On 20100218_132513, Mark wrote: > > > > >On Thu, 18 Feb 2010 12:25:04 -0700, Paul E Condon wrote: > > > > > Today in Wall Street Journal (pg 3 in US edition), there is an article > > > about hacker break-ins to computers via the internet. Mentioned as the > > > method of break-in are spyware called ZeuS, and Firefox browser, but no > > > mention of what OS are aflicted. > > > > > As someone still learning about Debian/Linux, is it a correct statement to > say that these spyware/malware/virus .exe type files that try to install on > a given machine, are virtually useless against Debian systems unless the > user logs in as root to allow installation? At a minimum, wouldn't > synaptic/aptitude request the root password before proceeding? > > Mark
I'm the OP on this thread, so by no means an authority of Debian security, but ... Synaptic/aptitude already run with root privileges in order to be able to install the executable programs that are downloaded from Debian repositories. So root password requirement is not a realistic response to whatever is being done. I'm aware of various security measures that *are* realistic defense against various attacks. These measures involve cryptographics and certificates and keyrings. I have learned to be somewhat complacent about web security, but there was something about this article that got me wondering if I shouldn't revisit the issue of security on Debian. Now, it looks to me like same-old-same-old. If so, the worry morphs into a worry about an onslaught of newbies moving to Debian and flooding this list with silly newbie questions (like mine of not so long ago). But that really isn't a worry, because, same-old-same-old, Windows users appear to be invincibly ignorant. Thanks to all for useful links. -- Paul E Condon pecon...@mesanetworks.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100218215840.gc2...@big.lan.gnu
