Vista User Account Control

Hakime wrote:

I don't really think that those two guys really understand how user accounts work in the mac. Pretending that the mac has a sinple log in/log out that puts you in an administrator account with full privileges is just a big lie to the face of the camera. Those guys do not seem to know that OS X is a Unix like system, and for this reason it uses exactely the same model for users accounts. It works as follows: OS X as Unix or Linux uses threee different levels of permissions: - The super user or root. If a user log in as a root, he has full provileges, full power to modify anithing in the OS. He can modify OS vital files or directories without any prompt. Well full power!!! The root is BY DEFAULT disactivated in OS X or Linux, or any other Unix. Th user need to activate the root account manually by providing the admin password. Most of the users on mac don't even know that such account exist, only Unix users know how to activate it. - The administrator account; This is the owner account. When people install a new version of OS X or Linux or buy a new mac, the is the default account which is created by the system. Why? Those are multiusers OS, so it needs to create at least one administrator account in order that the owner can manage the system. Of course the owner can disactivate the admin privileges if he/she wishes. However the admin account works quite differently than windows admin accounts. On Unix a admin user can yes manage the system, set the preferences, etc, but it does not have full freedom to modify the system. If an admin user tries to modify any OS vital files or directories, he will be prompted before. The idea is that you get the power to change things as your are the owner of the password to administrate the machine but system does not give full freedom to do anything you want before being sure that it is reeally what you want to do. If you try to install a application that put files in protected directories, an admin will also be prompted before to do so. The difference with windows is that the admin account on Unix does not open all doors as it does in windows, any vital change can not be done without entering a password even if your log in as admin. The admin account in windows is more similar to the super user on Unix. That means that a worm or virus will not be able to modify any protected files or directories without the approval of the user even in an admin account. If it tries to do so the system will ask the user to prompt. In windows, under admin acccount it just go through without the user noticing that something is changing the system. It also does mean that the admin account under OS X (UNIX) is more secure than the one in windows, because again, yes you are logged in as an admin but the system will still ask you to to enter a password if you try to make something dangerous to the system. - The non-admin account: This the default account that is created outise of the initial adnin account. Any account which is created on OS X is by default a non-admin account, ie., with the smallest privileges. So i don't get why one of those guys says that user accounts on mac are by default admin account, no they are not, only the orginal account created after installing the OS or starting up for the first time the mac is admin for the reason that i explained. Other created accounts are by default non-admin with smallest privileges. That means that a user in such an account can not set the system or change any shared directories betweenn users like the Application directory. He can only change what is inside his home directory. This is quite a quick explanation of how it works but man!! this is basic Unix. I can not just understand why those two guys seem to know very few on how accounts work on Unix and particularly on mac. Again OS X use the Unix model that i exposed. Trying to make people believe that logging in as an admin in mac is the same as windows is just showing that he really doesn know what he is talking about. Not surprising that UAC is quite badly implemented.