Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Inside OS X Security: Page 5 of 11

If you're logged in as an administrator, which is the traditional initial account level in Mac OS X, well, you can still shoot yourself in the foot with a Trojan, but you have to at least take some positive steps to do so in some cases. However, admin-level access, even without authenticating as root can still do a lot of damage.

For example, /Applications is read/write for the admin group, as are most of the applications in it. The same holds true for /Library. So even without you authenticating as root via the "Give us your password" dialog box, a Trojan running with administrator privileges can do a lot of damage.

Since I've been talking about "damage," I should touch briefly on what I mean by this. While there is still the risk of the "wiped my drive" malware, that's largely fading due to economic reasons.

A dead computer cannot make you money. It is far more profitable, and therefore, far more common these days for malware such as Trojans to, instead of killing your computer and rendering it useless to all, subvert your computer, so that it can become part of a botnet that is then rented out to spammers, other malware users, and the like.

Another use for malware is to install keyloggers and other monitoring tools so that the malware writers can get things like Social Security numbers, financial data, and the like. They can then use that to steal identities, money, find access information for other networks, etc. There's millions of dollars in zombie computers, botnets, and data mining, none in dead computers with erased hard drives and firmware. That's not to say destructive malware isn't still a problem, but that it's not the main focus any more.

If you have a non-administrator account, then you should be safer from Trojans, right? Well, sort of. The amount of damage that a Trojan can do from a non-admin account is fairly small. Now, your home directory can still get wiped out, and if you lose valuable work and you don't have backups, I'm not sure how much better you'll feel that your operating system is safe. But, that's pretty much the extent of it. However, if the Trojan asks you to authenticate as an administrator and you do, then, well, all bets are off, you just gave it root privileges, or close enough to them.