Originally Posted by jragosta
Yes, but you keep ignoring the way 99.99% of users set up their system - admin is the same password as root. So if they're logged in as admin, they simply SUDO and use THE SAME PASSWORD that they use every day to get access to every single file on the system.
But *you* entered that password. The applications on your system did not, and they do not know your admin password. For any of those applications to escalate to root privileges, they require *you* to enter the admin password. The applications can't do it silently, without your direct authorization to do so. Until now.
Furthermore, your example is silly. Gaining access to the System files (which require root) isn't very exciting. It's all that nice juicy data in the user files that most hackers are going to want. And if you have admin access, you have all those files when there is no separate user account (the way most users use their system).
The example was a quick-and-dirty way to give you practical proof that you do not indeed have full access to everything on the system. Most of the "good" stuff would be less convenient a test, since a lot of it's in locations that are hidden to the user. However, it's safe to say that *your* example is a bit silly, since *every* account, admin or not, has access to that account's own user files, so the only way *those* wouldn't be accessible would be if you weren't running in your own user account!
You want some real examples of what a malicious application can do with root privileges then? Okay, how about:
1. Like someone else already mentioned, this can grant malicious apps access to every Keychain on the system, from which attackers can get passwords to juicy things like:
- Your online banking account
- Your credit card account
- Your AI account so they can make you look ignorant by posting clueless replies about how giving a malicious app root access isn't a problem
- Your e-mail account, so the attacker can click the "Forgot Password" link for all your other accounts and reset all their passwords, giving the attacker access to *all* of them
2. More than the Keychain, with root access, you can actually access the VM swapfiles themselves, which theoretically can contain *anything* that's in memory, which could contain anything you've typed recently — including your admin password itself, or your credit card numbers if you've done any online shopping
3. With root, one can install malware in obscure nooks and crannies of the system such that you'll never be able to find it all and root it out without wiping your hard drive. Root can even modify the OS in such a way that it will prevent the files containing the malware from being shown to the user at all. In case you think malware isn't a threat, malware can include things like keyloggers which log everything your keyboard types and send it somewhere, which is sure to get all your passwords, credit card number, etc. Root can also install malware that runs on every user account, not just one of them.
4. You're probably thinking something like "Well, I've got Little Snitch, which would let me know if any malware app tried to phone home, and would prevent it!" With root access, you can silently disable things like Little Snitch without the user being any the wiser.
Seriously, if admin/root separation isn't that important, why aren't you holding up Windows XP as the paragon of security? Because lacking that separation worked so well there.