Ray Ingles wrote:
> On 2006-09-15, Larry Qualig <lqualig@xxxxxxxxx> wrote:
> >> Isn't this "vulnerability" also present in most *NIX systems? A Linux
> >> user downloads a "freeware game", and the game asks the user to enter the
> >> root password so it can sudo and do stuff. The user types in the password,
> >> and the "game" now has root access and thus can do any changes it wants to
> >> the system
> >
> > Of course this is the *exact* same problem for *nix machines. Do you
> > really expect an honest response or admission of this?
>
> Why not? It's been brought up before:
>
> http://groups.google.com/group/comp.os.linux.advocacy/msg/8937a5870a7c68d3
>
> The point is that the vast majority of operations on Linux do *not*
> require root access. And so items that require root access stand out.
>
> Especially since, because of Linux's superior design, you don't *need*
> root to do things like run a 'freeware game'.
That's true and I'm not going to argue otherwise. But will a teenager,
dentist or hair dresser know this? A completely naive "average Joe"
will simply do what the app tells them they need to do. Put up a dialog
with some techno-babble about why it needs a root password and most
users will fall for it.
> A couple weekends ago I
> downloaded the Linux demo for "Cold War". It added some menu shortcuts
> and set up the demo to run. It runs very well, and smoothly, etc. At no
> point did I have to enter any kind of password.
You're talking about legitimate apps, not trojans or malware.
> The thing didn't *need*
> root. And this is a modern commercial 3D game, you understand. It's even
> a port of a Windows game!
>
> Most Linux software will be like that, precisely because requiring root
> is stupid for most apps and just discourages people from trusting or
> using your program. A 'freeware game' that insists on root access under
> Linux will stick out like a sore thumb. You don't need that just to play
> a game on Linux. But people are used to (numbed to) that kind of
> behavior on Windows.
>
> > It's been proven time and time again that the weakest link in any
> > security system is the human behavior. As long as humans use computers
> > and are in-the-loop then computer vulnerabilities will exist.
>
> Absolutely, and I said that very thing in the post I reference above.
> And even without root there's plenty of damage that can be done (e.g.
> ransomware, as I *also* noted). But the damage is minimized, and easier
> to clean up. And if it becomes a major problem there will be
> countermeasures deployed.
>
> So, help me out here, where am I being dishonest? Seriously, I can't
> spot it...
Generally I'd say you're one of the most honest posters here in COLA. (
>From either camp. ) But there are 100's of millions of computer users
out there and most of them really don't know what they're doing. I've
done this for a living long enough to have a clue but when I look at my
in-laws, neighbors and relatives they simply have no idea of what's
going on. Example... look how many people fall for phishing scams.
(You're Paypal account needs to be updated - Click here!)
The point is that knowledgable users will be able to remain safe on
whatever system they chose to run. And for someone that has no idea...
they will get compromised in a matter of days, if not hours regardless
of what OS they run.
> --
> Sincerely,
>
> Ray Ingles (313) 227-2317
>
> "...somehow the media seems to have convinced the population
> that the only real candidates are from the demopublicans, and
> the rest are joke entries. While the truth is the opposite."
> - Per Abrahamsen
|
|
