Skip navigation

entering password to install software - security exposure?

609 Views 8 Replies Latest reply: Jan 19, 2013 4:06 PM by jdbunda RSS
jdbunda Calculating status...
Currently Being Moderated
Nov 10, 2012 8:21 AM

Am I the only one who sees this as a potential security risk?    I have been using computers my entire life, and I am still surprised by this, and I cannot believe it has not become a problem.

 

The issue is this - when installing software, you are prompted to enter your admin password before the app installer will run.    This seems fine when explicitly launching a .dmg file.

 

However, many applications will download a new version, then launch the installer themselves.    So we become used to the idea of, for example, an app launching a dialog that says "Software update available - do you want to install?", then if you click yes, it downloads/launches the installer of the new version.    (For example, I just had this happen with Adobe Flash, but I have experienced it with several apps I use).   So - the installer launches and a dialog pops up requesting that I enter my admin password.

 

So in this scenario, how does one tell the difference between a legitimate system prompt for the admin password, and a rogue app that is phishing for my root password?    It would be easy for an app developer to spoof this entire process - "do you want to install the new version?"  "please enter your admin password" and I claim it would be indistinguishable from a legit prompt for my password when launching a .dmg.

 

Moreover, the frequency of this operation somewhat desensitizes us to entering our root passwords whenever any semi-official dialog pops up requesting it.

 

This seems like a signficant security risk.

iMac (27-inch Mid 2011), Mac OS X (10.7.5)
  • Alberto Ravasio Level 4 Level 4 (3,160 points)

    If you got the application from the original developer site or the App Store it should be safe to enter your admin credential to install an update or a new program.

    If you don't trust them, don't install the program

  • MartinR Level 6 Level 6 (14,560 points)

    how does one tell the difference between a legitimate system prompt for the admin password, and a rogue app that is phishing for my root password? 

     

    You have to be diligent about what apps you trust to install in the first place, and also any updates that are offered.  My recommendation is NEVER allow an app to automatically update itself.  There is almost no reason to let any app update itself automatically.  You can always manually go to the app (developer) website and check if there is any update available, download it and run the update yourself.

     

    Also in case you were specifically asking about root passwords, this is something you should never enable.  An OS X admin account with a password is not the same as a root password. Root passwords have to be specifically enabled by you on your Mac (and I'm not going to reveal how to do it).  This is one of the safeguards in OS X that root passwords are by default not enabled.

  • Alberto Ravasio Level 4 Level 4 (3,160 points)

    MartinR wrote:

     

    Also in case you were specifically asking about root passwords, this is something you should never enable.  An OS X admin account with a password is not the same as a root password. Root passwords have to be specifically enabled by you on your Mac (and I'm not going to reveal how to do it).  This is one of the safeguards in OS X that root passwords are by default not enabled.

     

    I do not completely agree with the above statement.

    An admin user can escalate to root, even though you never set a password for root.

    As a matter of fact also a standard user may escalate to root with an admin user's credentials.

  • Radiation Mac Level 5 Level 5 (4,630 points)

    Well, just to explore your question a bit, it seems that the alternative then is to NOT require that the User enter their secret password in order to install new software Updates:  That way your password is still "safe", but you have freely allowed any malicious downloaded software to install itself since it no longer requires password access.  Do you see the problem and the dilema?  So in Mountain Lion, Apple addressed this problem by enabling the "sandboxing" of applications and their upgrades.  By default, if the downloaed App or Upgrade did NOT come from a "Verified by APPLE" Developer or Apple itself, it will NOT Install even WITH the Admin password.  Unless you override the process intenetionally.

     

    Ultimately, the safety of the password system relies on the application of intelligence and discetion and common sense by the the computer User.  There will always be 3rd party rogues spending their free time trying to outwit the software and security designers.

     

    For what its worth.

     

     

    Hope this helps

  • MartinR Level 6 Level 6 (14,560 points)

    But can we be really sure that just because an app is curated by the Apple Store, or is downloaded from a developer website, that the app can be trusted?

     

    It could be argued that Apple OS X is one of the more secure operating systems to begin with.  But risks abound nonetheless.  I believe I am a whole lot safer on OS X than anyone ever was on Windows. 

     

    While you can never be absolutely sure about anything, there are levels of trust.  The Apple App Store is one such level of trust, and a good one at that, as approved apps have to meet Apple criteria before being allowed into the App Store.  I would certanly trust an Apple App Store app more than one sourced from other places including a developer's own website.  Sandboxing is another level of app security implemented by Apple.

     

    Sure, it would be "simple" for a developer to hide zero-day code in an app.  That's why you as a consumer have be alert enough do your own due diligence before downloading & installing anything.   But there are far too many people who have no regard for their own security and wantonly download & install just about anything.  You're smart enough not to do that, right?

     

    The intent is to prevent the community at large from becoming inured to entering their admin password to any ad hoc user-level dialog that claims it is necessary.

     

    No one, not even the most experienced sysadmin, should ever enter their admin password without knowing exactly why they are doing it, and the risks entailed.  No one, not even Apple, can protect you from yourself.  Ultimately, your system security is your own responsiblity, not someone else's to do for you.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.