Ubuntu Boot Up Logo: re malware

Custom custom at freenet.de
Fri Jun 24 02:31:24 UTC 2005


Iosif Chatzimichail wrote:

> MacOSX is based on BSD but people found a way to full the user and 
> display ads on the desktop using widgets. So you understand, you can do 
> your homework, make a great OS, but still if the end user is not careful 
> enough you'll still have trouble.

Yup.. All it takes really is for the user to enter the root password, 
which, for Ubuntu, is conveniently the same as the user's password by 
default. Even if the malicious application would ask to define a NEW 
password for its own use, whole hordes of users would use the same 
password they use to log in... which is...  yup.  From that moment on, 
the malicious app can do absolutely anything.

All that stands in the way of total desctruction is a user who should 
not enter his (root) password at the wrong time..  Currenly that doesn't 
  happen because the average Linux user knows too much and is too 
careful.  But you know it WILL happen at some point in the future.

(Say, pop up a copy of something that looks like the screen saver 
unlock, or the login screen..  How many users will just enter their 
username and password then?)

Of course things can be done to make things more secure, at that time. 
And of course that will be easier to do on a Linux based system than it 
currently is on Windows.

Cheers,
Chanchao




More information about the ubuntu-users mailing list