[dangerous]

MOAB #15 is an interesting one. That is really crazy and I think Apple dropped the ball here. However apart from that (which still depends on you explicitly running some malware application) I'm going to continue to disagree (and maybe agree to disagree as OG forums is not really the place for this... maybe we should take it to MacNN). Talking about "giving an application permission" though, well it just depends on how you think about it. Windows is mega dangerous because it will run stuff without asking you. On a Mac, things will only run if I run them. By running them, I give them permission to do what they want. I don't run software I don't trust on my machine. Running as a normal user wouldn't help because if I run something then I have already decided to trust that application and so if it asked for a username and password I would gladly hand it over.

An interesting thing you might not have considered. I run as an admin user, I install Omniweb by dragging it to my applications folder, update by running the update. It's all smooth. You install it by dragging and authenticating, and update by running the update and entering your admin username and password into Omniweb's interface. Your copy of Omniweb now, if it was evil, has an admin password (with sudo privileges) and can do much more on your system than it can on mine.

Zottel's chown could also be dangerous. It does not check rights. Let's say there is a folder to which I, another user on Zottel's machine, have write privileges to. Any folder chmodded to 777 would do. Looking in my Applications folder, Filemaker, Toast, Zend and a few others have folders with 777 privileges. Now if I was a user on Zottel's machine, and I saw his crontab was chowning everything to root:admin, I could just do the MOAB #15 thing without even being an admin user. I create a script (even just a file containing the single word "zsh" or "bash" to give me a shell), chmod +s the file and then wait for Zottel's cronjob to run. Now I have a root shell!

The best way to stay secure on your machine is to not change Apple's settings if you don't understand them, and don't run software that you don't trust. If you don't stick to these rules, then it's not going to matter whether you are a normal user or an admin user. If you DO stick to these rules, then it still doesn't matter.