Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Thanks everyone. I was not aware how risky it is to use a Mac. As I said earlier, I had actually planned to be iPad only as I get older, and have fewer things to commit to memory, maintain, and worry about being compromised. I feel like it's just as likely that I could make one of the errors you are all explaining when I'm logged into the Admin account, which would be needed, so maybe the Mac is not for me after all. I've got until Jan 8th to return it if I decide to, so at least I wouldn't be out any money.

It's a shame that Apple allows us to set it up with such risk without any warnings.
If I might offer a correction: "...not aware how risky it is to use a fully-featured OS..." Although the kernel of iOS is similar, an iPad might appear more secure because it simply lacks features - such as a file system and extensible modular device drivers.

IOS is generally tighter because it can afford to be; expectations of its intended demographic are managed. If an iPad fulfills your use cases, it could be a prudent security decision to dispense with the attack surface inherent in a full-featured OS. Cheaper, too.

Certain (many) use cases require a full range of full-power apps, a fully journaling, fully auditable file system, with multiple levels of encryption, and ability to curate and transfer files ad-hoc and offline. Furthermore, there's no IOS version of an app that holds a candle to its counterpart on a Mac or Windows or Linux/Unix.

MacOS (and Windows and Linux) IS more secure these days, as one would certainly hope. And Mac OS is replete with warnings, prompts and alerts. However, if one needs a full-featured OS, and there are security controls available, those controls should be invoked, however frustrating it might seem. Consensus of the world's focused, skilled, experienced IT security professionals are not wrong about restricting normal daily operations from admin permissions.

No single precaution is a silver bullet. User Vs. Admin account segregation is a basic start, not a whole solution.


OMG, just go with an admin account, it’s the default, and thereafter never give permissions without knowing why. It’s that simple.

Defaults are constructed for lowest common denominators. Apple literally advises segregating daily use from admin access. Apple decided they couldn't force this issue because the LCD's would get angry and start comments with "OMG."

Everyone needs to understand that a skilled hack isn't going to prompt for permission. That's what HACKING is, and when it's done right, it starts with a quitet, low-key toehold, then works to elevate to admin, then establishes persistence. ONLY THEN might you see any signs of exploitation.

The nasty stuff, the genuine large scale threats, are not ransoming your porn and taxes, or stealing stupid bitcoin wallets. They simply persist until called up by their command and control to execute larger distributed hacks. We discover and disable this kind of thing all the time; a few incidents are published, must remain under wraps (it's boring). And our advice is always the same: At very least, just to start, don't daily drive a *** **** admin account.
 
  • Haha
Reactions: AlixSPQR
So, basically, if I daily drive an admin account I have to be more careful when clicking stuff. This isn’t a problem for me. However, should something get a foothold somehow, I’m done for. If I use a standard account and something gets in it, then I just delete the account and fix things from the admin. So daily driving a standard account means I have a backup plan. Right?
 
So, basically, if I daily drive an admin account I have to be more careful when clicking stuff. This isn’t a problem for me. However, should something get a foothold somehow, I’m done for. If I use a standard account and something gets in it, then I just delete the account and fix things from the admin. So daily driving a standard account means I have a backup plan. Right?
Ideally, yeahhhh, but really, this merely improves your odds, one more layer in your favor. Endpoint security is not simply switched on; Security is ACCUMULATED in layers:
  • Trustworthy internet service providers (cabled copper or fiber to the core/backbone)
  • Network firewall (at your home WiFi router
    • actually the managed switch portion; as you don't actually get to manage the router portion)
  • Local firewall on the computer
    • MacOS' is kinda basic, but Lil Snitch is free/cheap)
  • Ensure all network connections are encrypted.
  • Ensure that system and data storage is encrypted "At Rest"
  • User account management
    • Segregate users from admin
    • Multifactor authentication
    • zero-trust
    • role based access controls
  • Diligent OS and application patching
    • especially browsers, and web-enabled apps and trusted system extensions
  • Whitelist apps to permit execution
    • permit only signed script code to execute
    • Allow unattended automation apps/scripts to execute only using restricted service accounts of their own
  • Application settings that block every*******thing, then only opened, feature by feature, as needed.
    • Safari kinds allows this, but not very granularly
    • use NoScript for Chrome and Firefox.
    • use secure DNS whenever possible
  • Perform file, user app and network event log audits for suspicious activity
    • Trusted Third party audits of configurations and security processes
  • Digital rights management to block unapproved email, web uploads and removable media.
  • Insider threat profiling and interdiction.
See where Users vs. Admin is just one little sub-bullet? Fortunately, as other commenters pointed out, MacOS has several other layers enabled by default (or at least available) - firewall, system integrity protection, anti-malware, drive encryption, OS auto-update, App Store auto-update, full file system logging, etc.).

HOWEVER, it can be exhausting to maintain such hypervigilence. And some of these controls are pricey, enterprise caliber tasks. It's enough to trigger comments, like, "OMG, just be admin and try not to click bad ****"

In fact, there are other security-related threads on these forums where frustrated users try to rationalize varying degrees of apathy, disregard and sometimes anarchistic "fight the system" ********. Some ******* commenters try to convince readers that it's okay to disable MacOS security controls if they see too many alerts or prompts.

However, NOT getting hacked one day, or the next, or through this OS, or through that app... does NOT prove that you were/are safe. People get killed in crosswalks, with the light, all the time. Just not you. Yet.

On the other hand, just like walking across the bus lanes, a gotta trust somebody in order to use any computer or software or network at all. So we do. We use them. We enjoy them. And occasionally curse at them. And sometimes more than occasionally. Okay, ******* constantly!

Just put in the little extra effort to enable and tolerate the security controls. Don't be part of the problem.

* I put in all the *s myself. Rest assured, they are all very bad words.
 
  • Haha
Reactions: AlixSPQR
So, basically, if I daily drive an admin account I have to be more careful when clicking stuff. This isn’t a problem for me.
Exactly.
However, should something get a foothold somehow, I’m done for. If I use a standard account and something gets in it, then I just delete the account and fix things from the admin. So daily driving a standard account means I have a backup plan. Right?
Principally, no. You are never safe. There are known exploits on a microchip level, and of course we should anticipate there are unknown. They can't be beaten (patched). Do I think it will affect you or me? No, we are probably not persons of such interest. That's why I go with an admin account, and vigilance about why I should give permissions.
 
Charles wrote in 19 above:
"Thanks everyone. I was not aware how risky it is to use a Mac."

It is not (risky).

"I feel like it's just as likely that I could make one of the errors you are all explaining when I'm logged into the Admin account"

In all likelihood, you probably won't make any errors.

"maybe the Mac is not for me after all."

You are making mountains out of molehills.
Get a Mac and try it.
I predict you will be pleasantly surprised -- and pleased.
 
  • Like
Reactions: ipaqrat
Exactly.

Principally, no. You are never safe. There are known exploits on a microchip level, and of course we should anticipate there are unknown. They can't be beaten (patched). Do I think it will affect you or me? No, we are probably not persons of such interest. That's why I go with an admin account, and vigilance about why I should give permissions.
Isn’t that with the M1 & M2 chips? I wasn’t aware of exploits on the M4.
 
So, basically, if I daily drive an admin account I have to be more careful when clicking stuff. This isn’t a problem for me. However, should something get a foothold somehow, I’m done for. If I use a standard account and something gets in it, then I just delete the account and fix things from the admin. So daily driving a standard account means I have a backup plan. Right?
yeah, if you've ever used windows before, i can assure you it is different on macos
on windows, if you are logged in as an admin user, you will not need to type your password for most things, which includes allowing a virus to make changes to your computer's files and settings; all you have to do is click "yes"
however, actions that are very high privilege, such as scheduling a task in task scheduler will require a password, although it is very rare to have to enter your admin password from the admin account
for macos admin accounts, you will still need to enter your password for these small actions regardless, so yes, admin accounts are safe to use on macos for most things
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.