-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Agreed… don’t get viruses. There are other options of
virus-detecting software that will work in Linux like ClamAV (Google for
others if needed) but all of those technologies work after it’s possibly
too late. Along with what ken yap wrote already keep in mind that in
windows malware “takes over” because it runs as Administrator and
windows has made it very difficult to run a system without at least
Power User privileges, which are very strong indeed. I’m generalizing
slightly, but to make my point go to your non-technical friend and make
them ONLY a regular ‘User’ in a new windows system that you haven’t
configured for them and see if you make it one day without a phone call
demanding more privileges. You mentioned that you can run safely in
windows by doing the same things, which is just as true there. Running
Linux as ‘root’ is safer than running windows as Administrator, but it’s
still insanely stupid to do on a day-by-day basis. The well-established
and proven concepts of least-privilege apply to any environment where
some kind of “infection” can take place… computers, human bodies,
private organizations… you give permissions when needed, but the
problem is that to do anything in windows you regularly need to be
privileged. When you run Firefox or (worse) IE as Administrator every
bug not only in windows is opening up you to attack, but now every bug
in the software you run that goes out onto the malware-infested Internet
is opening you up. Every plugin in the browsers are the same way.
Every component of the OS that doesn’t listen for incoming connections
but now helps the browser render content is suddenly open for attack.
While these attacks may be possible when running as a regular user the
impact of a successful exploitation is completely different since it
might ruin your user account as a whole but with ‘root’ privileges it
ruins your account, your system, every other account on the box, and if
you are sharing files between boxes it could potentially infect other boxes.
So, does running as non-root protect you from Viruses completely? No…
anybody who says any system (technical or other) is fool-proof is
incompetent, but does it prevent the damage that happens during an
infection? Definitely.
Adding to that the way windows determines it should “execute” an
application is by the file extension, which is crazy. In Linux you need
to set the ‘execute’ bit on a file to have it be executed by the system
(even if the system only executes it as a plain old user). Files may be
double-clickable in the GUI and then loaded by an application, but they
are never just arbitrarily run, and if something looks suspicious you’ll
often be prompted to either open the file, display it, or run it, so you
can tell you are potentially being silly. This is all, still, as a
regular old user. So an attacker needs to either lure you to a site
which exploits weaknesses in your browser and OS, or they need to get
you to run files after making them executable. Both rely on users being
halfway intelligent to successfully carry out, but the biggest weakness
in computer security has always been us mere mortals. When was the last
time you saw a virus-free and completely firewalled computer go and
download an application from the Internet for fun that turned out to be
a virus instead of a screensaver because it was “cute” or “fun” or
“looked interesting”? When was the last time a human did so?
Well I’ve gone off… feel free to ask follow-up questions but in
general Linux was designed to be secure… designed to be multi-user…
designed with more in mind than blindly making a user able to do
anything they wanted to on the slightest whim.
Good luck.
ken yap wrote:
> rkhunter has been suggested.
>
> But really, best practice requires that you never get into this
> situation because a compromised machine cannot be trusted and should be
> reinstalled with system software and then user data restored.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI9gTl3s42bA80+9kRAh4cAJ9jaOZzuv8WBHjm5T45f/dZmIwLiwCfRyj4
4gSBA0Cv4Jm8muikwA1pU9E=
=P8zU
-----END PGP SIGNATURE-----