Every modern Mac has at least one admin account. It’s required in order for the user to adjust many of the machine settings. I need to enter my system password in order to change the fucking time zone, for example, or even whether I want the clock display in the menu bar to display the date. So far as I’m aware, most exploits aimed at Mac users from bad actors aim to trick the user into granting access—loading or launching dodgy code, for example—by tricking the victim into abusing his admin status and uttering “Open Sesame.” The OS will generally display a cautionary note in this event: “You sure you wanna do this, buddy?”
Of course, our naïve user has likely ventured already into some of the gamier precincts of the online world in search of smut or bootlegs, and if he is powerless to download what purports to be a torrent feed for a current blockbuster as a “standard” user, he can certainly log back in as an Übermensch. As many others have observed, it is difficult to make anything foolproof, since fools are so very resourceful and ingenious.
It will do Ashton no harm to continue going online with a standard account, as he has apparently been doing thus far. I was just surprised at how shocked he was that anyone might do otherwise. Anyway, I’ll report back on these opinions, and welcome further input.
cordially,