Re: Anti Virus, now Anti Spy-ware
- From: Nils Kassube <kassube@xxxxxxx>
- Date: Wed, 18 Jun 2008 20:35:21 +0200
Steve Lamb wrote:
On Wed, June 18, 2008 10:11 am, Nils Kassube wrote:
While I don't generally disagree with this argument, I think on a
workstation it could be a big problem already if the malware would
"only" access the user area.
But this is hardly an issue compared to having system privileges.
If you look at it from the admin point of view, you are absolutely right.
But Ubuntu is often installed on a single user's machine where the
valuable data are inside the home directory of that user. So the valuable
part isn't protected from an attack.
A malicious program could be accidentally installed
by the user and run at login with the user's privileges.
Which login? As I posted elsewhere I have XFCE, Gnome, KDE3 and
KDE4 all installed. Just taking Ubuntu's make variants, any malicious
software that is limited to user space would have to somehow inject
itself into 4 different "logins" to cover a user since it can't touch
the system boot-up scripts in /etc.
Right - that's the advantage of not haveing a monoculture.
It wouldn't be a great problem to reinstall the OS within a
reasonable time.
This is where you make the mistake of equating Windows threats with
Linux. If one's user space is infected one doesn't need to reinstall
the OS.
Sorry, I think I didn't write it clear enough. I know it isn't necessary
to reinstall the OS if only a user account is compromised. For me it
would be more trouble to restore my user data than to reinstall the OS.
In this regard the better security model of Linux wouldn't necessarily
help me.
One simply need a different user account, elevate to root,
remove the infection. I only say a different user account because one
has to presume the current one is compromised. One of the pitfalls of
Ubuntu's policy of a non-functional root password. No way to get into
root without a non-compromised normal user.
No problem: Boot into recovery mode.
But if a malicious program only modifies my personal files it would
probably take some time until I notice. Then I can only hope that I
still have a backup of the files from before the malicious program
was somehow installed.
That is a user process and one many people fail at. Myself
included. My point isn't that it couldn't happen. It can. It might
yet still happen. My point was that since there is such a strong
division between user and system privileges any such infection is
trivial to remove because simply logging in from a different user
prevents the infection from running and engaging in any self-defense
measures that are now so common with malicious code on Windows. It
also prevents the infection from burrowing itself into the system's
core. To do all of that requires obtaining elevated privileges which
is several magnitudes harder than on Windows.
Agreed, it is easy to clean up an infection if only a user account is
compromised.
Nils
--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
- Follow-Ups:
- Re: Anti Virus, now Anti Spy-ware
- From: Bart Silverstrim
- Re: Anti Virus, now Anti Spy-ware
- From: Steve Lamb
- Re: Anti Virus, now Anti Spy-ware
- References:
- Re: Anti Virus, now Anti Spy-ware
- From: Nils Kassube
- Re: Anti Virus, now Anti Spy-ware
- From: Steve Lamb
- Re: Anti Virus, now Anti Spy-ware
- Prev by Date: Re: Anti Virus, now Anti Spy-ware
- Next by Date: Re: mail
- Previous by thread: Re: Anti Virus, now Anti Spy-ware
- Next by thread: Re: Anti Virus, now Anti Spy-ware
- Index(es):
Relevant Pages
|
