard user.
"JohnAdmin" would have no other function other than being used to toggle "JohnNormal" between administrator/standard as required. All software installations would be made under JohnNormal (operating in admin mode). All useful work would be done under JohnNormal.
It doesn't quite work that way. You would use the "JohnNormal" account 100% of the time. If you ever need to install software or make any kind of change that requires the privileges of "JohnAdmin", you would be able to enter "JohnAdmin" and "JohnAdmin's password" in the dialog box. There is no need to ever switch accounts. I can't remember the last time I signed into my admin account.
PS. I have to say, despite all the searches on this community, I'm still not really sure what the functional restrictions of a "Standard" account are. I mean at a detailed level. I'm not sure what potentially malicious actions are blocked in "Standard" mode.
An admin user has the capability to act as the root user. A standard user cannot (directly) do this. There are some legacy Unix directories that are restricted to only Admin users. The diagnostic log directories fall into this category. There is no security risk here, it is just the way things have always been done. The diagnostic logs themselves are anonymized and have their own security infrastructure. It is an annoyance for me being the developer of EtreCheck, but otherwise, no one notices.
Also, if you ever need to make any changes as root from the command line, you will need two step. An admin user can run the "sudo" command to act as the super user. A standard user must first use the "su" command to move into the admin user and then use the "sudo" command.
All that being said, you aren't getting as much extra security as you think. The macOS operating system already has many levels of security. Even the root user is blocked from accessing your personal files. But if any malicious software wanted access, they could just ask. Almost everything hands over all privileges to any malicious software upon request.