Mac Tips Daily! #66 - Tracing Authentication Requests

Whenever a modification is being made to you Mac, it prompts you to authenticate, and enter your Admin password. This should not be taken lightly. It asks you to authenticate for a reason -- to protect you. Now, if you are opening a known program, and you expect it to ask for authentication, you are generally safe, if you have gotten the program from a reputable source. However, if you are just using your computer, not installing anything.. and are prompted to Authenticate...well, you need to take a look and see what is going on before you do. You need to determine what is accessing you machine, and if it is a security threat or not. Here is how to do it: When prompted to authenticate, OS X let's you know exactly what is asking for Admin privileges.


Notice the 'triangle' that points to 'Details'. Click on the triangle, and it will expand another box.


Technorati Tags: , , , , , , ,

Notice the 'Requested Right: system.install.root.user'. This example wants root control of your machine. Be suspicious if you don't expect it. Notice the 'Application: INSTALLER'. This is the OS X install program, and it is used to install some programs on your mac, such as software updates. Click on it.


Now you can see the exact path, and trace down the program that is trying to execute. The path goes from top to bottom. /Applications/Utilities/Installer