basic - continued

[Odd]

Knapp wrote:
>>> Yes, but as pointed out in the link, you don't need it to get the
>>> user's list of contacts or his bank account and even other uses like
>>> zombies do not seed SU on a machine used by one users as most home
>>> desktop machines are.
>> That is true, but at least a rootkit can't be installed. Anyway, I suppose
>> we'll need antivirus on Linux too, if regular users without the technical
>> knowhow starts using it in large numbers.
>>
>> --
>> Odd
> 
> True, but does it matter?

Not to me, though it would be bad if even more botnets popped up.

> I could see it mattering if you ran a system
> with many users, like at a big firm but for most of us, user = super
> user for 99% of what we do with the computer. I also don't think it
> would be to heard to do as the article stated and link in a password
> stealer between programs that the users expects to type a password
> into.

Well, for big companies and such, they would certainly run SELinux
or something like it, to lock down what users could or couldn't do.

> This is how  I hacked Western Washington University's mainframe
> computer back in the early 80s. I got LOTS of user names and passwords
> and all I could do was send them to the printer in the corner. I would
> just go in and start MY sign in program on all the terminals and then
> leave. Come back 2 hours later and get the names and passwords. My
> program looked just like the password program and it dumped the user
> into the real password program seamlessly. I just told the user that
> they failed the password the first time.

I get your point. On Windows there are solutions to stop keyboard
sniffers. We'll need something similar on Linux. But as long as users
only download software from official repositories, it will help a lot.

-- 
Odd