Re: Spyware / Adware
On 1 Sep 2004, Jim Richardson wrote:
> On Tue, 31 Aug 2004 16:50:09 +0200,
> Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch> wrote:
>> On Tuesday 31 August 2004 13.30, Volker Tanger wrote:
>>
>> [spyware/adware/trojans/...:]
>>
>>> Yes and no. When surfing as normal user *ware programs cannot install
>>> themselves as system services or overwrite programs simply as you/they
>>> do not have the (file) permissions to do so.
>>
>> Technically, for most purposes, malware installing itself into an
>> unprivileged user account and automatically starting itself through
>> /.bashrc or whatever is entirely possible, especially since most
>> malware these days seems to be used only as a base for DDOS attacks
>> (including sending spam), so no special privileges are necessary
>> here. (And KDE and Gnome are currently catching up nicely in the
>> number of little useful (?) daemons that are started on a desktop
>> machine.)
>
> There is no click the attachement and install the malware without your
> knowing it, in Linux.
Nonsense. The 'Gnus' mailer was modified a while back so that it would
not automatically execute a MIME part containing elisp code; that is
*precisely* the sort of issue you claimed was impossible.
*Most* mail clients under Unix are better written than to do that, but
between remotely exploitable issues with image rendering and the push
toward "user friendly" defaults there is no reason why this could not
happen.
Regards,
Daniel
--
Anyone who stops learning is old, whether at twenty or eighty. Anyone who keeps
learning stays young. The greatest thing in life is to keep your mind young.
-- Henry Ford
Reply to: