PDA

View Full Version : Safe User Account Strategy


brich
02-17-2006, 04:22 PM
Dave, this question is only peripherally related to SD, but with the buzz about the new OSX Trojan and its possible affect on users running as Admin, I'm wondering what your opinion or recommendation would be. For example, I've always run Tiger on my primary Admin account, behind a router in stealth mode and running Intego's Virusbarrier. Would you suggest changing strategies to set up a daily non-admin user account, and if so, how would you deal with all of the preferences, etc. that don't carry across to the new limited user account?

Because I don't practice dumb web-click/email-click hygiene, I'm inclined to take my chances running as Admin (root disabled of course); but I'd appreciate reading your opinion.

dnanian
02-17-2006, 04:30 PM
Well, it's not an easy question. I run as Administrator, but not as "root". Being in an admin group, but not running in a permanently authorized state, gives you a significant amount of additional security above and beyond an "admin" on Windows machines, for example.

The fact is, it's pretty trivial to write a Trojan, should that be what a malicious person wants to do. And -- since running as a non-admin, you'd still be able to authorize to install something malicious -- I'm not sure doing this would provide you with much additional security...

So: my suggestion is to always be careful/aware of what's going on. Clichéd, I know, but the social engineering tactics used to get people to install Trojans are relatively easy to see through if one's whole brain -- rather than just the reptile part -- is engaged...

brich
02-17-2006, 05:18 PM
I think you've affirmed my basic thought process. I always feel insecure running as Admin in XP Pro, but it can be a real pain to actually use that system with lesser privileges. I definitely see your point about the ability of a Standard User in Tiger to authorize...I suppose a Trojan that would install on an Admin account without triggering the authentication dialogue could be a concern.

That said, your common sense and vigilant approach seems more appealing than some of the 'chicken-little-the-sky-is-falling' near hysteria I'm reading re this trumpeted OSX incursion...

dnanian
02-17-2006, 05:47 PM
Well, it depends what "Install" means. You don't have to be an administrator to install an application in your local Applications folder. Nor do you have to be one to install an Input Manager into your local library... so, while you might not "corrupt" your entire system, your account -- the one you use -- is "infected".

Fortunately, you have to do something to get infected, and that something is relatively silly/foolish. So... just be careful out there.