Anti Virus, now Anti Spy-ware

Bart Silverstrim bsilver at chrononomicon.com
Wed Jun 18 19:44:40 UTC 2008 

Nils Kassube wrote:
> Steve Lamb wrote:
>> On Wed, June 18, 2008 10:11 am, Nils Kassube wrote:
>>> While I don't generally disagree with this argument, I think on a
>>> workstation it could be a big problem already if the malware would
>>> "only" access the user area.
>>     But this is hardly an issue compared to having system privileges.
> 
> If you look at it from the admin point of view, you are absolutely right. 
> But Ubuntu is often installed on a single user's machine where the 
> valuable data are inside the home directory of that user. So the valuable 
> part isn't protected from an attack.

I heard a wonderful analogy that seems to fit the situation. A guy 
starts a restaurant, and in designing it, he thinks about what could 
happen or go wrong. You have diners, and they'll have knives for eating 
their steak, and one of those diners could be a criminal and will attack 
other diners with the knife, so he puts the tables inside cages for the 
diners to sit in and keep everyone safe.

What is in your directory that would be targeted for attack and wouldn't 
go unnoticed?

Today's "attackers" are trying to:
steal your identity
reuse your computer and its' connection for resending spam.
...what else?

They don't typically trash your data, since that is counterproductive in 
their quest to spread and control your computer.

I'm all for backups, and I'm not saying it's not possible. I'm saying 
that this is beginning to sound almost paranoid in what is possible vs. 
an actual realistic scenario.

It could get into the user's files. I can also delete my entire drive 
with a fingerslip using sudo rm -fr /. Is that a vulnerability, the 
ability to wipe my drive by not thinking about what I'm doing? What does 
it if I email a script with that command in it and the instructions, 
"save this, open a terminal, type chmod +x <filename>, then sudo 
coolscript.sh! Sit back and wait about thirty seconds and reboot, and 
dude, you're computer will be SOOO COOL!", and some idiot actually ran it?

Ubuntu sucks! It let me wipe my drive!

:-)

More information about the ubuntu-users mailing list