create a boot-able disk from an iso file

Wed Jan 12 11:05:05 UTC 2011

On 12/01/11 10:00, Nils Kassube wrote:
> Joep L. Blom wrote:
>> On 11/01/11 23:42, Nils Kassube wrote:
>>> I think root access isn't necessary at all for doing serious
>>> damage. For a "normal user" like me, the most valuable data are
>>> stored in my home directory and malware running with my privileges
>>> can delete all those files. That would probably be the greatest
>>> damage that could be done to my system.  Furthermore, as a normal
>>> user the malware can start applications e.g. to join a botnet and
>>> send spam mails. That would also be a major damage, this time for
>>> the network, not for my machine. And again root access isn't
>>> necessary.
>>
>> I tend to disagree. Malware has to enter. This of course can occur
>> via port 80. However, to run a program an execute command must be
>> given and the executable bit must be set. You can install as many
>> programs as you want but a program that is not installed by you can
>> not run as you and therefore cannot damage your home directory.
>
> I tend to disagree as well. How does malware get into a Windows system?
> Usually there is a vulnerability of the browser or email client or
> whatever. The same is possible with Linux / Unix programs. Granted,
> clicking on an email attachment under Linux usually isn't as dangerous
> as it is under Windows because it isn't automatically executable.
How? U agree java-beans and other java snippets have the possibility to 
execute but in their own memory-segment but can contain malwar. 
Therefore it is good practice to block it (an add-on for Firefox) and 
only allow it if you are sure it contains no malware.
>
> But we all know that programs like Adobe reader and flash player are a
> major target of malware and the security holes found in those two alone
> often are exploitable for Linux as well. If I stumble upon a malicious
> website with a flash exploit targeted at Linux systems, the malicious
> code runs with my privileges and I don't see why it can't install
> something permanently which is executable and which is run at every
> startup of my KDE or Gnome session. Something like "tar xfz malware.tgz"
> inside the exploit code should suffice.
Again, block flash and only allow films you're reasonably sure they are 
safe or use only Adobe for reading .PDF-files.
It is as with your house, of course somebody can knock on your door with 
malicious intent, but you can keep him out (e.g. a chain or something) 
and ascertain that he is no threat. The same with programs. And of 
course I'm somewhat paranoid but I have some experience with computer 
security.
If a company build houses with doors that cannot be locked, that company 
will be sued for criminal neglect. Microsoft does it for over 20 years 
as that is the time they know of their neglect but everybody think 
that's normal.
>
>> Another thing is to always have a
>> firewall not so much for fending off intruders (OK is handy) but to
>> prevent unknown malware to contact the outside world which means in
>> practice that all outgoing ports are closed except when specific
>> programs (listed on the firewall) request access.
>
> That's certainly good practice but unfortunately it is not the default
> setup and as a "normal user" I wouldn't even think about the possibility
> to lock down outgoing traffic.
I don't lock it, the firewall only is open for programs known to it 
(i.e. the known ports).
If you have a separate system as firewall, that is very easy (look at 
LEAF firewall).
Joep

>
>
> Nils
>