Standard user account or Admin account on a daily basis?

roam wrote:

Personally, I don't feel the erecting of an additional barrier comes with a suitable return for the cost of inconvenience when measured against perceived risk, in as much as it can be measured.

OS X/Crisses trojan if it's run in Admin gets root, however if it's run in Standard doesn't.

If one runs a ClamXAv scan and it finds this malware, and it's in Standard, one can simply backup files and log into Admin and delete the Standard account.

If one gets the trojan in Admin, a total erase of the ENTIRE drive is in order, this includes the hidden partitions of EFI and Recovery, which in order to get a copy of Recovery one would need to use another machine if they don't have Internet Recovery. (provided the firmware isn't compromised neither)

If the malware gets a good hold of the machine, it might even hop to the Recovery USB, making getting a clean machine rather difficult, the whole drive will have to be replaced.

Since Apple has now made Recovery, removing the write protected disks, we need to protect it further to be able to restore the machine with. Especially since the MBP-R's came out which one can't switch out the storage for a new one.

Well, far simpler to restore from a TM or clone prior to the infection. (Provided one knows about the infection, which may not be easy.) No one in his right mind should be running without a backup (or two or three.)

Once again, arrives as a Java Applet. I assume everyone has Java turned off, right?

http://www.intego.com/mac-security-blog/more-on-osxcrisis-advanced-spy-tool/

http://www.reedcorner.net/osxcrisis-malware-revealed-as-targeted-attack/#more-59 5

The Intego Virus Team also notes that the backdoor component of the malware calls home to the IP address 176.58.100.37 every 5 minutes, awaiting for instructions.

One more reason to be running Little Snitch.

OS X/Crisses trojan if it's run in Admin gets root, however if it's run in Standard doesn't.

Then, are we talking about a convenience or flaw within the operating system? This trojan should not install within the /System folder without authentication and that is the responsibility of the OS not the technology. At least the technology, java, warns you the that the certificate cannot be verified.

As you stated earlier, the only difference between a standard user and an admin user in OS X is the standard user has to enter the name and password of an admin user to install software. admin users should also have to authenticate before installing anything. The concept is simple, THINK before you install anything and verify the source.

Thanks, guys for your lively discussion!! It makes me realize how little I know.

Even though I respect your decision Roam, I have decided to stick with Standard user and authenticate with Admin. (Someone did mention somewhere on this forum to always check permissions on newly installed software as they said sometimes installers get confused if you install with Standard user and can mess up the permissions).

Any Lightroom users out there? When I install Lr3 on my single-harddrive-laptop, I am planning to let Lr put the Lightroom folder (containing the catalogue and preset data) in its default location (users/pictures/Lightroom) and then just back it up to external hard drives. Make sense?

And relative to Lightroom and Photoshop, can I just import the preferences and presets from my Lr3 application on my Mac Pro, to my MacBookPro (via Migration Assistant or external drive data transfer)

by copying the com.adobe.Lightroom3.plist file (from user/Library/Preferences) and

any files ending in .lrtemplate in user/Library/Application Support/Adobe/Lightroom folder?

(Don't need the entire catalogue in my laptop).

And where are preferences for Photoshop, Bridge, and ACR located (I assume any plist files for these applications and plug-ins in user/Library/preferences)??

Thanks!

(realize I may have to take some of these questions to Adobe forums).

Mark Jalbert wrote:

As you stated earlier, the only difference between a standard user and an admin user in OS X is the standard user has to enter the name and password of an admin user to install software.

If I said or implied that in my User Tip, I'll clarify it better.

Harden your Mac against malware attacks

Software can be installed and ran in Standard user, but it only has access to that account. (like Firefox auto-updates does)

If it needs further priveldges while it's running in Standard (for Admin or root) then it requires the Admin name and passsword.

Awesome, DS.

Thanks!

So much to learn.

So little time.

I've often thought of setting default browser to Firefox.

Perhaps you covered it there; but is there a simple way to import bookmarks from Safari to Firefox?

http://support.mozilla.org/en-US/questions/895557?s=import+bookmarks+safari&r=6& as=s

Highly recommended for safety

NoScript Add-on for Firefox

http://noscript.net/features

http://forums.informaction.com/viewtopic.php?f=7&t=268&sid=414d03c12c5b0e222c392 6b8e0d43b38

Wzzz........All I can say, is that you all are an amazing resource.

I'm just wondering why it took me so long to get here!

Thanks, again!

The advantage of running as a standard user is that the user's domain is restricted to their home folder ( and in OS X the Shared folder also). In other words, they a only write or modify files that they create. They cannot modify the Operating System. Once you allow a standard user to elevate their privilege to root or admin then it's game over, you have lost the advantage. The standard use can now modify files that aren't within their domain. You might as way use an admin account for your daily use.

wannabegeek wrote:

is there a simple way to import bookmarks from Safari to Firefox?

Just download and run Firefox, it should ask to import bookmarks from Safari during the setup.

If not, then there is a Export Bookmarks in Safari into a HTML file that Firefox can import.

Mark Jalbert wrote:

The advantage of running as a standard user is that the user's domain is restricted to their home folder ( and in OS X the Shared folder also). In other words, they a only write or modify files that they create.

They cannot modify the Operating System.

Once you allow a standard user to elevate their privilege to root or admin then it's game over, you have lost the advantage. The standard use can now modify files that aren't within their domain.

Correct. Can't modify Applications neither.

You might as way use an admin account for your daily use.

Your mistakenly assuming that all software, including malware is going to use a installer.

Sure if a user gives a installer their admin name and password it can do what it wants, malware also can install via flaws in browsers, plug-ins and so forth covertly.

If this malware has to request a Admin name and password to escape the Standard User/Shared privileges, that's going to send a red flag to the user.

OS X/Crisses does what limited it can if in Standard User and installs a root kit if in Admin User (how it does this is unknown) it's not trying to alert the user of it's presence.

Again the benefit of running as Standard is to keep that malware out of Admin priviledges and later root, thus a user who gets it can simply log into Admin and delete the infected Standard User account.

With 10.7 and 10.8 requiring a Internet resinstall, no more write protected OS disks and setting up the first user as Admin, Mac's can't be opened by the user, etc., is only going to cause Apple a great deal of future trouble with malware.

Mac malware of the future is going to brick the entire machine and I'll be laughing my arse off when 600,000 Mac's get bricked instead of simply infected like Flashback does.

The problem with Apple is they seem to think they can't do no wrong, that they have the very best minds and programmers.

They are relying too much upon BSD Unix and it's security, their small market share to protect them.

Apple is lazy on security because they keep changing the goddarn operating system every year with a rewrite, throwing all sorts of stupid gimmicks in.

When Apple issues a security update, sometimes it has over 80 or 90 fixes at a time, that's how crappy they do.

Correct. Can't modify Applications neither.

The /Applications folder is part of the Operating System.

Your mistakenly assuming that all software, including malware is going to use a installer.

If the software or a component of the software that you wish to install is not within your user's domain then there must be an installer mechanism. I'm not assuming anything.

Sure if a user gives a installer their admin name and password it can do what it wants, malware also can install via flaws in browsers, plug-ins and so forth covertly. If this malware has to request a Admin name and password to escape the Standard User/Shared privileges, that's going to send a red flag to the user.

Are there any browsers or browser plugins that haven't had CVE's issued? I have no idea what "so forth" is. Coverly? So, your argument is an admin account can write files to certain folders within the /Liibrary without authentication while a standard account would have to authenticate? Or, an admin account can install software packages within the /Applicaitons folder, thus the package is within the admin users domain and changes can be made to the applicaiton package? It could be just as easy to adjust the permissions on the /Application and /Library folders then the "red flag" will go the admin account too.

OS X/Crisses does what.............

We are talking about proof of concept spyware not in the wild, only a few people have the code available and from what I've read, there is an installer mechanism.

Again the benefit of running as Standard is to keep that malware out of Admin priviledges and later root, thus a user who gets it can simply log into Admin and delete the infected Standard User account.

This will only work if the standard user does not modify files outside of their domain.

Keep pluggin' away at those user tips. This has been a great conversation.

ds store wrote: Again the benefit of running as Standard is to keep that malware out of Admin priviledges and later root, thus a user who gets it can simply log into Admin and delete the infected Standard User account.

"SIMPLY???" You are a bit trigger happy methinks. Needing to delete the user is not a walk in the park, though you make it appear so. This means losing ALL your user data. Without a backup, that means total disaster and is probably as bad as needing to do a clean install. I would think the first recourse, if one doesn't have a clone or TM to restore to -- obviously the preferred way of dealing with this --would be to try to locate and remove the infected files, if that is possible (which it doesn't seem it is in the case of OS X/Crisis, at least, not yet.) But, again, OS X/Crisis is reported to be in quite limited distribution and, for now, a low level threat.

Not this particular piece of malware, but in other cases, a decent A-V, providing it has updated defintions, might be able to scan and locate a hypothetical infection in the user, thereby making a complete delete of the account unnecessary, if no backup is available.

Not to say running standard is a bad or useless idea -- I run standard -- but what about malware that can elevate its privileges?