[DM-MUG] Security question

[Bryan Baker]

But why?

One thing I really feel needs added to the list of things Darcy  
mentioned, and I feel it is more important than a few that were  
mentioned:

Do not run normally as a user with any admin rights. Same primary  
step I use on any windows machine. If your user is an admin, and  
there isn't another user on the system, create a new user called  
admin and make admin the admin and demote yourself. One of the proof  
of concepts released back a while ago used the fact that any user w/  
admin rights (and the first account created is always an admin) could  
change contents in the Applications folder w/o prompting. If you  
"demote" yourself, it will mean you have to authenticate before  
installing anything, but this is GOOD!!! You WANT to THINK about  
installing anything. If you can just drag and drop things into the  
Applications folder - you are at risk. Period.

The only layer protecting an admin user, is they get prompted before  
any of the /System or /Library stuff gets changed, but if they can  
sneak something into /Applications, you're in trouble anyway. If you  
can install software unbidden, so can the bad guys.

Here endeth the lesson.


On Jan 31, 2007, at 12:51 PM, CW Smith wrote:
> Or forward an email with an infected attachment.
>
> On Jan 31, 2007, at 12:48 PM, Darcy Baston wrote:
>> How would you pass a virus on to a Windows user? Intentionally  
>> attach an infected file to an e-mail?
>>
>> Darcy
>>
>> On Wednesday, January 31, 2007, at 12:15PM, "Ray Bowler"  
>> <rbowler at mchsi.com> wrote:
>>> I agree that it really is not necessary for the Mac. Still you can
>>> pass one to your Windoze friends so I have Intego Virus Barrier
>>> because it detects Windoze viruses and can clean them up. It also
>>> does not intrude except once a month when it alerts you to updates
>>> for the detection file.
>>>

--
Bryan Baker
President
Des Moines Macintosh Users Group
http://www.dmmug.org
president at dmmug.org