Mac security question
Hey all, I am a very security-minded person and have this question. The most critical function that malware needs to accomplish is to make itself automatically start up every time you boot. This is the act of "infecting" your computer. Because if it stops running and just sits on your hard drive like a bump on a log after you reboot, then it is a pretty lame bit of malware. In Windows, at least up to XP (I don't know much about Vista/7) a very easy and convenient way for malware to accomplish this task is by creating a registry entry to start it up at reboot. The registry is a great place for this, because it is soooo frickin' huge and difficult to understand that it is easy for a virus to hide an entry in there. The way to circumvent this in windows is to run only with a non-administrative account, which takes away privileges to write into the registry. Now, on to the Mac part of my question. As far as I can tell, there are at least two ways to make a program automatically start at boot. You can right click on the program on your dock, and select "start at login" or something like that. Another way is to go to your system preferences and select the programs to restart at boot. My question is this: is there a system file somewhere that reflects these actions, which take place graphically? And can you prevent this file from being modified? My thinking is that there has to be a file somewhere, and if a virus wanted to infect your Mac, all it needs to do is modify this file. I would like to inspect these file(s) and make sure there's nothing that is auto-starting that shouldn't be there. I also have a related question. Are only programs from your Applications folder allowed to auto-start? This would be a good security measure, because you need admin privilege to put a program in the Applications folder. And as a side note: there is one thing that Mac does wrong, following Microsoft Windows' bad example. After you install the OS, the default account has administrative privilege! Most people probably don't know/don't care enough to create a non-admin account for daily use, therefore making themselves vulnerable just like the Windows users who run in admin mode. It is because of this that I believe Macs are just as vulnerable as Windows machines, and Macs are just not targeted because virus writers are too lazy to go after the last 10% of existing computers. I am trying to close this hole on my own machines by running only in non-admin mode, but i would like to understand the auto-start mechanism to confirm that I am safe.
cubicle slave wrote:
Hey all, I am a very security-minded person and have this question. The most critical function that malware needs to accomplish is to make itself automatically start up every time you boot. This is the act of "infecting" your computer. Because if it stops running and just sits on your hard drive like a bump on a log after you reboot, then it is a pretty lame bit of malware. In Windows, at least up to XP (I don't know much about Vista/7) a very easy and convenient way for malware to accomplish this task is by creating a registry entry to start it up at reboot. The registry is a great place for this, because it is soooo frickin' huge and difficult to understand that it is easy for a virus to hide an entry in there. The way to circumvent this in windows is to run only with a non-administrative account, which takes away privileges to write into the registry.
Not really. Windows has such a lax security model that malware can easily get the privileges it needs to install and run - even if you can't.
Now, on to the Mac part of my question. As far as I can tell, there are at least two ways to make a program automatically start at boot. You can right click on the program on your dock, and select "start at login" or something like that. Another way is to go to your system preferences and select the programs to restart at boot.
There are a number of ways to start programs at boot. Except for user account login items, these methods are not accessible from System Preferences. You need to know your way around the Terminal to find them.
My question is this: is there a system file somewhere that reflects these actions, which take place graphically?
They are:
~/Library/LaunchAgents
/Library/LaunchAgents
/Library/LaunchDaemons
/Library/StartupItems
/System/Library/LaunchAgents
/System/Library/LaunchDaemons
/System/Library/StartupItems
I don't know of any graphical interface to them.
And can you prevent this file from being modified?
Only the root user can modify the most of those directories. You can modify your own ~/Library/LaunchAgents and System Preferences > Accounts > your account > Login Items. Of course, any time you give your admin password to some installer program, you are giving that installer program root privileges.
My thinking is that there has to be a file somewhere, and if a virus wanted to infect your Mac, all it needs to do is modify this file. I would like to inspect these file(s) and make sure there's nothing that is auto-starting that shouldn't be there.
That is true, but there are no Mac viruses that can do that. There are a couple of Trojan Horses that ask for your admin password and will do malicious things in those directories if you give them your admin password. Also, those directories are pretty obscure. You have to be pretty savvy with software to be able to tell who installed what.
I also have a related question. Are only programs from your Applications folder allowed to auto-start?
No. Any program can be run at startup. Most startup programs are not in the Applications folder.
And as a side note: there is one thing that Mac does wrong, following Microsoft Windows' bad example. After you install the OS, the default account has administrative privilege! Most people probably don't know/don't care enough to create a non-admin account for daily use, therefore making themselves vulnerable just like the Windows users who run in admin mode.
This is true.
It is because of this that I believe Macs are just as vulnerable as Windows machines, and Macs are just not targeted because virus writers are too lazy to go after the last 10% of existing computers.
It is more complicated than that. There are trojans on both platforms that will ask for your admin password so they can do nasty things. The difference is that a well-written Window virus doesn't need to ask for your admin password. Those viruses have more privileges than even the admin user does. The Mac has a tighter security model and no virus has yet found a way around it. There are plenty of people trying, but they just want bragging rights. It isn't really laziness per se. It isn't a good return on investment. Macs are so much more difficult to crack that true virus writers usually don't bother, only people who want publicity.
I am trying to close this hole on my own machines by running only in non-admin mode, but i would like to understand the auto-start mechanism to confirm that I am safe.
You are already in the top 10% of safe users on the top 10% of safe computers. You're fine.
Similar Messages
-
Some reason my apps cannot download in my mac security question problem
securty questionn of apple id problem i tried my apple id method also but did`t work
I strongly recommend that you use a password for each login account but primarily for your admin account which will also be required when installing any software that uses an installer and/or for something being installed to the root directory of the hard drive such as a virus would likely require. If you are ever prompted for your admin password out of the blue to install anything without purposely trying to install anything, you should always decline which not having an admin password negates.
Many single users of a Mac have an admin account (obviously and required) but create a login account without admin privileges for every day use as added security.
Besides turning on the built-in Firewall, do not enable any services/ports that you don't need or regularly use and select all options via the Advanced button under the Firewall tab. -
Mac security question and opinions
Hi,
My Mac is plugged directly into my cable modem. I am wondering about security.
Firstly, I have two accounts for me and my wife; my account can "administer the computer" and my wife's cannot. Both accounts currently have blank passwords, I know that may sound like a red flag right there, but it's just easier to switch back and forth that way.
I discovered there's a firewall on the System Preferences > Sharing > Firewall tab. I clicked "start firewall", but I'm wondering what that's going to do for me. Apple's docs say that make me invisible to the world.
So the quick question, with "firewall started" am I pretty much protected against threats coming from the internet? I prefer to leave the accounts with blank passwords, am I being stupid? I just don't feel like it's a problem, especially if the firewall works as advertised.
Any info or opinions are greatly appreciated!
slegge
20" intel iMac Mac OS X (10.4.9) 2 gig Ram, x1600 128Meg videoI strongly recommend that you use a password for each login account but primarily for your admin account which will also be required when installing any software that uses an installer and/or for something being installed to the root directory of the hard drive such as a virus would likely require. If you are ever prompted for your admin password out of the blue to install anything without purposely trying to install anything, you should always decline which not having an admin password negates.
Many single users of a Mac have an admin account (obviously and required) but create a login account without admin privileges for every day use as added security.
Besides turning on the built-in Firewall, do not enable any services/ports that you don't need or regularly use and select all options via the Advanced button under the Firewall tab. -
Please help me!!!!
I have got a new Mac, I am trying to share my itues on it as well as my old mac, I have had two itunes accounts in my life, one is current now (this account) one I have not had access to the email for years. Since I have bought music off both accounts, I wish to play it all on both my macs. My Old mac has both accounts Authorised fine and all is good.
My new Mac, I have thios account running fine, but keep getting prompted for the password for my old account, I have no idea what my old password is, I have not had access to that email address for 5 years, and for some strange reason the security question isn't working eaither.
Since I do still have one Mac where it is Authorised, Is there any file I can copy accross or anyway to get the password out of the OSX 10.6.8 for my old account.
Secondly, is there anyway to roll both accounts into just my current one.
Many Thanks in advance for your help.
SteveI too am having this same problem but I have not seen ANY solutions for it. Looks like Apple is ignoring it!!!!!!!!?
-
After having created an apple ID with Italian itunes I moved to UK and I mistakenly created a new Apple ID. However, when I want to update the application on my Ipad and mac computer I am asked fo the old password which I have fogotten. I have also forgotten the answers to the security questions. I made a mistake also with the email i gave and so i cant verify a new password that i want to create. How can you help me?
Normally you need to call Apple Care for the country where the ID is located. You have changed countries and complicated it by making a new ID. I don't know what to suggest beyond calling Apple Care for Italy and asking them to help you recover the old ID.
-
I have no clue as to what my security question answers are and since this is my first purchase from my mac book it is asking for these. What do i do?
You won't be able to change your rescue email address until you can answer 2 of your questions, you will need to contact iTunes Support / Apple to get the questions reset.
Contacting Apple about account security : http://support.apple.com/kb/HT5699
When they've been reset you can then use the steps half-way down this page to update your rescue email address for potential future use : http://support.apple.com/kb/HT5312 -
Why won't my mac pro let me reset my security questions?
why won't my mac pro let me reset my security questions?
Solution may be found if you search in the "More Like This" section over in the right column.
-
I started my mac email account 17 years ago and I can't remember my security question answers so I can change my password. What can I do?
You need to ask Apple to reset your security questions; ways of doing so include clicking here and picking a method for your country, and filling out and submitting this form.
(96139) -
I do not remember my security questions and the recovery email hasnt been logged onto in years. i can't buy anything for my mac for college without answering the security questions which i cant recover
you can setup a rescue email. http://support.apple.com/kb/HT5312
all else failing you can reestablish a new account. as a last resort
https://iforgot.apple.com/appleid?language=US-EN&returnURL=https://appleid.apple .com/cgi-bin/WebObjects/MyAppleId.woa&app_id=93&app_type=ext -
This advice given above to reset security questions is useless, as I don't get the option to send an email to my rescue address (which is verified) to reset my security questions.
Any suggestions fellow mac users?You are sure that you have a rescue email address, and not an alternate email address ? They are different addressess and settings.
If you don't have a rescue email address then see if the instructions on this user tip helps : https://discussions.apple.com/docs/DOC-4551 -
Good morning, i need to do a recovery of my ios X on my mac butthe apple id I have linked to my mac is an old one and i have locked it up trying to remeber the security questions
You need to ask Apple to reset your security questions; this can be done by phoning AppleCare and asking for the Account Security team, or clicking here and picking a method, or if your country isn't listed in either article, filling out and submitting this form.
They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
(107161) -
Someone please help me!
Forgotten security questions - https://discussions.apple.com/message/18402551
More involved forgotten question issues - https://discussions.apple.com/thread/3961813
Frequently asked questions about Apple ID - http://support.apple.com/kb/HE37 -
HT204266 i need to reset my apple id security questions so i can use the apple app store on my mac
there is no button to reset it on my apple id anymore apple is REALLY REALLY STARTING TO **** ME OFF
See Kappy's previous write-up.
Some Solutions for Resetting Forgotten Security Questions: Apple Support Communities -
iTunes requires me to answer to a couple of security questions to authorize me to use it on my new mac book pro, but I don't rimember the answer to them. I can I sort out this problem?
Thank you for helping...
Danila63 Account Security Team (AST)
Check the AppleCare number for your country here:
http://support.apple.com/kb/HE57
Call them up, and let them know you would like to be transferred to the Account Security Team. -
to download an App the 3 security questions are required. But at the end, apple is not able to complete the task and gives an error message. No more downloads are possible. What can I do?
Very Important, how much Free Space is on your Hard Drive first of all? Click on the Macintosh HD on the Desktop, then do a Get Info on it.
Could be many things, we should start with this...
"Try Disk Utility
1. Insert the Mac OS X Install disc, then restart the computer while holding the C key.
2. When your computer finishes starting up from the disc, choose Disk Utility from the Installer menu at top of the screen. (In Mac OS X 10.4 or later, you must select your language first.)
*Important: Do not click Continue in the first screen of the Installer. If you do, you must restart from the disc again to access Disk Utility.*
3. Click the First Aid tab.
4. Select your Mac OS X volume.
5. Click Repair Disk, (not Repair Permissions). Disk Utility checks and repairs the disk."
http://docs.info.apple.com/article.html?artnum=106214
Then try a Safe Boot, (holding Shift key down at bootup), run Disk Utility in Applications>Utilities, then highlight your drive, click on Repair Permissions, reboot when it completes.
(Safe boot may stay on the gray radian for a long time, let it go, it's trying to repair the Hard Drive.)
If perchance you can't find your install Disc, at least try it from the Safe Boot part onward.
Do they launch OK while in Safe Mode?
Maybe you are looking for
-
Limewire playlists showing up in home sharing
I have a weird problem. I have limewire playlists showing up in my Itunes 9 shared area. No one in the household has ever installed limewire on the pcs, and nothing shady is done on any of them. If I open the playlists they are full of music none of
-
FB60--When i posting invoice i am geeting error
hi All I created with Tax Codes When i am posting FB60 I am geeting error Could not determine the year for TDS certificate number range pls help me when i double click error i am geeting material . but, i could not understand . pls suggest me . Diag
-
DATA Log file path change in sql
Dear experts, due to non avaibility of space in disk i have move my SAPLog file in another drive, but now my SAP working fine but when i try to change path in SQL 2005 its not giving me permission to do. please let me know how to change log file path
-
SALES ORDER BASED STOCK TRANSFER ISSUE
Sales order based planning A B C D E In this A (header material) is sales order item and B is sub assembly. D, E,
-
Autonomous to LWAPP upgrade failure on 1242ag AP
Using upgrade tool I'm trying to convert an autonomous AIR-AP1242AG-A-K9 AP to LWAPP but the upgrade fails when it tries to load the recovery image onto the AP. Has anyone run into this issue and if so what is the fix? Running 12.3(11)JA IOS on the A