alt Hacker NewsIn Win, access to files are controlled by ACL when NTFS is used (dating back to NT 3.1 with NTFS). So it depends on which user runs a process.
Basic hygiene is very simple: never run as Administrator. Create and use a regular user or poweruser group user. It's similar to a regular linux practice. Use Administrator account when needed only.
Replies
halapro • today at 2:35 PM
> never run as Administrator.
Computer asks for password. I type in password.
Admin access prompts are honestly a joke even on macOS. The source is completely opaque.
➕ show 1 reply
p_ing • today at 10:48 AM
You can create a separate user, but even a user in the administrators group doesn't have an admin token until elevation.
If you trust yourself to not blindly click OK on every UAC prompt, a single user account in the admin group is fine.
GP is talking about isolation inside the current user. Recent macOS versions ask before allowing a program to access files inside Documents, Desktop, etc. Whether that helps or not is debatable, but it’s not quite the same as what Windows ACLs do out of the box. To achieve the same on Windows, one would have to run the program as a different user to which they’d selectively grant access to the folders inside their profile.