- It's the applications, stupid
- Will a whitelist save personal computing?
- Thousands of Web sites under attack
- To solve the unsolvable problem
- Re-thinking the security of virtual machines
- Security Development Lifecycle trumps code complexity
- Is your Web site FIPS compliant?
- Computer security: Why have least privilege?
- Strategic security: Get a handle on authentication
- Control user installs of software
January 27, 2007 | Comments: (0)
Users want OS X to remove elevation prompts
Users want Apple to remove OS X elevation prompt
Similiar to a behavior in Windows Vista, Mac OS X has long required a secondary authorization to be completed when performing root tasks, even if logged in as the root account already. Although the Mac OS X mechanism works differently than Windows User Account Control (UAC), the effect is the same: It prevents unauthorized tasks requiring elevated privileges that the user has not explicitly authorized. Like Windows Vista, the simple elevation prompt attempts to stop "drive-by" downloads and malicious executions.
I'm a big fan of them. In Windows Vista, using group policy or a registry edit, you can turn on or off UAC, or have a little control over when it prompts a logged in user. I'm assuming this is not the case in OS X, as at least 30 or more people have signed an online petition asking for it to be removed all together.
Personally, I wouldn't want an elevation prompt to be removed. There is too much value. While visiting an unknown web site a few weeks ago in Windows Vista, a zero-day attack was launched against my system. The only way I knew it was happening, was the unexpected UAC dialog box prompting me for my permission to execute something with admin credentials. I returned to the web site, in a Virtual PC session, with Windows XP Pro SP2, and the malware siliently installed itself. I'm a fan of UAC for life.
Yes it's a little annoying, but after a few weeks of using it, you almost don't even notice the elevation dialog box. If anything, the risk is that the average user will click to allow the elevation every time they are prompted, even if initiated by some malicious software program. Still, when I really needed UAC, it saved me.
I encourage all readers to resist the impulse to turn UAC (or the Mac OS X equivalent) off. There is a reason why the vendors felt it important enough to annoy their power user base.
Posted by Roger Grimes on January 27, 2007 03:40 AM
RATE THIS ARTICLE:
-
- COMMENTS
Good grief, it's a joke, not a serious proposal.
The "petition" is LMH and Kevin Finisterre poking fun at the lack of security nous of many Mac users. If you look at the petition, you'll see Kevin is the proposer.
It is also linked to from MoAB's "Apple Fun" blog - together with a pointed link to the Wikipedia article on sarcasm.
http://applefun.blogspot.com/2007/01/moab-26-01-2007-apple-installer-package.html
Posted by: Nick at January 27, 2007 06:00 AMTOP STORIES
Steve Jobs to keynote WWDCCSC settles kickbacks case
MS previews SMB software
What does HP-EDS really mean?
Mac Office 2008 SP1 released
HP buys EDS for $13.9 billion
Corporate IT spending slows
MS targets smartphone market
SOA Software buys LogicLibrary
Sun to clarify JavaFX plan
ADDITIONAL RESOURCES
- Application Security: Threats and How to Counter Them
- Why Linux Threats Mean Business
- Minding the Machines: PC Disaster Recovery for the Enterprise
- Protect Your Data with SSL
- Prevent Your Next Microsoft Exchange Outage
- 11 Myths About Microsoft Exchange Backup & Recovery
