Anti Virus, now Anti Spy-ware

Steve Lamb grey at dmiyu.org
Wed Jun 18 17:51:58 UTC 2008 

On Wed, June 18, 2008 10:11 am, Nils Kassube wrote:
> While I don't generally disagree with this argument, I think on a
> workstation it could be a big problem already if the malware would "only"
> access the user area.

    But this is hardly an issue compared to having system privileges.

> A malicious program could be accidentally installed
> by the user and run at login with the user's privileges.

    Which login?  As I posted elsewhere I have XFCE, Gnome, KDE3 and KDE4
all installed.  Just taking Ubuntu's make variants, any malicious
software that is limited to user space would have to somehow inject
itself into 4 different "logins" to cover a user since it can't touch
the system boot-up scripts in /etc.

> It wouldn't be a great problem to reinstall the OS within a reasonable time.

    This is where you make the mistake of equating Windows threats with
Linux.  If one's user space is infected one doesn't need to reinstall
the OS.  One simply need a different user account, elevate to root,
remove the infection.  I only say a different user account because one
has to presume the current one is compromised.  One of the pitfalls of
Ubuntu's policy of a non-functional root password.  No way to get into
root without a non-compromised normal user.  But I digress.  The point
is that cleanup is exceptionally easy by comparison.

> But if a malicious program only modifies my personal files it would
> probably take some time until I notice. Then I can only hope that I still
> have a backup of the files from before the malicious program was somehow
> installed.

    That is a user process and one many people fail at.  Myself included. 
My point isn't that it couldn't happen.  It can.  It might yet still
happen.  My point was that since there is such a strong division between
user and system privileges any such infection is trivial to remove
because simply logging in from a different user prevents the infection
from running and engaging in any self-defense measures that are now so
common with malicious code on Windows.  It also prevents the infection
from burrowing itself into the system's core.  To do all of that
requires obtaining elevated privileges which is several magnitudes
harder than on Windows.

-- 
Steve Lamb

More information about the ubuntu-users mailing list