[Alan M Collins]

OS-X is less susceptible to viruses, spyware, etc., but coming from Windows and seeing products like today's offering from Maczot (Macscan) and stories about the holes in Flash and PDF, I feel somewhat vulnerable. If anyone knows Sandboxie for Windows, I am looking for something similar for Snow Leopard. Alternatively, would it be just as effective to create a limited account, and switch back and forth between that account an my usual one? From the limited account could I run the torrent client, browse unknown web-sites, etc., without risk? If I suspect some damage, kill and recreate the account?

Other ideas?

Thanks,
Alan.

[Huskermn]

I've been 'living dangerously' forever ( bit torrenting, browsing unknown web-sites, etc., without incident) but who knows, it may catch up with me someday. I don't think you need to worry.

That said, Adam talks about Deep Freeze from Faronics. I think it would do the trick for you.

[pwbeninate]

You can use 2 separate accounts and be careful not to store any important files in the "Sandbox" account. Keep your files in a shared location, such as /Users/Shared, or on a external volume.

With this setup, should you ever need to nuke-n-pave the Sandbox account, you can do it without fear of loosing any files.

[Dolphbucs]

Alan M Collins, on 24 February 2010 - 07:13 AM, said:

Alternatively, would it be just as effective to create a limited account, and switch back and forth between that account an my usual one? From the limited account could I run the torrent client, browse unknown web-sites, etc., without risk? If I suspect some damage, kill and recreate the account?

Other ideas?

Thanks,
Alan.

Unlike the Windows world Virtually EVERY application for OS X works fine in a Limited User Acct. That is why many experts ( Leo Laporte, Victor Caijiao, Adam etc. ) recommend that you ALWAYS run as a limited user. Keep an Admin acct of course for those rare applications that require it ( such as Onyx and some other Maintenance apps ) but day to day computing should always take place within a limited acct. The main reason for this, as I understand it, is as follows: On a Unix based system, like OS X, in order for any malicious software to do damage to a system it must have what is known as "root privileges". These are privileges one step higher than Admin privileges. In Unix Systems it is possible to elevate privileges one level ( from limited to admin or from admin to root ) but you cannot elevate from limited to root without serious user interaction.

That being said, even if you insist on running as admin, on a Mac running in a sandbox, or using anti-malware tools IMHO is like wearing Football gear ( helmet and pads ) while driving your car. Sure, if you were ever to get in a really major accident it might protect you, but the hassle of using it in the first place ( performance hits to the computer, etc. ) just aren't worth the supposed benefits. I know this is very hard to get used to but there really are currently no ( nada, zero, zilch ) malware or viruses in the wild for OS X. That's why all Mac anti-malware apps can claim 100% effectiveness .... there's nothing out there to stop so of course nothing gets through.

I know it's hard to get your head around when you first switch ( we've all been there ) and it gives you the feeling like you are walking around with no pants on, but it's OK. Really. Like Huskr ( probably more so ) I use bit torrent. And I use Usenet to download Binaries. And I go to some less than reputable websites .... so if anyone were going to get in trouble running "free and easy" it would be me .... and nothing so far.

[Alan M Collins]

Thanks for all the advice guys. Dolphbucs, your analogy "feeling like you are walking around with no pants on" sums up my feeling pretty well. However, bowing to the collective knowledge, I will continue as before. Perhaps I will try a limited account as my main account to see how much of a pain it is (memories of Window Vista loom large).

[Dolphbucs]

I would be surprised if you noticed any difference running as limited at all. Let us know if you do.

[MacCast]

This may be a funny way to go, but you could run a virtualized instance of Linux or Windows as your "sandbox". You can get Virtualbox for free and run Ubuntu. In that Viryualized environment you could do as you please and if it ever get compromised just burn the image and start over. You could also of course run Windows in Virtualbox as well. And if you want it have it even easier you could pay for VMWare Fusionand use their virtual appliances to get Ubuntu

[Alan M Collins]

Thanks King Mac Geek. I do have Parallels and use it somewhat that way (but mostly to run XP in my still Windows-centric business environment), but it just feels unclean. Am trying the limited/standard user authorisation. Not too much of a pain but I still need Google on how to add the userid into the sudoers list. Probably quite simple.

[Dolphbucs]

Do you use terminal a lot? If not, I really can't see a reason to mess with the sudo settings. If you want to learn pure Unix, then I can see it but if so, you could always run in Admin for that endeavor If, however, all you want to use terminal for is to tweak settings and options, there are plenty of freeware apps out there that give you terminal type control through the OS X interface ( such as Tinkertool ). When I ran Windows I used to use the command line regularly, but since switching to Mac in Feb 2006 ( has it been 4 yrs already? ) I can only recall using terminal twice for such things.

[Alan M Collins]

Report back: Thanks again for all the advice. Dolphbucs, I do use terminal a lot. grep, awk, and bunches of other stuff. Have found myself going back to admin-level user. Based on other comments, seems this is still fairly safe for now, while Parallels (or similar) suffices for for the dangerous stuff.

This post has been edited by Alan M Collins: 10 March 2010 - 10:12 PM

[Dolphbucs]

That brings up a point we sort of danced around. If you are going to be using terminal more the rarely, I can see how running as admin could have some advantages.

[pwbeninate]

Dolphbucs, on 12 March 2010 - 05:46 PM, said:

That brings up a point we sort of danced around. If you are going to be using terminal more the rarely, I can see how running as admin could have some advantages.

Such as what? Admins are automatically added to the sudoers file. Anything else you were thinking of?

[Dolphbucs]

What you said, plus I assume that there are a few things you can do in Unix that are easier/more efficient running from an admin acct. My main point was that using Unix commands from terminal is the only thing I can think of that may give you issues running as limited user. If not, then I can't see why anyone should not run as limited user for day to day usage.

[pwbeninate]

Typically my argument is there isn't much reason NOT to run as an admin. In a unix/linux based OS, generally speaking, you are ether root, or a user. The "admin" middle-groud doesn't technically exist. In Mac OS, an "admin" is a user who's account is added to the sudoers file, which enables the account to obtain root privileges with the sudo command. (essentailly that's what is happening behind the scenes when you are prompted for your password, such as when installing an application). Admins get a few other niceties here and there, but not much. Because of this, the security risk is pretty low. In order for a process to have root privileges, you need to type in your password (from an admin account) or provide admin credentials (from a standard account).

[Huskermn]

I recently found that many OS 9 things won't install under a limited user. They run through the whole install script and then just fail.

(My niece has a lot of Educational games which are only available in OS 9)

[Dolphbucs]

pwbeninate, on 14 March 2010 - 07:41 AM, said:

Typically my argument is there isn't much reason NOT to run as an admin. In a unix/linux based OS, generally speaking, you are ether root, or a user. The "admin" middle-groud doesn't technically exist. In Mac OS, an "admin" is a user who's account is added to the sudoers file, which enables the account to obtain root privileges with the sudo command. (essentailly that's what is happening behind the scenes when you are prompted for your password, such as when installing an application). Admins get a few other niceties here and there, but not much. Because of this, the security risk is pretty low. In order for a process to have root privileges, you need to type in your password (from an admin account) or provide admin credentials (from a standard account).

The thing that I have heard ( from such notables as Leo Laporte ( TWiT Podcast network ), Chris Breen ( MacWorld ), Alex Lindsay ( Pixelcorps ), Steve Gibson ( GRC ) and Andy Inahtko ( Chicago Sun Times ) ... Adam may have said it also but I can't remember for sure ) is that in OS X, permissions can only be elevated one level. You can elevate permissions from limited to admin, or from admin to root, but not from Limited to Root ( by this I mean the "Root user" that is turned off by default on OS X ... see the link posted below). The root user can only be activated from an admin acct, not a limited acct. This means that running as limited would give you an added level of protection to your machine from malware ( including trojans ). Theoretically this would also "protect you from yourself" making it even more difficult to unintentionally damage crucial system files. I also had the privilege to work with several Apple employees at the Torino and Beijing Olympics servicing the pro photographers at the Kodak Imaging center of the MPC. I had a chance to pick some of their brains and while they did indeed scoff at any real threat from a security standpoint presently, none of them contradicted the info I've learned from those above. Granted, the threat of malware and trojans is minimal at best where we stand now, but running as limited really does little to impede a vast majority of users, so unless you really need to run as admin, I just can't see the advantage of doing so.

However, those I cited could be mistaken. I am very well connected to those in the TWiT network ( Leo calls me one of his "old timers" and I used to mod one of his video feed chats ). I'm sure that if their info is not correct they would want to know so as not to further pass along the wrong impression and I would be happy to pass along any corrections ( not to mention I would love to hear their response to any contradicting opinion ).

Link to Apple Article concerning Root User


Update: After looking at pwbeninate's above quoted text again several times, I'm beginning to think that what he said does NOT contradict my understanding of things from my above quoted sources as I originally thought. Assuming that my "mind is now right", what he is saying is essentially the same as what I was with the difference of an explanation of how that is indeed accomplished ( "admin" being a state where acct is simply added to the sudoers file ). If I am now understanding correctly, then, the only point of contention is that pwbeninate is saying that it is possible to elevate permissions from Standard to Root with proper admin credentials and my sources say that is not possible and you cannot do so. If pwbeninate is correct, then I would have to agree that running as standard would have little security benefit ... question is who is correct ?

This post has been edited by Dolphbucs: 17 March 2010 - 10:15 AM