Virus Issue 2

Matthew S-H mathbymath at aol.com
Fri Mar 25 21:35:09 UTC 2005 

You're starting to sound like you've been reading up too much on 
Ontological Security, hehe.  Almost like a 1984 type of thing...  Just 
kidding.
Not running as root doesn't prevent all attacks.  If someone has the 
time to test out all possible passwords, they can do just about 
anything.  However, that can take a long time (especially if the system 
provides a 3-4 second delay after the third consecutive attempt to log 
in).
However, not running as root provides a lot more security.  True, this 
is relative, but its better than nothing.  If you get a simple virus 
script (like something that just recursively deletes directories), it 
will probably not run properly if its not run as root.  *nix is rather 
secure in this respect.  However, if you're running as root, a simple 
script can do ANYTHING it wants.  Also, people who are new to linux are 
more likely to "mess things up" if running as root.  After all, the 
good ol' "rm -R /" will do wonders to mess up your system.  If you 
don't use root, the only thing you can do simply (provided you don't 
use sudo/su/gksudo/gksu to gain root privs) is delete your own files.  
This can greatly affect you and your home directory (especially if you 
don't have backups).

Just my $0.02.


~Matt



On Mar 24, 2005, at 10:50 AM, René L. Reingard wrote:

>
> Hi Joachim
>
> Good what you mentioned.
>
>> 1. Don't work as root.
>> 2. Keep your system up to date.
>> 3. Think before you klick.
>
> what are the benefits - regarding protection of your system - when not 
> working as root?
>
> question:
>
> a.) if working as a simple user, a virus attacks only a specific part 
> of the system? yes OR no?
> b.) if working as a simple user, hanging in the world wide web, the 
> root can not become exploit by anyone? yes OR no?
>
> what we realy know about viruses, trojans and others? are the ones we 
> know, not allways somewhat the tip of the iceberg? the iceberg of what 
> is truly possible?
>
> questions:
>
> c.) could it not be true, that much more powerful attacks are 
> possible, unknown to our limited thinking?
> d.) what about a virus, trojan or whatever, allready on your machine, 
> hidden and unknown to you, which has the power to take over control of 
> your system, when he likes?
>
>
> interested to think more on that.
>
> kind regards,
> René
>
>
>
> +++ Erstellt mit Operas revolutionärem E-Mail-Modul: 
> http://www.opera.com/m2/
>
> -- 
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 2553 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050325/c1577024/attachment.bin>

More information about the ubuntu-users mailing list