OS X Security

Check Software Update often and there should be no problems. Apple is quite quick with the Security Updates.

i know its better then windows, i was wondering compared to some builds of linux or any other builds of unix

thanks

so OS X is about the same as other forms unix, apple is just smart enough to turn them off thanks

OS X has zero virii right? That should be in a switcher add. <img src="graemlins/cancer.gif" border="0" alt="[cancer]" />

[quote]Originally posted by robster:
<strong>

It's worth noting though that while it is secure out of the box, they don't exactly make it hard to open it up so it's wide open to any hacker.
A computer is only secure as it's configuration and if you need remote login, sendmail et al to be working and Apple have provided an older less secure version then really you can be in trouble...</strong><hr></blockquote>

Which is why it's good that Apple has been prompt in keeping up with the latest stable releases and firing off Software Updates with patches when problems come up. It doesn't hurt that they make it really easy to find and apply updates, either.

There is the pathological case of someone who enables all the daemons and ignores SU and every other source of bugfixes, updates and patches, but there's nothing anyone can do about that.

Actually, as a Unix person, I haven't been thrilled with OS X's default security setup. Most new users will set themselves up to be an Admin for ease of use. However, just about all files in the /Applications directory are read/writable by anyone in the Admin group. This means that a trojan program (downloaded and run by the user) can wipe out almost every application you have installed. Also, a virus on a program you download could copy itself to any of these applications, meaning other users on your computer can run them and be infected.

In my opinion, that is FAR too big of a hole. Granted, your computer may still boot even if these files are deleted, it is a MAJOR inconvenience. Also, the virus thing is critical. MacOS is currently small enough of a market that most virus programmers don't target it, but they easily could in the future.

My advice: don't make your standard account an Admin account. You could also remove group write privledges to all contents in /Applications.

John Whitney

OS X Security - AppleInsider

[quote]Originally posted by snoopy:
<strong>

Are you saying that a 'good' installer has no reason to ask for the administrator password? In my stupidity, I just figured there were things that needed to be installed in protected folders so the program would work correctly.</strong><hr></blockquote>

Yes, but very few applications should have to do that. System updates, driver updates, the odd iApp that has to update a private framework, the occasional UNIX app, and that's it.

Most applications should require nothing more than a drop into the /Applications or ~/Applications folders.

OS X Security - AppleInsider

[quote]Originally posted by John Whitney:
<strong>

Why should bundle applications be allowed to ask for a password, and non-bundled be discouraged from doing so? I fail to see the distinction.</strong><hr></blockquote>

The distinction is that the point of bundles is to localize all the application's files in the bundle. A bundled app is self-contained, so it doesn't need permission to go spamming files in system directories. It goes where it's dropped, period.

Someone porting an app over from Mac OS, however, might be used to stuffing files in various places within the System Folder, and they might have opted to keep that arrangement rather than reorganizing their app into a bundle - especially if it's also a Windows app.

[quote]<strong>Actually, I would MUCH prefer it if ALL installations asked me if I wanted to install the application locally (i.e., in my home dir) without a password, or in the main application directory for all users with a password.</strong><hr></blockquote>

This is an excellent idea. In fact, I'd like to see ~/Applications be the default, with installation in /Applications an "Advanced" feature available to people installing from an Administrator account. The shortcut on the Finder toolbar should also do something like present ~/Applications, /Applications, and network Applications as if they were in the same folder, but treat all drops as if they were to ~/Applications - again, unless there was a specific intervention by an Administrator.

I'm sure this could be further refined, but it's an important step. Once you get used to the idea that the real analog in OS X for "Macintosh HD" is your home folder (something that having Finder windows default to Home would certainly help) it's a lot easier and more secure to work within your home directory than it is to get used to mucking around in top-level folders.

[ 03-11-2003: Message edited by: Amorph ]</p>

[quote]Originally posted by ast3r3x:
<strong>but i dont want 6versions of AIM on my computer...especially if it something like photoshop.

and the solution to that would be to put it into the /applications, but that is what they are doing now</strong><hr></blockquote>

One solution is to drop everything in /Applications, although that doesn't stop you from having six copies of Photoshop lying around on your machine either. Right now, the default install folder is /Applications, which means you have to be an Administrator to install apps, which is NT-like in its oafishness, unless you manually install in ~/Applications. Change the default to ~/Applications, and what happens? All installs go into ~/Applications, unless you manually install in /Applications, which then (appropriately) requires an Administrator password.

If you are worried about doubling apps after a software update that introduced this change, it seems pretty simple to me to have the update back up your ~/Applications folder and copy /Applications into ~/Applications, or something similar. At any rate, that bit of pain would be worth the significant increase in the security and intuitiveness of the OS.

[quote]Originally posted by AirSluf:
<strong>
Sorry Amorph, but I don't even accept them file spamming because that's how it used to be or is on another platform. Not treating each target OS properly is just lack of professionalism. If you can't tell, I've had my fill recently of no-load coders.</strong><hr></blockquote>

Believe me, that was an explanation, not a justification.

I don't believe there's any excuse for file spamming on OS X either. But for the sake of clarification, those are the excuses of the file spammers. :/

[quote]Originally posted by ast3r3x:
<strong>but i dont want 6versions of AIM on my computer...especially if it something like photoshop.

and the solution to that would be to put it into the /applications, but that is what they are doing now</strong><hr></blockquote>

I don't want six versions of AIM either. However, if someone else wants access to your application, you can easily copy it to the main /Applications directory (I do this all the time), or re-install it there with the original installer and then delete your local copy. Just because it was originally installed for one user doesn't mean it has to stay that way. :)

My point is, as a general rule so far, I can't install (and test) an application locally without giving it the run of the system with the Admin password. This means a program that is a trojan or contains a virus has full access to all installed applications on the system. Why I don't fear this much with commercial software, I do occasionally load shareware or freeware on my system that I don't have the same trust.

Also, when my wife installs programs that I don't care to use, it won't be cluttering up MY Applications view. :)

I don't know, perhaps this is too complicated for the simplicity that Apple prefers, but as a power-user I certainly wish it was available and given as a guideline from Apple.

John