Skip to content

Adware on OS X

I came across this post about the cnet article on some adware for OS X.

Since I don’t like to create accounts on every site I visit, and Rom’s blog requires you to be logged in to comment, I’ll write the comment on my site.

Rom wrote “I am curious as to how this is achieved specially when you are not running as administrator and all applications that you use are saved at the default /Applications, which require admin privileges for write access.”

So how does this happen? To find the answer, go to your Mac, bust out a terminal, and do a long listing on the /Applications directory (ls -l /Applications). You’ll see something like this:

drwxrwxr-x    3 root      admin       102 Sep 28 23:41 Address Book.app
drwxrwxr-x    5 jtanium  admin       170 Nov 11 22:00 Adobe Reader 7.0.8
drwxrwxr-x    6 root      admin       204 Nov  9 19:57 AppleScript
drwxrwxr-x    3 root      admin       102 Sep 28 23:45 Automator.app
drwxrwxr-x    3 root      admin       102 Aug 20 04:56 Calculator.app
drwxr-xr-x    3 jtanium  admin       102 Sep 11 05:30 Camino.app
drwxrwxr-x    3 root      admin       102 Aug 20 03:52 Chess.app
drwxr-xr-x    3 jtanium jtanium    102 Nov  1 21:30 CocoaMySQL_0.7b5.app
drwxr-xr-x    3 jtanium  admin       102 Sep 28 15:16 CrossOver.app
drwxrwxr-x    3 root      admin       102 Sep 28 23:37 DVD Player.app
drwxrwxr-x    3 root      admin       102 Sep 11 20:37 Dashboard.app
drwxr-xr-x    3 jtanium  admin       102 Nov 10 07:18 DbVisualizer.app
drwxr-xr-x    3 jtanium  admin       102 Nov  9 16:24 Delicious Library.app
drwxrwxr-x    3 root      admin       102 Apr 21  2005 Dictionary.app
drwxr-xr-x    4 jtanium  admin       136 Nov 10 07:09 Firefox.app
drwxrwxr-x    7 root      admin       238 Nov 12 11:48 Flip4Mac
drwxrwxr-x    3 root      admin       102 May 27  2005 Font Book.app
drwxrwxr-x    3 root      admin       102 Nov  9 20:37 GarageBand.app
drwxr-xr-x    3 jtanium  admin       102 Jul 27 01:11 Google Notifier.app
drwxrwxrwx   15 root      admin       510 Nov 12 15:42 Hewlett-Packard
drwxrwxr-x    3 root      admin       102 Aug 20 00:36 Image Capture.app
drwxr-xr-x   13 jtanium  admin       442 Jun 15 04:45 IntelliJ IDEA 5.1.2.app
drwxrwxr-x    3 root      admin       102 Sep 28 22:11 Internet Connect.app
drwxrwxr-x    3 root      admin       102 Mar  3  2005 Mail.app
drwxrwxr-x    3 jtanium  admin       102 Nov 10 07:30 Microsoft AutoUpdate.app
drwxrwxr-x   16 jtanium  admin       544 Nov 10 07:41 Microsoft Office 2004
drwxr-xr-x    3 jtanium  admin       102 Aug  2 13:41 OmniGraffle Professional.app
drwxrwxr-x    3 root      admin       102 Mar 14  2006 OmniOutliner.app
drwxrwxr-x    3 jtanium  admin       102 Sep 19 02:49 Opera.app
drwxrwxr-x    3 root      admin       102 Aug  4 12:31 Photo Booth.app
drwxrwxr-x    3 root      admin       102 Sep 11 20:44 Preview.app
drwxrwxr-x    3 root      admin       102 Nov 10 06:48 QuickTime Player.app
drwxrwxr-x    3 root      admin       102 Feb 10  2005 Safari.app
drwxrwxr-x    3 root      admin       102 Sep 28 23:42 Sherlock.app
drwxr-xr-x    3 jtanium  admin       102 Aug  5 15:34 Shiira.app
drwxrwxr-x    3 root      admin       102 Aug 20 06:36 Stickies.app
drwxr-xr-x    4 jtanium  admin       136 Sep 21 06:37 StuffIt 11
drwxrwxr-x    3 root      wheel       102 Aug 20 05:06 System Preferences.app
drwxrwxr-x    3 root      admin       102 Aug 20 06:31 TextEdit.app
drwxr-xr-x    3 jtanium  admin       102 Nov  1 21:22 TextMate.app
drwxrwxr-x   30 root      admin      1020 Nov 12 15:41 Utilities
drwxr-xr-x    3 jtanium  admin       102 May  6  2006 VLC.app
drwxr-xr-x    3 root      wheel       102 Nov 10 07:20 VPNClient.app
drwxrwxr-x    3 root      admin       102 Aug 22 18:48 iCal.app
drwxrwxr-x    3 root      admin       102 Aug 20 14:20 iChat.app
drwxrwxr-x    3 root      admin       102 Nov  9 20:37 iDVD.app
drwxrwxr-x    3 root      admin       102 Nov  9 20:37 iMovie HD.app
drwxrwxr-x    3 root      admin       102 Nov  9 20:37 iPhoto.app
drwxrwxr-x    3 root      admin       102 Aug 20 06:57 iSync.app
drwxr-xr-x    3 jtanium  wheel       102 Nov  9 13:56 iTerm.app
drwxrwxr-x    3 root      admin       102 Nov 10 06:56 iTunes.app

See what’s happening? When you install applications by copying the .app folder to /Applications, OS X, as I understand it, uses sudo to do the copy, hence it prompts you for your password. However you only need sudo to *create* the directory in /Applications, which is owned by root:admin. sudo will maintain the ownership of the files it’s copying. And I’m sure the vast majority of Mac users are in this situation.

Now here’s the fun part: what do you do to fix the situation? Well, everytime you install an app you just need to open a terminal, and execute sudo chown -Rf root:admin /Application/AppYouJustInstalled.app. Unfortunately I can’t recommend this practice wholeheartedly. If you’ve ever tried to run OS X on a case sensitive file system, you’ve probably found third party apps (notably, MS Office and Photoshop), have a lot of issues — I’m worried changing ownership to root:admin would cause similar problems.

Posted in OS X, Security.

1 comment

By jtanium December 1, 2006

One Response

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

Continuing the Discussion

  1. Advocrazy » Installing Apps on your Mac linked to this post on December 1, 2006

    [...] I find it rather interesting that a blog entry was used to reply to my blog entry on Adware on the Mac. Whilst I appreciate the reply, I just hope that JTanium gets to register an account so it’d be easier for me to keep track of your suggestions and comments. [...]



Some HTML is OK

or, reply to this post via trackback.

« »