I've always run as non-admin, what OS X calls a Standard user.
When I first started doing this (about 10 years ago) I ran into some problems if I attempted to authenticate from a standard user to an admin user when trying to do sys admin stuff. I'd get weird permission errors.
So now when I want to do admin stuff like install software, I don't attempt it as a standard user. I simply log in to the admin account and install from there. Also I always log in to admin account when doing software updates such as for Firefox.
If you adopt this mindset it's really very simple to stick to it, and it's hardly much of an inconvenience. At least not for me, I'm not installing software every day.
Also when I'm about to visit a dodgy website or run some suspect software I log in to the Guest user account. That doesn't protect against local root escalation, but at least it's something. Then when I log out, I hopefully leave my problems behind.
Finally I maintain yet another account solely for accessing my financial sites. That way if my day-to-day account gets compromised, I still have a modicum of protection.
I really should use a separate machine solely for financial transactions. But I don't. I doubt if even 1% of people do. Any old machine should work, no matter how slow, because it's not used very often.
> I really should use a separate machine solely for financial transactions. But I don't. I doubt if even 1% of people do. Any old machine should work, no matter how slow, because it's not used very often.
I think it has more potential for danger since it is not going to be used often, you would lack the security updates that might leave the computer vulnerable (e.g. shellshock). You might do all the updates before doing any transaction which is very troubling to wait for. But depending on the attack surface, there might be a window for attack between you connect to the internet and do the updates.
One example is you could have get attacked via shellshock from a malicious / infected router over DHCP.
> I've always run as non-admin, what OS X calls a Standard user.
Ditto. Only difficulties that come to mind are some installers failing to escalate, Adobe in particular.
Using separate accounts for dodgy and financial sites is a good idea, but I don't know if I'd stick to it. I fell out of the habit of using a separate account for building software.
If it's cumbersome, you could always edit the sudoers file to make things easier (although it's not a great idea if you're not using it often). If you do that, then you would have the best of both worlds - being able to sudo on terminal from your standard account (with or without password, as desired) while also using it with lower privileges for all GUI applications.
There are absolutely no problems with using a non-admin user account. Just better isolation, better security and a few inconveniences.
Using a standard user account was one of the things I started with on OS X after being used to the "user must be administrator" paradigm that's deeply entrenched in the Windows world for a very long time. Before Windows Vista came up with some way of UAC (User Access Control), being an administrator user on a Windows system was the least painful way to use the system. This style is still propagated even today in several companies with the latest versions of Windows.
The philosophy about being a non-admin user also ties into the UNIX-ness of OS X, and in all * NIX systems the recommendation is always to use a standard account and switch to a superuser/root account only when needed within a specific terminal for a specific task and exit out as soon as that work is done. When people on * NIX joke about "rm -rf /", there are people who remember the wounds of such experiences from real life when running as root (fortunately, I didn't have to learn from experience). :)
The "annoyances" for a standard user on OS X are that installing applications into /Applications or unlocking panels in System Preferences (if it has been configured to be that way) needs administrator credentials. And it's also required if one fancies getting into system (or protected) directories and wants to move/delete/rename/add files.
On the terminal, when needed, I switch from the standard user to the administrator account and then use sudo. It is indeed a little more cumbersome than providing sudo privileges to the standard user account, but it's not often that I need this and I don't find this inconvenience as a big waste of time.
On a lighter note, using a * NIX system as an administrator user all the time seems dirty, just like using a Windows system as a non-admin user does. :P
P.S.: Couldn't figure out a way to escape and type an asterisk followed by a non-whitespace character for the * NIX references.
I've run my OS X machines from a non-admin user for at least 5 years. I do developer-y type stuff like SSHing into Linux servers with key authentication, running a local web development environment (MAMP), installing brew applications from the command line, editing my /etc/hosts file, etc.
It all works fine. For most things, like software installs and updates, I just get prompted for admin account credentials. For a few things (brew and editing hosts file), I su to my admin account in Terminal, then run the command.
I can't remember the last time I actually logged into my admin account, though.
I do, routinely. I get occasional admin challenge dialog boxes that are easy to deal with. Once in a great while, I'll have an issue with something quite simple, like trying to save a Mail attachment to a folder in Documents, and I get a "can't do this because you don't have permission to write to etc.". Annoying, but happens rarely and so far has always been fixable with a reboot.
