Friday, November 11, 2005

Why you should NEVER work with administrative privileges

In the XP world there's no choice but to run with admin privileges -- there's too much software that just won't work unless you do. In the OS X world you can run almost anything as a regular user, and you can install most things that way. (If an app won't run in OS X without admin privileges, don't use it.)

This occult DRM installation story gives yet anohter reason why OS X users should not work as an admin user:
via MacInTouch

I recently purchased Imogen Heap's new CD (Speak for Yourself), an RCA Victor release, but with distribution credited to Sony/BMG. Reading recent reports of a Sony rootkit, I decided to poke around. In addition to the standard volume for AIFF files, there's a smaller extra partition for "enhanced" content. I was surprised to find a "Start.app" Mac application in addition to the expected Windows-related files. Running this app brings up a long legal agreement, clicking Continue prompts you for your username/password (uh-oh!), and then promptly exits. Digging around a bit, I find that Start.app actually installs 2 files: PhoenixNub1.kext and PhoenixNub12.kext.

Personally, I'm not a big fan of anyone installing kernel extensions on my Mac. In Sony's defense, upon closer reading of the EULA, they essentially tell you that they will be installing software. Also, this is apparently not the same technology used in the recent Windows rootkits (made by XCP), but rather a DRM codebase developed by SunnComm, who promotes their Mac-aware DRM technology on their site.
I don't read EULAs. Do you? I didn't think so. If you don't have admin privileges, the OS (for now!) won't allow this kind of install to happen. You may be asked for an admin un/pw -- don't give it!

No comments: