Security and Privacy Guide
In most cases, whether you use Windows, Mac OS, GNU/Linux or BSD, your default account unfortunately is your administrator or root user account, which has full access to your system. If you're concerned about security and privacy, you should never work or play offline, or especially go online, in your default account, except to install software or updates. You should use a limited-access user account for routine work instead.
In fact, making changes in the administrator account in Windows and in the superuser / root user account in UNIX-based operating systems such as Mac OS, BSD and GNU/Linux is always dangerous. You could corrupt your system or make it either unbootable or vulnerable to attack by an intruder. So when it's necessary to make changes, you always need to do so carefully.
In Mac OS X, unlike Windows and GNU/Linux, there are three accounts. For security, the root user (Mac OS's equivalent of Windows' admin account) is disabled by default, so unless you enable it again (most users never have to - see my warning below the following links), there's no need to worry about making your system vulnerable to intruders through some mistake made while logged into your root account.
The default / admin account has some admin access, unfortunately, so even though it's limited, don't go online with your default / admin account. Use a normal / standard / staff user account instead.
In most GNU/Linux and BSD distributions, your default superuser / root user account unfortunately, like in Windows, is your admin account.
So create a limited-access user account (LUA) and use it for every-day use, especially to go online with, instead of your default account. But if you use Windows, be aware that it won't be a pain-free change. If you want to avoid the pain and hassle, switch to Mac OS X or an easy-to-use GNU/Linux distribution, then create a normal / standard / staff user account. Read the following articles to learn more. skip
WARNING for MAC OS X Power Users: Enabling the root user account subjects your system to the typical dangers I mentioned are associated with using it. (In Unix-based systems, there is no undo command!)
If you must make root access changes, I strongly recommend using the sudo (substitute user do) command prefix instead to gain root access temporarily, but only after patching its buffer overflow security hole, if you use an older version of Mac OS than 10.04 (not Tiger - it's 10.4), and removing its unsecure 5-minute ''grace period'' first.
Otherwise, an intruder could gain full access to your system, in the former, if unpatched, and in the latter, if an attack is made during that grace period. Using sudo is safer than using su, but if you must use su (substitute user) to "su to root" so you can run several commands, ALWAYS use /bin/su instead, and ALWAYS with a dash or hyphen.
If you ever do want to make changes in your administrator (in Windows) or root user (in Mac OS, BSD or GNU/Linux) account, I strongly recommend always creating a disk image of your operating system's partition first. Then, read the following articles to learn how to make those changes safely.
How to Control Access / Privilege Securely in Windows: skip
Security and Privacy Guide
Get notified when this page changes.
Please read my disclaimer before visiting the following top sites.
Brent's Place at brentsplace.info
©2000-2006 All rights reserved.