OS X Blizzard asks for admin privileges?

[HunPro]

Weird.

I was trying to install the starter edition of Starcraft 2 just to do some benchmarking, and the installer asked for administrator privileges.

I said no.

I expected a greater uproar from the community, but barely found any posts.

I mean, games should be games, they shouldn't ask for these privileges.

It's unacceptable, invasive and dangerous. There's no explanation on why I should allow their agent to have admin rights.

 

[Cougarcat]

That's pretty normal for an installer. It's not dangerous. It's required when anything is installed outside your user folder.

 

[chrono1081]

Weird.

I was trying to install the starter edition of Starcraft 2 just to do some benchmarking, and the installer asked for administrator privileges.

I said no.

I expected a greater uproar from the community, but barely found any posts.

I mean, games should be games, they shouldn't ask for these privileges.

It's unacceptable, invasive and dangerous. There's no explanation on why I should allow their agent to have admin rights.

Anything you install is going to ask you for your username and password to be entered. It's so someone can't up and install something without you knowing about it.

There's no way for a game to install everything it needs (which is a lot) without these permissions.

 

[antonis]

It tries to install the game under /Applications (which of course is outside your home folder), hence a user verification is needed. If it didn't ask for that, everything would be installed somewhere under your home folder and would be available only for the current user.

 

[HunPro]

It tries to install the game under /Applications (which of course is outside your home folder), hence a user verification is needed. If it didn't ask for that, everything would be installed somewhere under your home folder and would be available only for the current user.

Well, it would be better if it would install under ~/Applications.

I'll try to manually create the .app folder, and give it access for my user, maybe that will help.

Thanks!

 

[antonis]

Well, it would be better if it would install under ~/Applications.

I'll try to manually create the .app folder, and give it access for my user, maybe that will help.

Thanks!

Be careful, though, as you might create security holes where they do not exist by default. The confirmation pop-up window is actually a security enhancement, rather than something that it should make you nervous. Normally, you don't want to compromise that.

 

[thekev]

This is typical for a lot of applications, especially when custom permissions are required. How have you never seen this before?

 

[MH01]

Its normal behaviour in installing applications, as others have stated in the thread.

 

[HunPro]

So the problem is that it wants to install to /Applications.

Which makes sense if it's a multi-user Mac. Or not, because you need Battle.net accounts.

Anyway, somehow I managed to launch an install that let me choose a folder, and I installed it to ~/Applications, so root access wasn't necessary.

 

[antonis]

Or not, because you need Battle.net accounts.

No worries about that. Unix architecture (as OS X is) allows you to keep an application installed on a common place (e.g. /Applications) while its user settings are always stored in each user's home. That way, several users can run the same application e.g. battle.net client, and everyone will have his personal separated settings, totally safe from the others.

 

[HunPro]

No worries about that. Unix architecture (as OS X is) allows you to keep an application installed on a common place (e.g. /Applications) while its user settings are always stored in each user's home. That way, several users can run the same application e.g. battle.net client, and everyone will have his personal separated settings, totally safe from the others.

The problem is that I don't trust Blizzard. I don't like daemons and other bloatware that companies in this era feel entitled to install in the background. Even if it's for anonymous reporting to "enhance my experience".

One reason to choose Apple is because one values his own privacy. I even pay for e-mail hosting, $4 a month worth not having Google's eyes on my private e-mail.

Giving a blank root access is not an option if an installer is involved. I have no problem with giving root access to copy a single .app folder to /Applications.

Anyway, somehow I managed to get a prompt while installing SC2 for a target folder, and I choose ~/Applications.

 

[Cougarcat]

The problem is that I don't trust Blizzard. I don't like daemons and other bloatware that companies in this era feel entitled to install in the background. Even if it's for anonymous reporting to "enhance my experience".

One reason to choose Apple is because one values his own privacy.

Why don't you trust Blizzard? They are one of the most well established gaming companies in existence. But in any case, you don't need to trust blizzard because Unix will worry about it for you. You're being paranoid.

And you probably know this already, but Apple itself sends anonymous diagnostics by default in iOS and OS X.

 

[HunPro]

Why don't you trust Blizzard? They are one of the most well established gaming companies in existence. But in any case, you don't need to trust blizzard because Unix will worry about it for you. You're being paranoid.

And you probably know this already, but Apple itself sends anonymous diagnostics by default in iOS and OS X.

Unix will not worry about me, if I give an installer root privileges, it can do whatever it wants. It's an installer, so I have no idea what it does in the background. I can't limit its operations to a folder. But I know that there's no reason for it to modify anything anywhere, this is a game after all.

Blizzard, just like any other gaming company feels entitled to screw their paying customers over in the name of stopping piracy. Needing a continuous uninterrupted internet connection to play single player is not enhancing my experience in any way.

Sony was one of the most established tech companies in 2000, and over the next few years they did some nasty stuff to their customers. Rootkit, anyone?

Lenovo is a well established brand, ThinkPad is a well established brand, and yet they shipped their laptops with dangerous crapware.

Don't underestimate corporate cynicism in a world of Android flashlight apps that ask for total access to all of your data, and yet they are downloaded by hundreds of millions of users.

 

[dollystereo]

Unix will not worry about me, if I give an installer root privileges, it can do whatever it wants. It's an installer, so I have no idea what it does in the background. I can't limit its operations to a folder. But I know that there's no reason for it to modify anything anywhere, this is a game after all.

Blizzard, just like any other gaming company feels entitled to screw their paying customers over in the name of stopping piracy. Needing a continuous uninterrupted internet connection to play single player is not enhancing my experience in any way.

Sony was one of the most established tech companies in 2000, and over the next few years they did some nasty stuff to their customers. Rootkit, anyone?

Lenovo is a well established brand, ThinkPad is a well established brand, and yet they shipped their laptops with dangerous crapware.

Don't underestimate corporate cynicism in a world of Android flashlight apps that ask for total access to all of your data, and yet they are downloaded by hundreds of millions of users.

I couldn't agree more!
+1
By the way, I wouldn't trust apple. Paying for the mail is not enough, you should crypt.

 

[garirry]

Unix will not worry about me, if I give an installer root privileges, it can do whatever it wants. It's an installer, so I have no idea what it does in the background. I can't limit its operations to a folder. But I know that there's no reason for it to modify anything anywhere, this is a game after all.

Blizzard, just like any other gaming company feels entitled to screw their paying customers over in the name of stopping piracy. Needing a continuous uninterrupted internet connection to play single player is not enhancing my experience in any way.

Sony was one of the most established tech companies in 2000, and over the next few years they did some nasty stuff to their customers. Rootkit, anyone?

Lenovo is a well established brand, ThinkPad is a well established brand, and yet they shipped their laptops with dangerous crapware.

Don't underestimate corporate cynicism in a world of Android flashlight apps that ask for total access to all of your data, and yet they are downloaded by hundreds of millions of users.

You have a point, although that's not exactly it works. Blizzard is a stand-alone game company which is CONFIRMED to not have any malware installed on it. Companies like Lenovo, Dell, etc. have those "crapware" because stupid companies like McAffee and Yahoo! are promoting their products and paying them to do this. You can safely install those games, I can assure you that. The password confirmation is like the security question thing in Windows Vista and further.

 

[Huntn]

It's said for security that you should always function in Windows in a non-admin account. It will alert you if something sneaky is going on when the request for admin permission pops up, if it's not something you have initiated. For program installs this will happen. Check out your Windows security settings which are variable.

 

[Naio]

The Agent for Battle.net is a root user. Not sure if I understand why that is necessary...

 

[macRumor1231]

The problem is that I don't trust Blizzard. I don't like daemons and other bloatware that companies in this era feel entitled to install in the background. Even if it's for anonymous reporting to "enhance my experience".

One reason to choose Apple is because one values his own privacy. I even pay for e-mail hosting, $4 a month worth not having Google's eyes on my private e-mail.

Giving a blank root access is not an option if an installer is involved. I have no problem with giving root access to copy a single .app folder to /Applications.

Anyway, somehow I managed to get a prompt while installing SC2 for a target folder, and I choose ~/Applications.

Hi HunPro!

Can't agree more with your arguments.
As a computer scientist I'm also concerned about the installer requiring root priviledges.
How did you manage to get that prompt, where you could choose the target folder?

I know it's been some days since your posting, but I can't find that solution.
Thanks in advance!

Cheers,
Chris

 

[wubsylol]

Games require write access to their own folders in /Applications/ so they won't run or install correctly as non-admin users.
The launcher only installs things into your home dir, /Applications/, and /Users/Shared, and none of those should require your password.

If you're being asked, sounds like you have other permissions issues.

The Agent for Battle.net is a root user. Not sure if I understand why that is necessary...

What do you mean? Agent runs as you.

 

[T'hain Esh Kelch]

Well, it would be better if it would install under ~/Applications.

Hell no. macOS is a multiuser system at its core. I loathe whenever installers install anything into that folder.

Anyway, somehow I managed to launch an install that let me choose a folder, and I installed it to ~/Applications, so root access wasn't necessary.

Putting in your admin password does *not* grant root privileges.

 

[Janichsan]

Holy necro, Batman!

 

[dmelgar]

Putting in your admin password does *not* grant root privileges.

Putting in your admin password CAN grant root privileges without your knowledge. Provide a link to prove otherwise.
Once admin password is given during an install, it can escalate to root and do anything on the system including installing a rootkit which is undetectable. This type of behavior may be typical for games in the Windows world but it is unnecessary and a dangerous pattern on a Mac. This creates a potential attack vector to an otherwise secure system.

 

[Cougarcat]

Putting in your admin password CAN grant root privileges without your knowledge. Provide a link to prove otherwise.
Once admin password is given during an install, it can escalate to root and do anything on the system including installing a rootkit which is undetectable. This type of behavior may be typical for games in the Windows world but it is unnecessary and a dangerous pattern on a Mac. This creates a potential attack vector to an otherwise secure system.

I thought this debate was settled...anyway, root isn’t even enabled by default, and requires specific steps to do so. And since Apple introduced System Integrity Protection in 10.11, even root doesn’t have unfettered access to the system anymore. See https://support.apple.com/kb/PH26295?viewlocale=en_US&locale=en_US

 

[antonis]

Putting in your admin password CAN grant root privileges without your knowledge. Provide a link to prove otherwise.
Once admin password is given during an install, it can escalate to root and do anything on the system including installing a rootkit which is undetectable. This type of behavior may be typical for games in the Windows world but it is unnecessary and a dangerous pattern on a Mac. This creates a potential attack vector to an otherwise secure system.

'sudo' is not a windows command nor it was invented by microsoft, though. It is common for an application to ask for privilege esclatation on mac as well, when they need to write on specific directories or install a service, or both. Lots and lots of respected and famous applications do than on mac. The risk of being used in a negative way from a shady application is the same as it is on the windows side. It still relies on the user.
[doublepost=1507960098][/doublepost]

I thought this debate was settled...anyway, root isn’t even enabled by default, and requires specific steps to do so. And since Apple introduced System Integrity Protection in 10.11, even root doesn’t have unfettered access to the system anymore. See https://support.apple.com/kb/PH26295?viewlocale=en_US&locale=en_US

Indeed, root account is not enabled by default (actually it is, it just has a random password that needs to be changed and you're good to go). But 'sudo' does not need root account to be enabled to work, that's the whole purpose of the command itself anyway.

Rootless feature prevents indeed an app to write on specific system folders or modify specific OS binaries, but it does not prevent it from doing something equally bad like install a backdoor service, a malware etc.