On May 30, 2011, at 2:45 AM, John Stalberg wrote:
> So now what? The installer could have spread files to every and anywere that
> admin can wright to. That could surely be inconvinient. Use your fantasy and
> it is clear this would need a moment of cleaning. Preferably with search for
> the latest of the greatest malware files on your host but on the other hand,
> it is soon gone and we can go back to were we were. As a matter of fact, the
> installer isn't needed here as the bundle itself can with the executable
> spread its crap in the same way (we have a non super user doing the installer
> task).
Indeed. The malware could have stayed in Downloads for all that, and maybe
altered ~/Library/Preferences/loginwindow.plist to cause itself to be launched
at every login to do whatever evil it wants to do. There's no more privilege
to be had for it simply from residing in /Applications, or any other location
that is admin-writeable without an explicit admin password. The only advantage
to be had there is that it would end up in the search path of other users of
that Mac, but I would estimate that 99% of Macs out there HAVE only the one
user.
--
Macs R We -- Personal Macintosh Service and Support
in the Wickenburg and far Northwest Valley Areas.
http://macsrwe.com
_______________________________________________
MacOSX-talk mailing list
[email protected]
http://www.omnigroup.com/mailman/listinfo/macosx-talk
