Mac users - be aware

In article , android
wrote:

yep. even if an exploit can crack root, it won't be able to do anything.

How will that work then? Surely, if root access is achieved it's game
over.

The point is that root access, if "achieved" will have no power over
critical parts of the system.

https://en.wikipedia.org/wiki/System...ity_Protection

I've been running this iMac without a root account for nearly 3 years.
Prior Mac's root account was used exactly twice over a period of nearly
6 years and only because I was doing things out of curiosity and
experimentation that weren't "needed" to be done. Sudo is enough.

The article that you refer to implies that SIP can be disabled.

only by rebooting into recovery mode, disabling sip and then rebooting
back to the system.

do you think malware is going to somehow be able to do all of that
without the user being involved? not a chance in hell.

apple has also said the way to disable it may change. that's how it's
currently done so that developers can update their software to be fully
compatible in the event they need to do something that is affected by
it. once 10.11 is released, it might become harder. nobody knows that
yet.

On 8/6/2015 1:17 PM, nospam wrote:
In article , PeterN
wrote:

It strikes me as being bad form to let users have physical access to
their computers and even worse form to allow them permissions to
install anything on them. Bring back the mainframe I say.

Many software publishers would like to see that happen. Except, what you
call mainframe, they call the cloud.

no they wouldn't.

The all knowing speaks again, for all publishers.

as if you do?
Never claimed that, you proposed to speak for all.


selling apps is big business. apps use the cloud. apps are not going
away.

twisting.

there is no twisting.

Cough! cough!


you said 'many software publishers would like to see that happen'
(quoted above), referring to users not being able to install apps.


Yep!

that is flat out *false*.


How do you KNOW that. One of your biggest problems is your total failure
to distinguish fact from opinion. You have absolutely no proof of what
all software developers
although industry is definitely moving to the cloud, it still requires
the user to have and install native apps to access the cloud.

apps are *not* going away nor do 'many software publishers' want that.


Nope!


--
PeterN

On 8/6/2015 1:17 PM, nospam wrote:
In article , sid
wrote:

Since the weakest link in the chain is always the user unsuspectingly
installing malware, Apple's next major iteration of OS X will have
so-called rootless operation making it near impossible for the user to
let in the worst malware.

yep. even if an exploit can crack root, it won't be able to do anything.

How will that work then? Surely, if root access is achieved it's game over.

because in 10.11, root can no longer modify system files and other
critical files.

if you crack root or even intentionally use sudo to run as root, you
still can't compromise the system. it won't work.

thus the nickname 'rootless', which means means root can do less. the
official name is system integrity protection.

only code that's codesigned to make system modifications can do so,
such as what happens during a system update.

the only way around that would be to crack the codesigning and then
spoof it so that it has the proper credentials. good luck on that one.

the end result is that it's for all intents, not possible to hack.

nothing is truly impossible, but the bar is *extremely* high, *much*
higher than before.

hackers will go after easier targets. like android.


Is this the same nospam who, about a few year ago, that OSX was not
subject to hacker attacks.

Too bad our government doesn't listen to you. All those data stealing
attacks would have been prevented.


--
PeterN

In article ,
PeterN wrote:

On 8/6/2015 1:17 PM, nospam wrote:
In article , sid
wrote:

Since the weakest link in the chain is always the user unsuspectingly
installing malware, Apple's next major iteration of OS X will have
so-called rootless operation making it near impossible for the user to
let in the worst malware.

yep. even if an exploit can crack root, it won't be able to do anything.

How will that work then? Surely, if root access is achieved it's game over.

because in 10.11, root can no longer modify system files and other
critical files.

if you crack root or even intentionally use sudo to run as root, you
still can't compromise the system. it won't work.

thus the nickname 'rootless', which means means root can do less. the
official name is system integrity protection.

only code that's codesigned to make system modifications can do so,
such as what happens during a system update.

the only way around that would be to crack the codesigning and then
spoof it so that it has the proper credentials. good luck on that one.

the end result is that it's for all intents, not possible to hack.

nothing is truly impossible, but the bar is *extremely* high, *much*
higher than before.

hackers will go after easier targets. like android.


Is this the same nospam who, about a few year ago, that OSX was not
subject to hacker attacks.

Too bad our government doesn't listen to you. All those data stealing
attacks would have been prevented.

Well, the creator of the original PC (unless you count CP/M stuff), the
Big Blue has decided to shovel in thousands of Macs to protect their Big
Data...
--
teleportation kills

nospam wrote:

In article , sid
wrote:

Since the weakest link in the chain is always the user unsuspectingly
installing malware, Apple's next major iteration of OS X will have
so-called rootless operation making it near impossible for the user to
let in the worst malware.

yep. even if an exploit can crack root, it won't be able to do
anything.

How will that work then? Surely, if root access is achieved it's game
over.

because in 10.11, root can no longer modify system files and other
critical files.

So the root user is not really root then. So what they are doing is changing
roots name to "something else" and giving "something else" an encrypted
password. Ace!

if you crack root or even intentionally use sudo to run as root, you
still can't compromise the system. it won't work.

That's because you're not root.


--
sid

Alan Browne wrote:

Sudo is enough.

Absolutely!

--
sid

On 8/6/2015 5:36 PM, android wrote:
In article ,
PeterN wrote:

On 8/6/2015 1:17 PM, nospam wrote:
In article , sid
wrote:

Since the weakest link in the chain is always the user unsuspectingly
installing malware, Apple's next major iteration of OS X will have
so-called rootless operation making it near impossible for the user to
let in the worst malware.

yep. even if an exploit can crack root, it won't be able to do anything.

How will that work then? Surely, if root access is achieved it's game over.

because in 10.11, root can no longer modify system files and other
critical files.

if you crack root or even intentionally use sudo to run as root, you
still can't compromise the system. it won't work.

thus the nickname 'rootless', which means means root can do less. the
official name is system integrity protection.

only code that's codesigned to make system modifications can do so,
such as what happens during a system update.

the only way around that would be to crack the codesigning and then
spoof it so that it has the proper credentials. good luck on that one.

the end result is that it's for all intents, not possible to hack.

nothing is truly impossible, but the bar is *extremely* high, *much*
higher than before.

hackers will go after easier targets. like android.


Is this the same nospam who, about a few year ago, that OSX was not
subject to hacker attacks.

Too bad our government doesn't listen to you. All those data stealing
attacks would have been prevented.

Well, the creator of the original PC (unless you count CP/M stuff), the
Big Blue has decided to shovel in thousands of Macs to protect their Big
Data...


I am not arguing that OSX is not more secure than Windows. I am simply
pointing that certain folks here overstate the case for OSX system security.


--
PeterN

In article , PeterN
wrote:

selling apps is big business. apps use the cloud. apps are not going
away.

twisting.

there is no twisting.

Cough! cough!

take some medicine.

you said 'many software publishers would like to see that happen'
(quoted above), referring to users not being able to install apps.


Yep!

that is flat out *false*.


How do you KNOW that.

because i'm a software developer and know far more about what goes on
in the industry than you ever will.

One of your biggest problems is your total failure
to distinguish fact from opinion. You have absolutely no proof of what
all software developers

i never said anything about all software developers.

more of your lies and twists.

you said 'many software developers' want it, which is totally false.

it's as simple as that.

In article , PeterN
wrote:

yep. even if an exploit can crack root, it won't be able to do anything.

How will that work then? Surely, if root access is achieved it's game over.

because in 10.11, root can no longer modify system files and other
critical files.

if you crack root or even intentionally use sudo to run as root, you
still can't compromise the system. it won't work.

thus the nickname 'rootless', which means means root can do less. the
official name is system integrity protection.

only code that's codesigned to make system modifications can do so,
such as what happens during a system update.

the only way around that would be to crack the codesigning and then
spoof it so that it has the proper credentials. good luck on that one.

the end result is that it's for all intents, not possible to hack.

nothing is truly impossible, but the bar is *extremely* high, *much*
higher than before.

hackers will go after easier targets. like android.

Is this the same nospam who, about a few year ago, that OSX was not
subject to hacker attacks.

i never said anything even close to that.

that also has absolutely nothing to do with what i wrote above about
rootless.

more of your twists and bull****.

Too bad our government doesn't listen to you. All those data stealing
attacks would have been prevented.

straw man.

In article , sid
wrote:

Since the weakest link in the chain is always the user unsuspectingly
installing malware, Apple's next major iteration of OS X will have
so-called rootless operation making it near impossible for the user to
let in the worst malware.

yep. even if an exploit can crack root, it won't be able to do
anything.

How will that work then? Surely, if root access is achieved it's game
over.

because in 10.11, root can no longer modify system files and other
critical files.

So the root user is not really root then. So what they are doing is changing
roots name to "something else" and giving "something else" an encrypted
password. Ace!

completely wrong.

if you crack root or even intentionally use sudo to run as root, you
still can't compromise the system. it won't work.

That's because you're not root.

also wrong.