Mac users - be aware

In article , Mayayana
wrote:

| So the root user is not really root then.

That's been happening across operating systems.
As computing matures, the system is increasingly
being locked down. It's a pain in the neck, but in
fairness, most people really do want a no-fuss
services device more than they want computer
functionality.

it's not a pain in the neck at all because it affects almost nobody.

the only people it affects are those who write system level code and
malware authors.

the the former has the ability to get around it and the latter needs to
be blocked.

for everyone else, they do not need to modify critical system files.

On Windows they install 2 or 3 AV
and anti-malware programs, while running as a
"lackey" user. And many have switched to Macs
for the same reason: They don't care about controlling
or customizing the system. They just want to stop
worrying about malware.

they can control and customize things all they want.

customizing doesn't require being able to alter things like the kernel.

In article , Mayayana
wrote:

| And now isn;t more done via phones than from 'computers'
|

http://searchenginewatch.com/sew/opi...eds-pc-the-big
gest-shift-since-the-internet-began
|

I've also seen a statistic that about half of time
spent on phones is either games or Facebook.
subtract time actually talking or texting, and time
looking for restaurants or streaming music....
what's left?

what's the statistic for facebook use on a desktop computer?

you can't discount one without discounting the other.

That's all most people want. I do think it's been
overemphasized a bit, though. Real work is still
done on computers, but that's not where the
expansion and ad dollars are, so the media likes
to talk about the "death of the PC". ("No more
PCs! Death knell!! Barely 300 million sold last year!!")

it has nothing to do with ads. plenty of work is done on mobile and
that's increasing.

On the other hand, "real work" has been done mostly
at work, in corporations, and those computers have
always been restricted, anyway.

real work is also done outside corporations.

| It's been 15+ years since I've bothered with custom folder icons,
| or any other customisation.

I have everything highly customized. It would take
me more than an hour just to set up a browser if I didn't
have config backup: user.js file, HOSTS file, about:config,
custom activity indicator icon...

an hour to set up a browser?? wtf?

Alan Browne wrote:


because in 10.11, root can no longer modify system files and other
critical files.

So the root user is not really root then. So what they are doing is
changing roots name to "something else" and giving "something else" an
encrypted password. Ace!

You're missing the point entirely. Root as an account will still exist,
but the kernel will not allow it to modify certain files/folders
anymore. You could still run as root if you chose to but root-less
meaning "less" abilities to change files.

Which point did I miss? An account called root may exist but if it doesn't
have unfettered access to the system it is no longer *actually* the "root"
user. Some other, Apple in your case, will be the real root user, only
allowing themselves to have the unfettered access to do whatever they say is
OK.

--
sid

In article , sid
wrote:

because in 10.11, root can no longer modify system files and other
critical files.

So the root user is not really root then. So what they are doing is
changing roots name to "something else" and giving "something else" an
encrypted password. Ace!

You're missing the point entirely. Root as an account will still exist,
but the kernel will not allow it to modify certain files/folders
anymore. You could still run as root if you chose to but root-less
meaning "less" abilities to change files.

Which point did I miss? An account called root may exist but if it doesn't
have unfettered access to the system it is no longer *actually* the "root"
user. Some other, Apple in your case, will be the real root user, only
allowing themselves to have the unfettered access to do whatever they say is
OK.

you missed the point in how it works. there is no alternate root user.

root is exactly the same as it's always been, it just needs more than
just a password to do stuff.

end users, who don't need root, will never notice a difference. malware
authors who try to crack root will be wasting their time since it won't
help them anymore.

it's a very good thing and long overdue.

nospam wrote:

In article , sid
wrote:

Since the weakest link in the chain is always the user
unsuspectingly installing malware, Apple's next major iteration of
OS X will have so-called rootless operation making it near
impossible for the user to let in the worst malware.

yep. even if an exploit can crack root, it won't be able to do
anything.

How will that work then? Surely, if root access is achieved it's game
over.

because in 10.11, root can no longer modify system files and other
critical files.

So the root user is not really root then. So what they are doing is
changing roots name to "something else" and giving "something else" an
encrypted password. Ace!

completely wrong.

Oh, ok.

if you crack root or even intentionally use sudo to run as root, you
still can't compromise the system. it won't work.

That's because you're not root.

also wrong.

What a helpful and informative post, well done!

--
sid

Sandman wrote:

nospam:
because in 10.11, root can no longer modify system files and other
critical files.

So the root user is not really root then. So what they are doing is
changing roots name to "something else" and giving "something else"
an encrypted password. Ace!

Sid snips out part of a message and responds with a comment that was
already answered in the snipped part. Now where have I seen this before?
:-D

Nothing to add but bull**** then Jonas?

nospam:
if you crack root or even intentionally use sudo to run as root,
you still can't compromise the system. it won't work.

That's because you're not root.

Currently, sudo makes you root. Root has full access.

Oh, and something totally irrelevant. How normal.

--
sid

On 2015-08-07 11:59, sid wrote:
Alan Browne wrote:


because in 10.11, root can no longer modify system files and other
critical files.

So the root user is not really root then. So what they are doing is
changing roots name to "something else" and giving "something else" an
encrypted password. Ace!

You're missing the point entirely. Root as an account will still exist,
but the kernel will not allow it to modify certain files/folders
anymore. You could still run as root if you chose to but root-less
meaning "less" abilities to change files.

Which point did I miss? An account called root may exist but if it doesn't
have unfettered access to the system it is no longer *actually* the "root"
user. Some other, Apple in your case, will be the real root user, only
allowing themselves to have the unfettered access to do whatever they say is
OK.

Whatever spin turns you on.

On 2015-08-07 13:05, sid wrote:
Sandman wrote:

nospam:
because in 10.11, root can no longer modify system files and other
critical files.

So the root user is not really root then. So what they are doing is
changing roots name to "something else" and giving "something else"
an encrypted password. Ace!

Sid snips out part of a message and responds with a comment that was
already answered in the snipped part. Now where have I seen this before?
:-D

Nothing to add but bull**** then Jonas?

nospam:
if you crack root or even intentionally use sudo to run as root,
you still can't compromise the system. it won't work.

That's because you're not root.

Currently, sudo makes you root. Root has full access.

Oh, and something totally irrelevant. How normal.

Deliberate obtuseness usually fades around 17 or so after boys lose
their virginity.

On 8/6/2015 8:09 PM, nospam wrote:
In article , PeterN
wrote:

selling apps is big business. apps use the cloud. apps are not going
away.

twisting.

there is no twisting.

Cough! cough!

take some medicine.

you said 'many software publishers would like to see that happen'
(quoted above), referring to users not being able to install apps.


Yep!

that is flat out *false*.


How do you KNOW that.

because i'm a software developer and know far more about what goes on
in the industry than you ever will.

One of your biggest problems is your total failure
to distinguish fact from opinion. You have absolutely no proof of what
all software developers

i never said anything about all software developers.

more of your lies and twists.

you said 'many software developers' want it, which is totally false.


I did not say that.
Do learn to read.

it's as simple as that.



--
PeterN

On 8/6/2015 8:09 PM, nospam wrote:
In article , PeterN
wrote:

yep. even if an exploit can crack root, it won't be able to do anything.

How will that work then? Surely, if root access is achieved it's game over.

because in 10.11, root can no longer modify system files and other
critical files.

if you crack root or even intentionally use sudo to run as root, you
still can't compromise the system. it won't work.

thus the nickname 'rootless', which means means root can do less. the
official name is system integrity protection.

only code that's codesigned to make system modifications can do so,
such as what happens during a system update.

the only way around that would be to crack the codesigning and then
spoof it so that it has the proper credentials. good luck on that one.

the end result is that it's for all intents, not possible to hack.

nothing is truly impossible, but the bar is *extremely* high, *much*
higher than before.

hackers will go after easier targets. like android.

Is this the same nospam who, about a few year ago, that OSX was not
subject to hacker attacks.

i never said anything even close to that.

Wrong.


that also has absolutely nothing to do with what i wrote above about
rootless.

more of your twists and bull****.

Too bad our government doesn't listen to you. All those data stealing
attacks would have been prevented.

straw man.



--
PeterN