Aron Roberts wrote:
>
> In addition, many campus Mac OS X users are likely to be working in a
> user account with Admin privileges - which is the default for the first
> account set up under Mac OS X - so any malware would run with those
> privileges.
I don't think that's necessarily true; an OS X account with Admin privileges
still needs to authenticate (via sudo or a dialog box) before it gets
super-user privilege. I think an attacker would have to convince the user to
type in their password to run with super-user privilege.
Of course, there are plenty of bad things you can do without super-user privs,
such as searching through your address book and Safari cache for email
addresses for the purposes of spam or worm activity.
-- Tom Holub (tom_holub@LS.Berkeley.EDU, 510-642-9069) Director of Computing, College of Letters & Science 249 Campbell Hall <http://LS.berkeley.edu/lscr/> ------------------------------------------------------------------------ The following was automatically added to this message by the list server: For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.Received on Thu Feb 23 15:45:41 2006
This archive was generated by hypermail 2.1.8 : Thu Feb 23 2006 - 15:45:41 PST