The escalation to root isn't much of a problem for normal users. Download an app which can not escalate to root and it can pretty much do what it wants in your admin account except where further password authorisations are required. If you have used always allow on keychain that's pretty much everything. It certainly has access to your documents.
Unless it is sandboxed. That's Apples security solution. In a release or two it will stop the launch of non sandboxed applications ( ie non mac store apps) without user intervention by default. to accept would mark you as a power user.
This will lead to a different complaint about walled gardens.
I don't know but it is foolish to have your day to day account be an admin account on any modern OS (Windows, OS X, Linux). A very large percentage of security vulnerabilities are nullified by using a standard account.
Not so much nullified, but it limits the damage that can be done.
If you accidentally run malware (e.g. via a browser exploit) from an unprivileged account, it can still upload any file you can read, it can still open network connections to botnets, and it can still trash/infect any file you have write-access to (typically the contents of your home directory.) What it can not do is install itself as a system service, trash/infect system files or remain running after you log-out. In a worst-case scenario, you can usually purge such malware by blowing away your account and re-creating it from scratch.
In contrast, when run from an admin account (or worse, root), that same malware can trash/infect every file, corrupt your boot loader, set itself up as a system service, and it can remain running even when nobody is logged in. Removal may end up forcing you to wipe the entire computer and reinstall everything.
... In a release or two it will stop the launch of non sandboxed applications ( ie non mac store apps) without user intervention by default. to accept would mark you as a power user.
I've been hearing this rumor for years. Do you have an actual source for this claim or are you simply assuming that the rumor is true?
Apple has been doing what you describe for downloaded apps for several years now. Gatekeeper's default configuration is to allow App Store purchases and applications signed with a valid Developer Certificate. Unsigned apps (and those with invalid certificates) make you jump through a few small hoops (including providing an admin password) the first time you launch them, with no subsequent interference afterward.
There is a higher level of security which blocks all but App Store purchases, but that has never been the default setting and Apple has said nothing about plans to change that default.
For software that was not downloaded (e.g. installed from CD/DVD, or stuff you compile yourself), none of the above applies. Gatekeeper doesn't even look at programs that were not downloaded. I've read nothing (aside from a few paranoid rumors) about Apple planning to change this behavior.
I've been hearing this rumor for years. Do you have an actual source for this claim or are you simply assuming that the rumor is true?
Apple has been doing what you describe for downloaded apps for several years now. Gatekeeper's default configuration is to allow App Store purchases and applications signed with a valid Developer Certificate. Unsigned apps (and those with invalid certificates) make you jump through a few small hoops (including providing an admin password) the first time you launch them, with no subsequent interference afterward.
There is a higher level of security which blocks all but App Store purchases, but that has never been the default setting and Apple has said nothing about plans to change that default.
For software that was not downloaded (e.g. installed from CD/DVD, or stuff you compile yourself), none of the above applies. Gatekeeper doesn't even look at programs that were not downloaded. I've read nothing (aside from a few paranoid rumors) about Apple planning to change this behavior.
All I am suggesting is that they will set the default setting to apps downloaded from the App Store for new users. These apps are automatically sandboxed.
The first User ID created in OS X is 501 and it is designated to be admin. A lot of system functionality is tied to 501 being admin and demoting 501 to a regular user may bite you in the ass later on. Better is to simply copy your files to the new regular user and settle in there. iCloud KeyChain and the likes of 1Password will migrate the bulk of your passwords and iCloud itself will migrate a lot of other stuff. In the end it is more work, but you will end up with a sound system and a user configuration as it should have been in the first place: Admin just for admin tasks and regular users for work. Apple created the OS X %u201Cdepleted%u201D admin because it realised that it would not be able to sell this (standard) way of setting up the system to its customers. It compromised and it worked out well for them. But by doing so it created the possibility for a situation like this.
Comments
Unless it is sandboxed. That's Apples security solution. In a release or two it will stop the launch of non sandboxed applications ( ie non mac store apps) without user intervention by default. to accept would mark you as a power user.
This will lead to a different complaint about walled gardens.
I don't know but it is foolish to have your day to day account be an admin account on any modern OS (Windows, OS X, Linux). A very large percentage of security vulnerabilities are nullified by using a standard account.
Not so much nullified, but it limits the damage that can be done.
If you accidentally run malware (e.g. via a browser exploit) from an unprivileged account, it can still upload any file you can read, it can still open network connections to botnets, and it can still trash/infect any file you have write-access to (typically the contents of your home directory.) What it can not do is install itself as a system service, trash/infect system files or remain running after you log-out. In a worst-case scenario, you can usually purge such malware by blowing away your account and re-creating it from scratch.
In contrast, when run from an admin account (or worse, root), that same malware can trash/infect every file, corrupt your boot loader, set itself up as a system service, and it can remain running even when nobody is logged in. Removal may end up forcing you to wipe the entire computer and reinstall everything.
... In a release or two it will stop the launch of non sandboxed applications ( ie non mac store apps) without user intervention by default. to accept would mark you as a power user.
I've been hearing this rumor for years. Do you have an actual source for this claim or are you simply assuming that the rumor is true?
Apple has been doing what you describe for downloaded apps for several years now. Gatekeeper's default configuration is to allow App Store purchases and applications signed with a valid Developer Certificate. Unsigned apps (and those with invalid certificates) make you jump through a few small hoops (including providing an admin password) the first time you launch them, with no subsequent interference afterward.
There is a higher level of security which blocks all but App Store purchases, but that has never been the default setting and Apple has said nothing about plans to change that default.
For software that was not downloaded (e.g. installed from CD/DVD, or stuff you compile yourself), none of the above applies. Gatekeeper doesn't even look at programs that were not downloaded. I've read nothing (aside from a few paranoid rumors) about Apple planning to change this behavior.
All I am suggesting is that they will set the default setting to apps downloaded from the App Store for new users. These apps are automatically sandboxed.
In the end it is more work, but you will end up with a sound system and a user configuration as it should have been in the first place: Admin just for admin tasks and regular users for work. Apple created the OS X %u201Cdepleted%u201D admin because it realised that it would not be able to sell this (standard) way of setting up the system to its customers. It compromised and it worked out well for them. But by doing so it created the possibility for a situation like this.
How many operate in a non-admin account on their mac?
I do, and every mac I set up for others I do the same, there's no reason not to.