Java Mailing List Archive

http://www.redhatconfig.com/

Home » Ubuntu Technical Support »

Re: Anti Virus, now Anti Spy-ware

Dick Dowdell

2008-06-18

Replies: Find Java Web Hosting

Author LoginPost Reply


On Wed, Jun 18, 2008 at 1:51 PM, Steve Lamb <grey@dmiyu.org> wrote:
On Wed, June 18, 2008 10:11 am, Nils Kassube wrote:
> While I don't generally disagree with this argument, I think on a
> workstation it could be a big problem already if the malware would "only"
> access the user area.

   But this is hardly an issue compared to having system privileges.

> A malicious program could be accidentally installed
> by the user and run at login with the user's privileges.

   Which login?  As I posted elsewhere I have XFCE, Gnome, KDE3 and KDE4
all installed.  Just taking Ubuntu's make variants, any malicious
software that is limited to user space would have to somehow inject
itself into 4 different "logins" to cover a user since it can't touch
the system boot-up scripts in /etc.

> It wouldn't be a great problem to reinstall the OS within a reasonable time.

   This is where you make the mistake of equating Windows threats with
Linux.  If one's user space is infected one doesn't need to reinstall
the OS.  One simply need a different user account, elevate to root,
remove the infection.  I only say a different user account because one
has to presume the current one is compromised.  One of the pitfalls of
Ubuntu's policy of a non-functional root password.  No way to get into
root without a non-compromised normal user.  But I digress.  The point
is that cleanup is exceptionally easy by comparison.

> But if a malicious program only modifies my personal files it would
> probably take some time until I notice. Then I can only hope that I still
> have a backup of the files from before the malicious program was somehow
> installed.

   That is a user process and one many people fail at.  Myself included.
My point isn't that it couldn't happen.  It can.  It might yet still
happen.  My point was that since there is such a strong division between
user and system privileges any such infection is trivial to remove
because simply logging in from a different user prevents the infection
from running and engaging in any self-defense measures that are now so
common with malicious code on Windows.  It also prevents the infection
from burrowing itself into the system's core.  To do all of that
requires obtaining elevated privileges which is several magnitudes
harder than on Windows.

--
Steve Lamb


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users


Pardon my failure to understand the invulnerability of Linux.  I've only been doing this for 36 years.  Yes, it is harder to crack into a Linux or Unix system.  It is, however, not impossible.  Anyone who underestimates the power of greed is naive.   Right now, the cost vs. return equation promotes Windows as a target.  Some of you may have noticed that Vista has been hardened quite a bit more than XP.  Windows will not remain an easy target.

If you're attacked through your browser, your user space can be compromised.  If your user space is compromised and you use sudo or su, root privileges could ultimately be compromised.  As the power of browsers increases, so does their vulnerability. Attaching malicious code to a browser plug-in could cause a severe decrease in your bank account or a serious increase in your credit card balance---without even touching Linux.

There's a big bad world out there and Linux will not always be a reasonable safe haven.

Regards,
Dick


--
Regards,
Dick Dowdell
508-498-7919/508-528-4018
--
ubuntu-users mailing list
ubuntu-users@(protected)
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
©2008 redhatconfig.com - Jax Systems, LLC, U.S.A.