Mac users - be aware

In article , Tony Cooper
wrote:

The above opinions about what software developers want is based on a
survey of Coach Class passengers taken by nospam during a flight to
the annual Second Tier Software Developers Conference and Job Fair in
Cleveland, Ohio.

you are truly a moron.

In article ,
Eric Stevens wrote:

http://www.theregister.co.uk/2015/08..._exploit_wild/

"The amusing vulnerability in Apple's OS X that grants
administrator-level access to anyone who asks is being exploited in
the wild by malware. Yeah, malware exists for Macs, this isn't the
1990s.

Anyone logged in to a vulnerable OS X computer, or any software
running on it, can use the security hole to gain the same privileges
as the powerful root user, meaning they can install new programs,
change files, remove or add new users, wreck the system, and so on, at
will.

According to Adam Thomas of Malwarebytes, dodgy software distributed
on the internet is now exploiting the vulnerability to inject the
VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and
point users at an app to download from the official App Store."

... more

I tried it on a new laptop. It not only works, but it permanently
disables password prompting for sudo.

--
I will not see posts from astraweb, theremailer, dizum, or google
because they host Usenet flooders.

In article , PeterN wrote:

AnthonyL:
It strikes me as being bad form to let users have
physical access to their computers and even worse form
to allow them permissions to install anything on them.
Bring back the mainframe I say.

PeterN:
Many software publishers would like to see that happen.
Except, what you call mainframe, they call the cloud.

nospam:
no they wouldn't.

PeterN:
The all knowing speaks again, for all publishers.

nospam:
as if you do?

PeterN:
Never claimed that, you proposed to speak for all.

nospam:
selling apps is big business. apps use the cloud. apps are not
going away.

PeterN:
twisting.

nospam:
there is no twisting.

you said 'many software publishers would like to see that happen'
(quoted above), referring to users not being able to install apps.

Yep!

nospam:
that is flat out *false*.

How do you KNOW that. One of your biggest problems is your total
failure to distinguish fact from opinion. You have absolutely no
proof of what all software developers

This is your claim:

"Many software publishers would like to see that happen."

This is nospam's response:

"no they wouldn't."

So you're making a claim about what "many" wants, and nospam is saying they
don't, yet you are questioning his certainty but not your own. Ironic.

--
Sandman

In article , Andreas Skitsnack wrote:

nospam:
i never said anything about all software developers.

more of your lies and twists.

you said 'many software developers' want it, which is totally
false.

it's as simple as that.

The above opinions about what software developers want is based on a
survey of Coach Class passengers taken by nospam during a flight to
the annual Second Tier Software Developers Conference and Job Fair
in Cleveland, Ohio.

Andreas, not being able to add anything of substance to a specific topic, jumps
in with a personal comment instead, because he just have to have the attention.

--
Sandman

In article , sid wrote:

nospam:
In article , sid

Alan Browne:
Since the weakest link in the chain is always the user
unsuspectingly installing malware, Apple's next major
iteration of OS X will have so-called rootless operation
making it near impossible for the user to let in the worst
malware.

nospam:
yep. even if an exploit can crack root, it won't be able to do
anything.

sid:
How will that work then? Surely, if root access is achieved it's
game over.

nospam:
because in 10.11, root can no longer modify system files and other
critical files.

So the root user is not really root then. So what they are doing is
changing roots name to "something else" and giving "something else"
an encrypted password. Ace!

Sid snips out part of a message and responds with a comment that was already
answered in the snipped part. Now where have I seen this before? :-D

nospam:
if you crack root or even intentionally use sudo to run as root,
you still can't compromise the system. it won't work.

That's because you're not root.

Currently, sudo makes you root. Root has full access.

--
Sandman

On 2015-08-06 14:38, android wrote:
In article ,
Alan Browne wrote:

On 2015-08-06 12:55, sid wrote:
nospam wrote:

In article , Alan Browne
wrote:

Since the weakest link in the chain is always the user unsuspectingly
installing malware, Apple's next major iteration of OS X will have
so-called rootless operation making it near impossible for the user to
let in the worst malware.

yep. even if an exploit can crack root, it won't be able to do anything.

How will that work then? Surely, if root access is achieved it's game over.

The point is that root access, if "achieved" will have no power over
critical parts of the system.

https://en.wikipedia.org/wiki/System...ity_Protection

I've been running this iMac without a root account for nearly 3 years.
Prior Mac's root account was used exactly twice over a period of nearly
6 years and only because I was doing things out of curiosity and
experimentation that weren't "needed" to be done. Sudo is enough.

The article that you refer to implies that SIP can be disabled.

It can in Beta. Not clear if it will be disable-able in final release
(this fall). If one disables it, then they are responsible for the
added risk.

On 2015-08-06 18:03, sid wrote:
nospam wrote:

In article , sid
wrote:

Since the weakest link in the chain is always the user unsuspectingly
installing malware, Apple's next major iteration of OS X will have
so-called rootless operation making it near impossible for the user to
let in the worst malware.

yep. even if an exploit can crack root, it won't be able to do
anything.

How will that work then? Surely, if root access is achieved it's game
over.

because in 10.11, root can no longer modify system files and other
critical files.

So the root user is not really root then. So what they are doing is changing
roots name to "something else" and giving "something else" an encrypted
password. Ace!

You're missing the point entirely. Root as an account will still exist,
but the kernel will not allow it to modify certain files/folders
anymore. You could still run as root if you chose to but root-less
meaning "less" abilities to change files.

if you crack root or even intentionally use sudo to run as root, you
still can't compromise the system. it won't work.

That's because you're not root.

| So the root user is not really root then.

That's been happening across operating systems.
As computing matures, the system is increasingly
being locked down. It's a pain in the neck, but in
fairness, most people really do want a no-fuss
services device more than they want computer
functionality. On Windows they install 2 or 3 AV
and anti-malware programs, while running as a
"lackey" user. And many have switched to Macs
for the same reason: They don't care about controlling
or customizing the system. They just want to stop
worrying about malware.

So obstacles have been increasingly created to
keep the vast majority of people from ever being
able to control the system, which yields better
stability and better protection from malware. (For
all its disadvantages, Windows 7 really is more
secure than XP, precisely because it's locked.
Ditto for Macs.)

On most Linux systems root is no longer really root.
One has to track down the "super user" identity,
which is typically well hidden. Likewise on Windows:
It used to be the Administrators had control. Since
Vista an Admin is what used to be called a "power
user". It is quite literally a fake Admin. The only real
Admin is a hidden account that's named "Administrator"
and can't be changed. So to actually have complete
access to one's own computer on Vista+ one must
log on as the Administrator, after first running a
semi-secret command line to make that account
visible.
In both cases, the terms have stayed the same
while the configuration has changed: Root is no
longer root. Admin is no longer admin. That's a bad
design move, but it's actually a deliberate obfuscation.
This discussion is a good example. It's been going on
and on with a debate over who and what root is. It
used to be that root was simply root -- a configuration
with no restrictions.

It probably won't be long before people have no
more access, and no more expectation of access,
with computers than they do with DVD players,
TVs, etc. Tablets and watches are already halfway
there and people love them.... And probably we'll
all log on with "ultimate super user deluxe" status.

In article , Andreas Skitsnack wrote:

nospam:
i never said anything about all software developers.

more of your lies and twists.

you said 'many software developers' want it, which is totally
false.

it's as simple as that.

Andreas Skitsnack:
The above opinions about what software developers want is based
on a survey of Coach Class passengers taken by nospam during a
flight to the annual Second Tier Software Developers Conference
and Job Fair in Cleveland, Ohio.

Sandman:
Andreas, not being able to add anything of substance to a specific
topic, jumps in with a personal comment instead, because he just
have to have the attention.

Popinjay, not being able to add anything of substance on this
non-specific topic (two unsupported generalities) jumps in with a
non-contributing comment because he "have to have" [sic] something
to say.



--
Sandman

| And now isn;t more done via phones than from 'computers'
|
http://searchenginewatch.com/sew/opi...internet-began
|

I've also seen a statistic that about half of time
spent on phones is either games or Facebook.
subtract time actually talking or texting, and time
looking for restaurants or streaming music....
what's left?

That's all most people want. I do think it's been
overemphasized a bit, though. Real work is still
done on computers, but that's not where the
expansion and ad dollars are, so the media likes
to talk about the "death of the PC". ("No more
PCs! Death knell!! Barely 300 million sold last year!!")

On the other hand, "real work" has been done mostly
at work, in corporations, and those computers have
always been restricted, anyway.

| It's been 15+ years since I've bothered with custom folder icons,
| or any other customisation.
|

I have everything highly customized. It would take
me more than an hour just to set up a browser if I didn't
have config backup: user.js file, HOSTS file, about:config,
custom activity indicator icon...
And I don't tolerate file restrictions. It's just too irritating
to deal with obstacles. But I realize I'm not typical. I'm
becoming less typical all the time. I write software, change
the oil and repair the house. Most people hope to never
have to do any of those things.

But I'm happy to share icons if you have any Windows
machines. I've got a nice rubbish basket (recycle bin icon)
I made myself, in red oak. And my folders are a nice
cantaloupe color, instead of the dreary, faded yellow.

I use them on XP. I haven't used Win7 enough to know
how much config is possible there. I know how to remove
file/access restrictions, but haven't tried customizing the UI.