MacGuard & user permissions
May 31, 2011
Posted by on
Following on from my recent posting on MacDefender, I noticed the same site had an updated page relating to MacGuard ( for original article see Reed Corner Design [Thomas Reed] http://www.reedcorner.net/news.php/?p=204 )
From the article it appears that MacGuard relies on a similar tactic to install itself on OS X machines as MacDefender, i.e. by Safari automatically starting the installer if “Open ‘safe’ files after downloading” is still ticked in the Safari preferences (see the ‘MacDefender Info’ article in this blog for further details).
The big difference between MacDefender and MacGuard appears to be that if a user has administrator rights then the install will run and the application will install without any prompts. If the user only has user rights then the installer will fail.
In reality, I believe that most home users do not know if they are using their machine as a user or admin, so this could be a risk to home users. For companies that have properly trained IT staff then no one should have admin rights on a Mac unless they are IT staff, but smaller companies may be left at risk.
As usual it appears that the risk is from lack of user awareness, that users need to realise the importance of the different types of account and the risks involved. This issue is one of awareness is not just limited to OS X users but Windows users as I believe that most Windows users are sitting using their Admin accounts in a daily basis. I believe that the industry as a whole need to look at the issues of user account permissions more seriously in the future.