A great many Mac OS X security features revolve crucially around the concept of accounts. Although accounts in and of themselves are neutral with respect to security, they can be configured to put formidable barriers between malicious users (or software) and your computer's valuable data and resources.
So, what is an account, how does it work, and what exactly does it have to do with security?
The word account harks back to a time before personal computers, when the customary way of using a computer was for many people to share a single CPU — either by taking turns or by logging in simultaneously from simple terminals that consisted of little more than a keyboard, display (or printer), and network connection. In this sort of environment, having an account on a computer meant having permission to access it (with a username and password) and storage space for one's files and programs, which would be uniquely identified. Each user's activities could be logged, time limits and other restrictions could be put in place, and (if necessary) any user could even be billed according to the level of resource use. (Nowadays, most of us have accounts on numerous websites and other online services that amount to a similar kind of resource sharing.)
In the early days of the Mac, the concept of an account had no place. Unlike some of its predecessors, the Mac was more like an appliance. Only one person could use it at a time, and ...