Shirt Pocket Discussions  
    Home netTunes launchTunes SuperDuper! Buy Now Support Discussions About Shirt Pocket    

Go Back   Shirt Pocket Discussions > SuperDuper! > General

Reply
 
Thread Tools Rate Thread Display Modes
  #1  
Old 02-17-2006, 03:22 PM
brich brich is offline
Registered User
 
Join Date: Aug 2004
Location: Bensalem, PA
Posts: 43
Safe User Account Strategy

Dave, this question is only peripherally related to SD, but with the buzz about the new OSX Trojan and its possible affect on users running as Admin, I'm wondering what your opinion or recommendation would be. For example, I've always run Tiger on my primary Admin account, behind a router in stealth mode and running Intego's Virusbarrier. Would you suggest changing strategies to set up a daily non-admin user account, and if so, how would you deal with all of the preferences, etc. that don't carry across to the new limited user account?

Because I don't practice dumb web-click/email-click hygiene, I'm inclined to take my chances running as Admin (root disabled of course); but I'd appreciate reading your opinion.
Reply With Quote
  #2  
Old 02-17-2006, 03:30 PM
dnanian's Avatar
dnanian dnanian is offline
Administrator
 
Join Date: Apr 2001
Location: Weston, MA
Posts: 14,923
Send a message via AIM to dnanian
Well, it's not an easy question. I run as Administrator, but not as "root". Being in an admin group, but not running in a permanently authorized state, gives you a significant amount of additional security above and beyond an "admin" on Windows machines, for example.

The fact is, it's pretty trivial to write a Trojan, should that be what a malicious person wants to do. And -- since running as a non-admin, you'd still be able to authorize to install something malicious -- I'm not sure doing this would provide you with much additional security...

So: my suggestion is to always be careful/aware of what's going on. Clichéd, I know, but the social engineering tactics used to get people to install Trojans are relatively easy to see through if one's whole brain -- rather than just the reptile part -- is engaged...
__________________
--Dave Nanian
Reply With Quote
  #3  
Old 02-17-2006, 04:18 PM
brich brich is offline
Registered User
 
Join Date: Aug 2004
Location: Bensalem, PA
Posts: 43
Thanks....

I think you've affirmed my basic thought process. I always feel insecure running as Admin in XP Pro, but it can be a real pain to actually use that system with lesser privileges. I definitely see your point about the ability of a Standard User in Tiger to authorize...I suppose a Trojan that would install on an Admin account without triggering the authentication dialogue could be a concern.

That said, your common sense and vigilant approach seems more appealing than some of the 'chicken-little-the-sky-is-falling' near hysteria I'm reading re this trumpeted OSX incursion...
Reply With Quote
  #4  
Old 02-17-2006, 04:47 PM
dnanian's Avatar
dnanian dnanian is offline
Administrator
 
Join Date: Apr 2001
Location: Weston, MA
Posts: 14,923
Send a message via AIM to dnanian
Well, it depends what "Install" means. You don't have to be an administrator to install an application in your local Applications folder. Nor do you have to be one to install an Input Manager into your local library... so, while you might not "corrupt" your entire system, your account -- the one you use -- is "infected".

Fortunately, you have to do something to get infected, and that something is relatively silly/foolish. So... just be careful out there.
__________________
--Dave Nanian
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Backups using root user... jettrue General 1 01-19-2006 08:27 PM
Scheduling not working? kbradnam General 10 12-01-2005 04:05 PM
Creating a new user account YoramIH General 3 06-03-2005 09:14 AM
Backup Strategy for new Mac Mini User Matt General 3 02-21-2005 07:21 PM
New User Strategy bill s General 17 01-23-2005 10:40 AM


All times are GMT -4. The time now is 01:27 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.