” … this is precisely how malware can open a back door …”

I’d be interested to ask Mac users the following question: “If you met a Mac developer at a party and he asked for your administrative password, would you give it to him?”

If any would hesitate even for a second, then they’d have to remember not to treat the same request from his software any differently.

I might ask someone into my house, but I wouldn’t necessarily hand him a skeleton key that opened every door, every cupboard, every drawer, a safe if I had one, and anything else, and let him go where he wished and do as he pleased. And, again, he doesn’t need to be malicious, just less competent than he should be for what it might occur to him to do.

He might, for example, be so insouciant as to leave “a binary executed with root privileges at an user-writable path”:

http://projects.info-pull.com/moab/MOAB-08-01-2007.html

IOW, to return to the metaphor of the house he might intend no harm, but he might leave the door open so that someone else who does can walk through it.

Here’s the University of Utah on the subject:

http://www.macos.utah.edu/documentation/administration/poorly-made_apps.html

If someone had the temerity to ask me a question of that nature, I’d tell him or her where to go and how to get there

Peace,
Gene

” … this is precisely how malware can open a back door …”

I’d be interested to ask Mac users the following question: “If you met a Mac developer at a party and he asked for your administrative password, would you give it to him?”

If any would hesitate even for a second, then they’d have to remember not to treat the same request from his software any differently.

I might ask someone into my house, but I wouldn’t necessarily hand him a skeleton key that opened every door, every cupboard, every drawer, a safe if I had one, and anything else, and let him go where he wished and do as he pleased. And, again, he doesn’t need to be malicious, just less competent than he should be for what it might occur to him to do.

He might, for example, be so insouciant as to leave “a binary executed with root privileges at an user-writable path”:

http://projects.info-pull.com/moab/MOAB-08-01-2007.html

IOW, to return to the metaphor of the house he might intend no harm, but he might leave the door open so that someone else who does can walk through it.

Here’s the University of Utah on the subject:

http://www.macos.utah.edu/documentation/administration/poorly-made_apps.html

My point was that this is precisely how malware can open a back door…if passwords requests keep popping up, even for access to what would appear fully owned folders (a password to install into my home folder? cmon!)..then the situastion arises that these securities often get bypassed entirely, either out of frustration , or neccessity..certainly it’s common to just log in a root to bypass, if in a hurry, or have a lot of cross partition arranging or fil transfering to do, etc.
The only diff is that in win systems, in the past, it’s been the default, cancelling out any protection that it might have otherwise offered

“I am not sure I understand some of the complaints. What’s wrong with being asked for a password before installing new software …”

… being asked for a password *by what*?

The potential problem is with an *installer’s* asking for an administrative password. Why would it need it, and what is it going to do with it? With an adminstrative password, the program can go where it likes, including into system areas; with an adminstrative password it can run as root. There’s, effectively, no limit to what it can do.

Make a plaintext file and try to drag it into, say:

/System/Library.

You’ll find you can’t–at least not without authenticating. You are locked out of these areas for a reason. And you really, really don’t want anybody else putting anything into them. It might be necessary in a few cases, but you’d want to be doubly sure that it was and doubly sure of the software company providing the software, too.

One has to be careful where one downloads software from, but that’s not the end of the matter. There doesn’t even need to be malice involved. Incompetence will do just fine.

I am not sure I understand some of the complaints. What’s wrong with being asked for a password before installing new software, or even before using an app for the first time? That hardly takes up much time. Think about the amount of time you would loose in the case of some malware ending up on your system.

We can’t have it both ways. We can’t applaud Apple for coming up with the most secure OS, yet, at the same time, expect it to never warn us of potential dangers.

“…All third-party software I use installs by drag-and-drop, and I have it in ~/Applications not /Applications.”

I think that’s one reason why i was so peeved earlier
I was doing a first run of some new app in my (alternate user) home applications folder, and it *still* asked me for an admin id..i checked afterwards and all the prefs are in ~/Library, so I don’t get it…
ahh well..

“… way too many mac installers requiring admin passwords for global installs of apps which have absolutely no excuse for not installing locally …”

I haven’t come across many myself, and don’t use any that do. I understand from a podcast by the guys at MacGeekery that Palm Desktop is a particular bugbear. Not only does it require to be installed, run, and updated by an admin user, but that user must also be the 501 (first) user. No other user on the system can use it; and if the 501 user downgrades his account for security reasons, he can no longer.

___
digression

You know, really, Palm have just been darn lazy for years and years and years. When Ballmer was shooting his mouth of about how “expensive” the iPhone will be–he forgot to mention two things:

1. There’s real innovation in interface and usability there; and
2. You’d have to buy around $500 worth of software to get anything even approaching what the iPhone does on your crappy Win CE device.

And I think point (1) is not limited to the device itself. Synching has been and still is a major headache with most handheld devices. The odds are the iPhone will simply synch pretty painlessly and seamlessly with iTunes just like an iPod does now. Even the stupid Zune won’t synch with Media Player. For equivalent functionality to an iphone you’ll need a Win CE phone and a Zune _and_ Windows Media Player _and_ the special Zune software _and_ synching software from your phone vendor. And none of the software will work more than adequately.

end digression
___

All third-party software I use installs by drag-and-drop, and I have it in ~/Applications not /Applications.

But there will be changes to the way applications are delivered under Leopard. See the top item here:

http://developer.apple.com/wwdc/tracks/devtools.html

BTW, request for Gene: could you ask those MacGeekery guys onto the radio show some time? They have some interesting things to say and are quite funny, too.

MacGeekery? We’ll look into it Michael. Thanks for the suggestion.

Peace,
Gene

“… way too many mac installers requiring admin passwords for global installs of apps which have absolutely no excuse for not installing locally …”

I haven’t come across many myself, and don’t use any that do. I understand from a podcast by the guys at MacGeekery that Palm Desktop is a particular bugbear. Not only does it require to be installed, run, and updated by an admin user, but that user must also be the 501 (first) user. No other user on the system can use it; and if the 501 user downgrades his account for security reasons, he can no longer.

___
digression

You know, really, Palm have just been darn lazy for years and years and years. When Ballmer was shooting his mouth of about how “expensive” the iPhone will be–he forgot to mention two things:

1. There’s real innovation in interface and usability there; and
2. You’d have to buy around $500 worth of software to get anything even approaching what the iPhone does on your crappy Win CE device.

And I think point (1) is not limited to the device itself. Synching has been and still is a major headache with most handheld devices. The odds are the iPhone will simply synch pretty painlessly and seamlessly with iTunes just like an iPod does now. Even the stupid Zune won’t synch with Media Player. For equivalent functionality to an iphone you’ll need a Win CE phone and a Zune _and_ Windows Media Player _and_ the special Zune software _and_ synching software from your phone vendor. And none of the software will work more than adequately.

end digression
___

All third-party software I use installs by drag-and-drop, and I have it in ~/Applications not /Applications.

But there will be changes to the way applications are delivered under Leopard. See the top item here:

http://developer.apple.com/wwdc/tracks/devtools.html

BTW, request for Gene: could you ask those MacGeekery guys onto the radio show some time? They have some interesting things to say and are quite funny, too.

Slightly off-topic, but I remember reading that the multitude of security holes in Windows might not be entirely coincidental, or due to poor programming. It has been alleged that some are, in fact, NSA keys, or deliberately created backdoors for spying on MS customers. I wonder if OS X could also contain such a key..?

http://www.heise.de/tp/r4/artikel/5/5263/1.html

http://en.wikipedia.org/wiki/NSAKEY

Aha, a conspiracy theory arises

There’s a lot of open source-based code in Mac OS X, so I’d think someone might have located it by now. Maybe…

Peace,
Gene

I firmly believe that the weakest point of the Mac OS as it stands right now, and the one that will eventually cause virus, or more probably worm, infections, is the excessive security itself.
The earlier post with the ‘tetris’ example is a very good case in point..not only are way too many mac installers requiring admin passwords for global installs of apps which have absolutely no excuse for not installing locally, but more and more apps are wired to call up passwords simply due to perhaps a single prefs file, etc.
The more used any user gets, to having to constantly do this, the easier it is for some app to slip past the ‘watchful eye’, so to speak..
Although in my case it has been because i’ve had to switch between two accounts , one admin, one normal user,, for certain settings I need, in one of them, in the last day, i have been overwhelmed by over 30 different requests for adsmin passwords, for everything from deleting files to installing or moving files ad infinitum…
I can certainly imagine how some malware could take advantage of a lapse of attention from overexposure to authentication requests..
It would then have access to the whole system (although not root, thankfully)
Still…too much of a good thing….
Doc

I think that’s always a possibility, but Mac OS X has more control over this process than Windows Vista, where prompts are far more prevalent. Worse, they don’t require a user password, so if you absent-mindedly click “Allow” on the wrong thing, you’re asking for trouble. At least with a password, you can stop and think a second before acting.

I hope.

Peace,
Gene

I firmly believe that the weakest point of the Mac OS as it stands right now, and the one that will eventually cause virus, or more probably worm, infections, is the excessive security itself.
The earlier post with the ‘tetris’ example is a very good case in point..not only are way too many mac installers requiring admin passwords for global installs of apps which have absolutely no excuse for not installing locally, but more and more apps are wired to call up passwords simply due to perhaps a single prefs file, etc.
The more used any user gets, to having to constantly do this, the easier it is for some app to slip past the ‘watchful eye’, so to speak..
Although in my case it has been because i’ve had to switch between two accounts , one admin, one normal user,, for certain settings I need, in one of them, in the last day, i have been overwhelmed by over 30 different requests for adsmin passwords, for everything from deleting files to installing or moving files ad infinitum…
I can certainly imagine how some malware could take advantage of a lapse of attention from overexposure to authentication requests..
It would then have access to the whole system (although not root, thankfully)
Still…too much of a good thing….
Doc

Slightly off-topic, but I remember reading that the multitude of security holes in Windows might not be entirely coincidental, or due to poor programming. It has been alleged that some are, in fact, NSA keys, or deliberately created backdoors for spying on MS customers. I wonder if OS X could also contain such a key..?

http://www.heise.de/tp/r4/artikel/5/5263/1.html

http://en.wikipedia.org/wiki/NSAKEY

The one I remember most would insert the word “Wazoo” at random places in any document you opened.

That, my friend, may sometimes be a good thing

Peace,
Gene

The one I remember most would insert the word “Wazoo” at random places in any document you opened.

All of the AV utilities failed to remove Autostart, and then I read somewhere about a second print spooler with a slightly odd spelling. Once I removed that from my extensions folder, Autostart was gone.

I also had a number of Word macro viruses (virii) and one other worm that randomly corrupted files on classic Mac OS. OS X has been perfectly clean, and I’ve been lucky with Windows and my defensive software and lack of freeware have kept me virus free on that platform.

The most common Word macro viruses in those days would convert all of your documents to templates, making them difficult to save. I recall running into a few of them from editors in those days. They felt a little embarrassed over spreading this stuff to their authors.

Peace,
Gene