Posted on 12/06/2008 4:39:18 PM PST by Swordmaker
SAN FRANCISCO Internet security is broken, and nobody seems to know quite how to fix it.
Despite the efforts of the computer security industry and a half-decade struggle by Microsoft to protect its Windows operating system, malicious software is spreading faster than ever. The so-called malware surreptitiously takes over a PC and then uses that computer to spread more malware to other machines exponentially. Computer scientists and security researchers acknowledge they cannot get ahead of the onslaught.
(Excerpt) Read more at nytimes.com ...
” I already have the tech note up on my screen.”
Oh, I am so impressed. YOU have the technote on YOURRRR screen. So impressive.
I am slightly incorrect - they *did* add a GUI way to enable root. It’s still far from two-click simple, though - and very, very few people do it.
How to enable the root user
Mac OS X 10.5 or later
1. From the Finder’s Go menu, choose Utilities.
2. Open Directory Utility.
3. Click the lock in the Directory Utility window.
4. Enter an administrator account name and password, then click OK.
5. Choose Enable Root User from the Edit menu.
6. Enter the root password you wish to use in both the Password and Verify fields, then click OK.
Note: If you are troubleshooting an issue that prevents you from logging in as an administrator, follow the steps in this article to enable the root user.
Mac OS X 10.4.x or earlier
1. Click the Finder icon in the Dock.
2. From the Go menu, choose Applications.
3. Open the Utilities folder.
4. Open the NetInfo Manager utility.
5. Click the lock in the NetInfo Manager window.
6. Enter an administrator account name and password, then click OK.
7. For Mac OS X 10.2 and later, choose Enable Root User from the Security menu.
8. For Mac OS X 10.0 and 10.1, choose Security from the Domain menu, then Enable Root User from the submenu.
9. If you have not previously set a root password, an alert box may appear that says “NetInfo Error,” indicating that the password is blank. Click OK.
10. Enter the root password you wish to use and click Set.
11. Enter the password again for verification and click Verify.
12. Click the lock again to prevent changes.
How to disable the root user
Mac OS X 10.5 or later
1. Click the Finder icon in the Dock.
2. From the Go menu, choose Utilities.
3. Open Directory Utility.
4. Click the lock in the Directory Utility window.
5. Enter an administrator account name and password, then click OK.
6. Choose Disable Root User from the Edit menu.
Mac OS X 10.4.x or earlier
1. Open NetInfo Manager. It’s in the Utilities folder.
2. Click the lock.
3. Enter the name and password for an administrator account, then click OK.
4. For Mac OS X 10.2 and later, choose Disable Root User from the Security menu.
5. For Mac OS X 10.0 and 10.1, choose Security from the Domain menu, then Disable Root User from the submenu.
http://support.apple.com/kb/HT1528
Has it occurred to you that some of us have other things to do than satisfy your selfish demands?
Oh, also, “Administrator” level access on a Mac != root, as root is turned off by default, the procedure to turn it on is obscure, and almost nobody does that.
“Two years ago I found a key logger running on a registration computer. I went screaming to my boss about it, and his eyes glazed over when I tried to explain to him what a key logger was(typical IT director).”
-
An IT Director, unconcerned with, and unfamiliar with a keystroke logger?
That’s just dumbfounding.
But, alas, often true. The most clueful IT guy in most operations is the vice-director or IT operations manager. Lots of places just rotate generic execs into the IT Director posts.
Sounds like Dilbert’s office.
Dilbert’s office was based on reality. :P
The BOFH and his adventures with The (various, clueless) Bosses is also tangentally based on reality. :D
Yes, we have. They've been posted on FR every time. By me. However, patched vulnerabilities DO NOT translate into exploits. The current count of involuntary Mac OSX based spam-bots, in the wild, is ZERO. The current count of self-replicating. self-transmitting malware, in the wild, is also ZERO. There are about nine known Trojans including variants for OS X.
Merely clicking on a Link with a Mac does not equate with pwning the machine. I agree that one cannot protect the user from himself, but one can certainly protect the more vulnerable parts of the OS from the user.
I am not offended. Why should I be?
Mac OSX is UNIX!
In fact, OSX is one of the three fully certified UNIX operating systems in the world.
The security of Macs will be severely tested in the next year.
If I had 5 cents for every time some pundit posted or published that exact same prediction in the last eight years, I'd be rich. ;^)>
Many users give themselves root level access instead of running a more limited account.
They do? In Windows, that is true. On a Mac ROOT is disabled by default and a user has to be fairly sophisticated to even know how to enable it. I have seen hundreds of Macs in the past 8 years that OSX has been in the wild. NOT ONCE have I seen a Mac user running with Root Level permissions. Many do run as Administrators... but on a Mac, that is NOT ROOT.
Most run as a standard user... certainly all of my clients do.
Malicious Images Help Attackers Hack OS X . . . Multiple vectors of attack, including enticing one of your users into downloading and viewing malicious images, documents, or email.
Oh, wow. "Malicious images help attackers hack OS X"... uh, no, they don't and haven't. Apple patches some vulnerabilities that HAVE NOT BEEN EXPLOITED and the guys who sell anti-virus software claim it is a critical danger and Mac users need to rush out and buy their products ASAP. Ho Hum.
The fact is, driftdiver, that even if someone did put a malicious buffer overflow into an image, document or email, (and that has been done) viewing the image, loading the document, or opening the email in a Mac will have ZERO malware impact because the data stacks and heaps where these images, documents and email are loaded are NON-EXECUTABLE; the OS will not allow anything in those memory locations to execute code. The worst that could happen if the buffer overflows is the application being used to view, edit, or read the offending file might crash, resulting in a short Denial of Service. If it happens, the user need simply reload the offending app. Denial of Service over.
The total number of Mac users adversely affected by this vulnerability in the wild was ZERO. Apple merely patched it in the interests of cleaning up the code.
And, exactly, how did these sellers of anti-virus software find out about this "critical vulnerability" so they could tout the dangers? Why, Apple told them... after they patched it. They do not tell anyone how their virus solution would have prevented any of the new vulnerabilities malicious payloads.
Recently, Simantec waxed panicky about "OSX.Lamzev.AThe Mac Trojan Kit," a supposed "easily customizable Trojan kit that could be the first of a long list of malicious code clones." In other words, a script kiddies playground for Mac OSX.
Unfortunately for them, they later have to report the one primary weakness of this trojan creator... which really is just a simple programer's aid: "The current version of this Trojan kit has several restrictionsthe most important one is that somebody needs to be there on your machine, Trojanizing your application." They then opine that, in the future, automating the infection is merely a trivial exercise. Too funny.
There are many other problems with this so dangerous malware example... for example, it can only modify an application in the directory where the malware is downloaded to and resides. Except it requires an Administrator password to install anything into the applications folder on a Mac. It also requires an Administrator's password to modify any file in the applications folder or any System library. It takes WORK on the user's part to install and allow this so-called Trojan maker, to trojanize your applications.
99%? Uh, the market share of Windows just dropped below 90%...
No, we celebrate it.
One word acronym that might get his attention: HIPPA. Tell him it could lead to a HIPAA violation. I have several clients that are medical/dental/optometry office and I will NOT allow them to run their office computer with WIFI. They don't like the expense of hardwiring an ethernet line but that magic word HIPAA stops them in their tracks and they agree to the ethernet.
Of course, I don't tell them that the entire state of California has just six (6) HIPAA compliance officers and five of the six are in Los Angeles... the odds of any HIPAA enforcement is slim to none.
Refuse to accept it? What are you talking about? Apple touts it on their own pages as being a certified POSIX-compliant UNIX.
You mac fans are demented. Say the Mac OS is based on Unix and you get lambasted. Say its not and you get lambasted.
Go back to your artsy fartsy expensive machines.
Please provide an example where someone was lambasted for mentioning OS X is UNIX based.
“satisfy your selfish demands?”
My only “request” is that you quit acting like an expert that you are not. You should start all your posts with, “IMO” or “according to the Apple website.”
Blasphemer!!!!!!!!!!!!OSX is based on unix.
Yes of course, but many mac fans refuse to accept that.
Of course that is blasphemy - OSX is Unix.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.