In article <pFaUi.6968$qt4.5548@xxxxxxxxxxxx>,
skydweller <homeguy@xxxxxxxxxxxxx> wrote:
> I'm no expert, but AFAIK it's easier to gain control of a machine if the
> vulnerable app is running with root (or admin, in that netherworld)
> privileges than if the app is being run as a non-privileged user. I think
> a poll is in order here:
It depends on what you mean by "gain control of a machine". If you want
to install something that has complete control of the machine, so that
you could do things like wipe the hard disk, or install a root kit, or
things like that, then yeah, you generally need to be running as root to
do that.
However, the goal of most malware nowadays is to use the machine for
things like sending spam, or participating in DDOS attacks, and things
like that. All the malware needs is to be able to get a network
connection, which works fine as an ordinary user. No need for root.
|
|
