On Wed, 2007-08-08 at 14:59 +0200, Joachim Schrod wrote: > James Knott wrote: > > Hans van der Merwe wrote: > >> > >> Why is this not an issue with anyone? Deleting a normal users data is a > >> big thing. They consider the PC broken if their files disappear. > >> > > > > That's a minor issue, compared to some of the other things malware can > > do. Stuff such as stealing passwords and other personal info, spam > > generators, corrupting the entire computer etc. > > Exactly. > > And Hans argument is that "stealing passwords and other personal > info, spam generators" and such are important issues as well and > don't require root rights. They can be done with user-level > exploits. Here, you seem to agree; though your other posts don't > look like it. > > The fanboys here concentrate on the point that malware will have > more difficulties in corrupting the entire computer. For granted, > but they don't admit that stolen user data, arbitrary actions under > the user's account (the attack vector here are not executable mail > attachments, but wrong interpretation of data files; just look up > recent CVEs) and corrupted user files are as bad for normal desktop > users as corrupted systems. (Maybe even worse, come to think of it.) > > Some guys here tell that one should have backups and just restore > the corrupted or damaged files. For first, that doesn't protect > against stolen passwords or turning one's computer into a spam > spouter. Second, how can you be sure that the malware is not > already in the backup? If one has multi-generation backup (and few > have this on private desktop systems), one has the problem to > select the proper version that is not infected. > > As the CEO of a company that does security consulting, I can > confirm that malware is not restricted to Windows in its > effectivity. Windows malware volume is larger, but it's frightening > to see the mindset "we're safe because we run Unix/Linux/MacOS/take > your pick" that appears in many posts in this thread. We have been > called quite some time to clean up security incidents with Unix > systems (Linux included) at customers -- and these were folks with > enterprise-level IT processes. I shudder when I think about the > perceived security of private users. But obviously this real-life > experience and the untold man-hours that were needed for cleanup > can not happen because they must not happen. > > Joachim >
Indeed, Some of the sites harbouring virii-collections have all sorts of virii that can do harm to linux systems, (When not configured & maintained properly) Thankfully, these are a minute portion of all the worms, virii, backdoors or other evil stuff that has M$ as their target... HW -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
