[zottel]

Hi,

just a general rant: Far too many OS X users use an account with admin priviledges for daily work. That's not a good idea at all. True, there are no real viruses for OS X in the wild right now, but it's only a matter of time until there will be some. Working as an admin user, you give any application you run the right to write to the /Applications directory and alter any applications that are present there; to add virus code to, say, Adobe Photoshop, e.g.. If you are working as a normal user, the only directories any malicious code you execute can write to are your home directory and its subfolders (and, of course, the temp directory, and some similar, but that isn't a real threat, of course. ;-) ).

Plus, OS X works greatly and without any problems for any normal user—different from Windows, where there are a number of applications and, above all, installers that simply won't work if you're not logged in as an admin user. So, for an OS X user, there is no reason at all to take the risk and be an admin all the time, apart from a few very dumb installers that aren't able to ask for admin priviledges. Most of the time you can just punch in your admin user and his pw, and everything is great.

Not so with the (otherwise great) new upgrade function of OW. So please make this feature as professional as the rest of OW and have it ask for admin priviledges if they are not present.

[troyb]

Sorry for the trouble here. This is a limitation in the new updater that we hope to fix. Please keep in mind that this is all pre-beta and the updater is included with our automatic builds as changes are made. Keep an eye out!

[JKT]

Fwiw, I run as a non-admin account as well, but install the alpha in my own /Applications folder within my home directory. The updater doesn't have any problems with this as no password is required for installation.

[pjb]

If an installer insists on an admin pswd then by default it insists on putting the app at the system level but I often just want to put it at the user level where no admin pswd should be required. The sophisticated answer is to have the installer allow the app to be relocatable and adjust the pswd requirement accordingly (haven't seen that yet).

[zottel]

@Jonathan: Sure, this will work, of course, but at least theoretically it presents a similar security risk as working as an admin altogether: Any malicious code might install itself in an application you run regularly. This is more a theoretical than a practical threat, probably, as virus programmers probably will focus on those that don't keep an eye on their installation, i.e. work as admins—there are more than enough out there to make it feasible not to invest additional working time to "get them all". ;-) But still, I like it to be as secure as it is possible without losing usability.

Best regards,

Christian

[dangerous]

Meh, all the important stuff is in my home directory, not my applications directory, so running as a non-admin user is not going to offer me much protection. The biggest risk on a mac is running a trojan anyway, and if you make that mistake you might easily end up entering your password believing that it's for a legit application.

[JKT]

@zottel - theoretically it doesn't present the same security risk at all. Yes my user directory is just as vulnerable as it was when running as admin, but my system is not (this is if one assumes that the OS is watertight... it isn't and Apple ought to be damned ashamed of themselves that it is not, but that is another story).

@dangerous - that is precisely the attitude that sees Windows users being infected with malware day in, day out (along with a poorly designed OS, of course) and the crooks who take over PCs aren't just interested in the contents of a home folder, they're interested in turning your computer into a zombie for propagating more malware or spam. For a trojan that wants to take over your system to work in a non-admin account, theoretically it wouldn't be able to without first asking you to give it permission through username and password input (I say theoretically as there are exploits in the OS X that allow malware designers to bypass the security of the system). It is the asking that is the critical part of your defences as it makes you stop and think.

Running as an admin account on any OS is about the dumbest thing anyone can do, especially in OS X when it is completely unnecessary to do so and when it is trivially easy to change your user account into a non-admin one (create a new admin account for the system, once created change your own into a standard account... job done).

Edit: apologies for the thread hijack. To bring it back on topic, I guess I could ask OmniGroup what security they have built into their new update system?

[troyb]

Quote:

Originally Posted by JKT

Edit: apologies for the thread hijack. To bring it back on topic, I guess I could ask OmniGroup what security they have built into their new update system?

The updater is restricted to the user privileges on a system. If there's something beyond this that you'd like to see feel free to let us know. Keep in mind that we don't require anyone to use the new interface as anything more than a notifier (and you can turn it off completely if you don't even want that). The latest versions are always available from our website to grab at your leisure.

Also, as I mentioned before, the problem that started this thread is a bug and once fixed you will be prompted for admin credentials when necessary.

[dangerous]

JKT, why does malware need admin privileges to run? Even a "normal" user is able to send email. It can install itself into a hidden directory in the users home directory and add an entry to the users crontab to get it to run as a daemon on startup. If a virus for mac was actually out there taking over machines, we'd find out about it very quickly anyway. Running as admin is not the same as running as root, I can't make really stupid mistakes like accidentally wipe out my system. I can do the things I need to do everyday without having to switch user - admittedly I could probably manage as a normal user if I added it to the sudoers file (and only if)... but why should I? I've been running OS X since DP 3 and have never had a problem caused by me being an admin user.

[JKT]

Not much time to reply as about to head to work. Here's why it is unncessary to run as an admin in OS X - you don't need to switch accounts to do admin stuff when running as a non-admin user. Anything that requires admin privileges just prompts you for an Admin account's username and password. Simple as that. All you need is to set up a second account with Admin privileges, then change your own to a Standard account. You never actually have to log in to your new Admin account, you just need it for the username/password.