A little OSX security tip

The administrator designated user is by default the first user created on an OSX system.
In many cases you probably only have one user on the system and in that case this account will have administrator privileges. Whilst administrator privileges are not complete 'root' privileges it does hold enough power to do serious damage.

Most of the so called OSX 'viruses' are actually trojan horses that are executed by an unsuspecting user. The most famous one was a bash script named like an image file and then given a picture icon (so when the user opened it the malicious script was run).

The easiest way to protect yourself from all of this is to create an admin account with administrator privileges and then take away administrator privileges from your everyday users. This will ensure that even if you accidentally run a trojan or just a malicious application it won't be able to cause any real harm (though it would still be possible to delete all your personal data files). Whenever a system modification is about to take place the authentication box will popup asking for the administrator username/password. This is a nice warning message to you that a system change is going to take place and a deterrent to those users who are not supposed to be making system changes (like kids wanting to install games or p2p clients).

It is a nice security blanket and something Apple should really consider doing by default (but I guess they are more concerned about ease of use). If you ever need true root privileges to edit system details (like files in /etc/) open the Terminal and do the following:

su admin [enter]
(change from your account to the admin)
sudo sh [enter]
(open an sh terminal prompt with root privileges, you'll then be able to make any edits you like)

In both cases you'll need to enter the admin password as the sudo command is only available to the user designated as the administrator on the computer. It is possible to edit the sudo configuration file and add a specific non-administrator user to the list of allowed users but it is a lot easier (and a little bit more secure) not to do this.