Re: Scary article in Wall Street Journal today
On Thu, 18 Feb 2010 16:25:13 -0500 (EST), mamarcac@gmail.com wrote:
>
> As someone still learning about Debian/Linux, is it a correct statement to
> say that these spyware/malware/virus .exe type files that try to install on
> a given machine, are virtually useless against Debian systems unless the
> user logs in as root to allow installation? At a minimum, wouldn't
> synaptic/aptitude request the root password before proceeding?
No. A malicious program can be downloaded and executed
as a non-root user and do harm. Obviously, it can do more harm if it
runs with root privileges. But it can still do harm running as a non-root
user. A formal install of a Debian package does require root privileges,
but a malicious program won't bother with formalities!
However, the goal of these people is to infect as many systems
as possible; therefore, they specifically target the systems that are
in the most common use. For the most part they leave Linux alone because
Linux as a desktop system doesn't have a large enough installed base
for them to make it worth their while. It's gaining in popularity
all the time, but still isn't large enough to go after in most crackers'
minds. (Notice I call them crackers, not hackers!) I'd like to think
that Linux, being designed from the ground up as a multi-user multi-tasking
operating system would be less vulnerable to attack as well. But even
so, this is one case where being a minority operating system has its
advantages.
Reply to: