Anti Virus, now Anti Spy-ware

Wed Jun 18 18:26:44 UTC 2008

On Wed, Jun 18, 2008 at 1:51 PM, Steve Lamb <grey at dmiyu.org> wrote:

> On Wed, June 18, 2008 10:11 am, Nils Kassube wrote:
> > While I don't generally disagree with this argument, I think on a
> > workstation it could be a big problem already if the malware would "only"
> > access the user area.
>
>     But this is hardly an issue compared to having system privileges.
>
> > A malicious program could be accidentally installed
> > by the user and run at login with the user's privileges.
>
>     Which login?  As I posted elsewhere I have XFCE, Gnome, KDE3 and KDE4
> all installed.  Just taking Ubuntu's make variants, any malicious
> software that is limited to user space would have to somehow inject
> itself into 4 different "logins" to cover a user since it can't touch
> the system boot-up scripts in /etc.
>
> > It wouldn't be a great problem to reinstall the OS within a reasonable
> time.
>
>     This is where you make the mistake of equating Windows threats with
> Linux.  If one's user space is infected one doesn't need to reinstall
> the OS.  One simply need a different user account, elevate to root,
> remove the infection.  I only say a different user account because one
> has to presume the current one is compromised.  One of the pitfalls of
> Ubuntu's policy of a non-functional root password.  No way to get into
> root without a non-compromised normal user.  But I digress.  The point
> is that cleanup is exceptionally easy by comparison.
>
> > But if a malicious program only modifies my personal files it would
> > probably take some time until I notice. Then I can only hope that I still
> > have a backup of the files from before the malicious program was somehow
> > installed.
>
>     That is a user process and one many people fail at.  Myself included.
> My point isn't that it couldn't happen.  It can.  It might yet still
> happen.  My point was that since there is such a strong division between
> user and system privileges any such infection is trivial to remove
> because simply logging in from a different user prevents the infection
> from running and engaging in any self-defense measures that are now so
> common with malicious code on Windows.  It also prevents the infection
> from burrowing itself into the system's core.  To do all of that
> requires obtaining elevated privileges which is several magnitudes
> harder than on Windows.
>
> --
> Steve Lamb
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>

Pardon my failure to understand the invulnerability of Linux.  I've only
been doing this for 36 years.  Yes, it is harder to crack into a Linux or
Unix system.  It is, however, not impossible.  Anyone who underestimates the
power of greed is naive.   Right now, the cost vs. return equation promotes
Windows as a target.  Some of you may have noticed that Vista has been
hardened quite a bit more than XP.  Windows will not remain an easy target.

If you're attacked through your browser, your user space can be
compromised.  If your user space is compromised and you use sudo or su, root
privileges could ultimately be compromised.  As the power of browsers
increases, so does their vulnerability. Attaching malicious code to a
browser plug-in could cause a severe decrease in your bank account or a
serious increase in your credit card balance---without even touching Linux.

There's a big bad world out there and Linux will not always be a reasonable
safe haven.

Regards,
Dick

-- 
Regards,
Dick Dowdell
508-498-7919/508-528-4018
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20080618/d94ca767/attachment.html>