Reply to Kubuntu and McAfee
manchicken at notsosoft.net
Wed Apr 25 22:09:02 UTC 2007
On Wednesday 25 April 2007 16:36:29 Mark Wallace wrote:
> >I wasn't aware that McAfee ran on Kubuntu... or was necessary...
> It doesn't that I am aware of. It installed it on the Windows partition.
> But I am taking a course in Linux this term and the professor thinks
> that, if the user is logged on in root, he is just as likely to have
> problems as someone running Windows. Once you log on in root, any
> virus could run, possibly in the background where you wouldn't be
> aware of it unless you checking to see what processes are running.
> A virus COULD sit downloaded for months or years, waiting for the
> user to log on in root, either while he was on line or off line, run
> in the background and do just as much damage.
> He felt that Kubuntu disables root log ins as much for security
> reasons as it is to make it "idiot proof."
> >~ Man-Chicken <><
> >(A)bort, (R)etry, (I)nfluence with large hammer.
> >The number of the beast - vi vi vi
> >kubuntu-users mailing list
> >kubuntu-users at lists.ubuntu.com
> >Modify settings or unsubscribe at:
> Robert Mark Wallace
> Tita P Walllace
> Regina E P Wallace
> R M Ceferino P Wallace
> 60 Delaware Road
> Newburgh, NY 12550-3802
> Telephone: (845) 566-0586
I'm not sure exactly how possible that scenario is. I'm pretty sure that the
user would have to intentionally execute something. I don't know if it could
sit downloaded for X time and then run without the knowledge of the root
In Ubuntu root login being disabled by default is for security purposes. It's
also very good for reducing confusion for those who aren't familiar with the
concept of a root user.
I would also disagree somewhat with your professor's stance that a root user
is just as likely as a windows user to fall prey to a malicious program.
With any UNIX system, the processes that get started at boot-up are pretty
easy to tell. There's not a start-menu and then 15 different registry
settings that could set it off. Something would have to set itself in the
runlevel .d path (e.g. /etc/rc3.d). Also better process management (via
ksysguard, top, and ps) and the ability to absolutely terminate a program
(such as kill -9) makes it a lot easier to kill programs that are out of
control. Those two things make cleaning up the mess much easier.
I suppose that it technically is as possible to obtain a malicious program
when running as root, but it is far less likely due to things like firewalls,
oodles of peer-review in code, and web browsers and mail clients that don't
allow arbitrary execution of code as a "feature."
There are also quite a few things you can do to greatly reduce the likelihood
of your computer leaving your control. Number one on that list is never
perform any insecure network tasks (e.g. browsing, instant messaging, IRC,
remote email) as root.
~ Man-Chicken <><
(A)bort, (R)etry, (I)nfluence with large hammer.
The number of the beast - vi vi vi
More information about the kubuntu-users