Reply to Kubuntu and McAfee

Man-Chicken manchicken at notsosoft.net
Wed Apr 25 22:09:02 UTC 2007 

On Wednesday 25 April 2007 16:36:29 Mark Wallace wrote:
> >I wasn't aware that McAfee ran on Kubuntu... or was necessary...
>
> It doesn't that I am aware of.  It installed it on the Windows partition.
>
> But I am taking a course in Linux this term and the professor thinks
> that, if the user is logged on in root, he is just as likely to have
> problems as someone running Windows.   Once you log on in root, any
> virus could run, possibly in the background where you wouldn't be
> aware of it unless you checking to see what processes are running.
>
> A virus COULD sit downloaded for months or years, waiting for the
> user to log on in root, either while he was on line or off line, run
> in the background and do just as much damage.
>
> He felt that Kubuntu disables root log ins as much for security
> reasons as it is to make it "idiot proof."
>
> >--
> >~ Man-Chicken <><
> >(A)bort, (R)etry, (I)nfluence with large hammer.
> >The number of the beast - vi vi vi
> >
> >--
> >kubuntu-users mailing list
> >kubuntu-users at lists.ubuntu.com
> >Modify settings or unsubscribe at:
> >https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
>
> Robert Mark Wallace
> Tita P Walllace
> Regina E P Wallace
> R M Ceferino P Wallace
> 60 Delaware Road
> Newburgh, NY 12550-3802
> Telephone: (845) 566-0586

I'm not sure exactly how possible that scenario is.  I'm pretty sure that the 
user would have to intentionally execute something.  I don't know if it could 
sit downloaded for X time and then run without the knowledge of the root 
user.

In Ubuntu root login being disabled by default is for security purposes.  It's 
also very good for reducing confusion for those who aren't familiar with the 
concept of a root user.

I would also disagree somewhat with your professor's stance that a root user 
is just as likely as a windows user to fall prey to a malicious program.  
With any UNIX system, the processes that get started at boot-up are pretty 
easy to tell.  There's not a start-menu and then 15 different registry 
settings that could set it off.  Something would have to set itself in the 
runlevel .d path (e.g. /etc/rc3.d).  Also better process management (via 
ksysguard, top, and ps) and the ability to absolutely terminate a program 
(such as kill -9) makes it a lot easier to kill programs that are out of 
control.  Those two things make cleaning up the mess much easier.

I suppose that it technically is as possible to obtain a malicious program 
when running as root, but it is far less likely due to things like firewalls, 
oodles of peer-review in code, and web browsers and mail clients that don't 
allow arbitrary execution of code as a "feature."

There are also quite a few things you can do to greatly reduce the likelihood 
of your computer leaving your control.  Number one on that list is never 
perform any insecure network tasks (e.g. browsing, instant messaging, IRC, 
remote email) as root.

-- 
~ Man-Chicken <><
(A)bort, (R)etry, (I)nfluence with large hammer.
The number of the beast - vi vi vi

More information about the kubuntu-users mailing list