Single User-mode why it's bad.

Single user-mode explained

Single user-mode is the method of managing a computer without using a least privilege principle what that means is you should have enough permissions to do what you need to do, but nothing else, running in single user-mode is a danger to your data protection and your systems integrity.

Windows Protection measures (UAC)

You may ask why? It's convenient and easy why is it a problem? in single user-mode you have administrator level permission now the reason this is a problem is when you have your operating system running in admin / root mode always any malware that attempt to execute will inherit the permissions your admin account has, so in the context of windows if UAC (User Account Control) which prompts for "elevation" by requiring you to click "yes", this leads to the inheritence of all the permissions as an admin account you have, being passed onto the application requesting that elevation.

MacOS GateKeeper is a bit like UAC

MacOS does do a pretty good job of protecting the user through various security features like XProtect and GateKeeper gatekeeper is kind of like UAC, but even stricter with it's policy control, GateKeeper keeps a signature database of application hashes and "trusted" signatures XProtect keeps a signature database of potential malware and remediates the malware, however XProtect and GateKeeper cannot protect you from everything, but to "shoot yourself in the foot" with MacOS you must jump through a lot more hoops to get it do it, windows is commonly more targetted overall purely due to market share. It should be noted MacOS and Windows both have object access control measures, windows does in fact have something similar to GateKeeper called AppLocker, which enforces the kinds of applications which can be run on a system in a similar manner. If the admin account is all you use this means there is no checks before an application is run as admin, and launching an admin level process is incredibly easy at this point, it also means if an app has an exploit that does not give direct access to the admin account can easily perform something called privilege escalation which in the context of computer hacking is like going into a club and forging your identity as a bouncer, and you can allow or stop anyone you see fit.

Risks associated with unrestricted access

As a result the ability to control anyone coming into the club, call these programs, allows any malware to perform anything with FULL permissions which is also what your admin account has the authority to do, what does full permissions allow? Everything a few examples.

• Create registry entries anywhere

• Delete system processes and applications

• Stop services

• Run any form of code, application or script

• Modify system permissions and file permissions

• Hide files, modify files on mass (Favorite of ransomware)

Protecting your system with one step

Don't use single user mode always use a standard account on every system you use, when you can enable setup on windows a standard account and the same can be done on MacOS. Using this least privilege configuration can mitigate the damage caused by malware quite significantly. Microsoft UAC https://learn.microsoft.com/en-us/windows/security/application-security/application-control/user-account-control/ Microsoft AppLocker https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview

MacOS GateKeeper https://support.apple.com/en-us/102445