Just want to reiterate that just because we're running Linux doesn't mean we're immune to these types of attacks. I remember reading a while ago how there was a trojan that was discovered on one of the files hosted at www.gnome-look.org masquerading itself as a screensaver. Users would download them, switch to root to install and voila, infected machine.
James -----Original Message----- From: Paul E Condon [mailto:pecon...@mesanetworks.net] Sent: February 18, 2010 4:59 PM To: debian-user@lists.debian.org Subject: Re: Scary article in Wall Street Journal today On 20100218_132513, Mark wrote: > > > > >On Thu, 18 Feb 2010 12:25:04 -0700, Paul E Condon wrote: > > > > > Today in Wall Street Journal (pg 3 in US edition), there is an > > > article about hacker break-ins to computers via the internet. > > > Mentioned as the method of break-in are spyware called ZeuS, and > > > Firefox browser, but no mention of what OS are aflicted. > > > > > As someone still learning about Debian/Linux, is it a correct > statement to say that these spyware/malware/virus .exe type files that > try to install on a given machine, are virtually useless against > Debian systems unless the user logs in as root to allow installation? > At a minimum, wouldn't synaptic/aptitude request the root password before proceeding? > > Mark I'm the OP on this thread, so by no means an authority of Debian security, but ... Synaptic/aptitude already run with root privileges in order to be able to install the executable programs that are downloaded from Debian repositories. So root password requirement is not a realistic response to whatever is being done. I'm aware of various security measures that *are* realistic defense against various attacks. These measures involve cryptographics and certificates and keyrings. I have learned to be somewhat complacent about web security, but there was something about this article that got me wondering if I shouldn't revisit the issue of security on Debian. Now, it looks to me like same-old-same-old. If so, the worry morphs into a worry about an onslaught of newbies moving to Debian and flooding this list with silly newbie questions (like mine of not so long ago). But that really isn't a worry, because, same-old-same-old, Windows users appear to be invincibly ignorant. Thanks to all for useful links. -- Paul E Condon pecon...@mesanetworks.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100218215840.gc2...@big.lan.gnu -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/fffa2cacdb4d5c44a24b0930113812180114b...@ersbs2.eyereturn.local
