Macintosh security is a joke....

[Schadenfroh]

all i need is a boot disk or a USB boot device and there is freeware linux based software out there that will reset admin password on any NT based machine.

 

[ViRGE]

Originally posted by: tagej
Pretty much any machine can be compromised if the compromiser has physical access. However, as far as I know windows doesn't come with a disk that when booted gives you the option to simply reset the admin password? That sounds rather strange......

Indeed, the principal of physical access. With Macs, Apple doesn't completely lock down the password, so that end-users of single user machines can reset the password if they completely lock themselves out. This is fine since Apple uses OpenFirmware, which IMHO is far nicer than the PC BIOS, and allows dictating such things as requiring a password to change the boot device(among a whole list of things, you'd need to study a manual for a business week to understand everything). While this is very PC BIOS-like, this option can't be undone by resetting the CMOS like a PC can, since OF settings are stored in non-volatile RAM, meaning you're replacing chips/motherboards to be able to CD boot. Macs can be very secure as long as the administrator is competent enough to know how to use OF, which should be a requirement anyhow.

 

[Baked]

I got $20 on OP getting canned by end of next week.

 

[spidey07]

Originally posted by: hongkongfever

Originally posted by: n0cmonkey

Originally posted by: hongkongfever
So the eMacs at my worksite won't allow us to install any software without administrative privileges. We'd have to actually schedule an appointment for a "techie" to come out and install the software for us. This is ridiculous because we have the software in hand, we have the license, and we know how to do it. Yet we still have to make an appointment, then wait a few weeks for someone to show up.

But luckily Macs are a joke. I managed to just boot up with the Software Restore CD that came with it and there was an option to reset the administrative password. Correct me if I'm wrong but I don't think PCs are this weak in terms of security. I think even the old Windows were more secure than the latest Macs.

Why is Apple still in business? Sheesh.

All non-locked down machines I've used are that easy to get into. Windows, Solaris, Linux, *BSD, it doesn't matter. Stop posting flame bait bullshit, it's stupid.

Easy as booting up with a CD they give you?

yes. physical access to a machine = no security.

-edit- wow, even an apple guy bashing macs gets owned on ATOT.

 

[thirdlegstump]

With any OS X CD, you can reset the OS X admin password without even knowing the old admin password, so you're pretty much guaranteed access to it. All you gotta do is boot off of the CD (simply by holding down the C key while the disc is inserted..) and when the OS installer loads, you just go into the Apple menu and reset root admin password. It doesn't even ask you for the old password. Yep, that simple. Although you can do something similar on an NT/2000/XP box, it's a bit more difficult.

 

[tRaptor]

Maybe he is just trying to start a flame? He only has 17 posts...

And I just sold my iBook... Tiss a sad day.

 

[dman]

I'm glad my employer isn't so anal--yet. I completely understand that the vast majority of end users have no clue though, and by limiting the installed software it greatly reduces helpdesk costs. So, I guess my question is, if you have a problem with those macs who provides the support? If it's you, then you should have administrative access to be able to install licensed and in-policy software. If not, you should be disciplined / fired for breaking policy.

If it's not you, why do you have a lab of them? I would assume a lab is for testing purposes and would therefore lobby that you (or your dept) are in support of these systems and should have administrative responsibilities. However:

From an auditing and liability perspective, the district may have other concerns as to what is installed on the PC's, so it's not a technical reason why the 'techie' has to come out and install it but a bureaucratic one (tracking and such). By bypassing that process you can put the district at risk for something you are not aware of.

And yeah, as others said, XP and any other OS I've used has ways of bypassing administrative passwords if you have physical access to the hardware. However, if you turn on various levels of protection, bios passwords, encryption (file system), harddrive passwords, etc you can greatly reduce the exposures but still not lock out determined individuals with time and resources to their aid.

 

[Evadman]

If you have phsical access to a box, no mater what the OS is, you can get in. Some just take longer, but in the end, you still get in. There are no exceptions.