Announcement

**claydoh** · Oct 10, 2006, 04:51 PM

Re: It's A Cruel World Out There

I recently booted my ancient dusty 233 mhz Thinkpad to win2k on dialup and almost instantly started getting Messenger popup thingies. Its a script-kiddie world out there I guess

**podunk** · Nov 05, 2006, 02:01 PM

Re: It's A Cruel World Out There

Read an article in PC Mag. 10 XP computers hooked up to 3 different cable/dsl providers, no additional hardware firewalls other than the router. All with experienced windows users. Their task was to secure the computer and download updates for Windows and Office.

6 of them were hijacked/spywared/trojaned before the security updates were complete.

**askrieger** · Nov 14, 2006, 04:27 PM

Re: It's A Cruel World Out There

I seem to recall a recent statistic from somewhere (slashdot, perhaps?) that some ENORMOUS percentage, like 75% of all internet traffic is now malware, ranging from spam emails to keyloggers and botnets.

**Dipper** · May 29, 2008, 04:03 PM

Re: It's A Cruel World Out There

Originally posted by askrieger

At least twice, the probes included trying to get in with username "root", (Don't EVER tell me that using sudo instead of a root login is too much trouble.)

Point taken, askreiger. But maybe that's where there's room for improvement in the ubuntu security model. The fact is that using Sudo IS too much trouble. Using graphical root login, on the other hand, has its security risks (as you have pointed out). Maybe developers should take these two facts into consideration and come up with a way to either: a) give a non-root account the ability to do sudo-type of tasks without having to use the terminal or other run-command-type of interface or b) allow for the ability to create root-privilege superuser accounts that can be named anything (such as how it's done on all versions of Windows prior to Vista).

It is my belief that if the root account is unsecure in and of itself, that is a problem that should be directly addressed. Simply getting around it by running in a guest-user type mode seems to me a way of avoiding dealing with the problem. But that's just my own personal opinion. Take it for what it's worth.

**askrieger** · May 30, 2008, 01:42 PM

Re: It's A Cruel World Out There

The question is: "Too much trouble compared to what?". A typical Windows PC exposed to the internet without a firewall can be, and often is, compromised by hackers within minutes. The reason is that any and all users have administrative privileges that allow an evil-doer to take control of the machine at will. Any personal information (like your credit card numbers) on such a machine is immediately available to anyone who wants it.

Even if you don't keep confidential information on your computer, you're still vulnerable to a whole (and ever changing) menagerie of viruses. My wife's Windows machine was infected via an email virus that came attached to a message from an IT professional with a mailing list, who should have known better. His Windows machine had been attacked and used to propagate the virus. I assume that at some point, the attackers did gain access to whatever they were seeking. Even if they didn't, they made a heck of a lot of trouble for him, for my wife, and for every one else whose machines got attacked.

Sudo is a small price to pay for internet security. In addition, it serves as a reminder that what you are about to do has consequences. Moreover, if it were THAT hard why would Apple, the acknowledged leader in computer usability, use sudo?

**Snowhog** · May 30, 2008, 02:04 PM

Re: It's A Cruel World Out There

Well said. "...using Sudo IS too much trouble." Really? Two steps: open a console (or press Alt+F2); type sudo (kdesu) command (application) and press enter. Wow. I never stopped to think just how much extra work was involved in doing this!

As anyone who has had the opportunity to use Vista knows well just how annoying the implamented security feature it uses is when requesting an action requiring 'root' verification to execute is run. And that is a graphical implamentation!!

If anyone is going to use Linux, and expect to become both proficient and comfortable with it, is going to have to learn how to use the command line. Heck, the command line (old DOS window) still remains in Windoze! Ever wonder why it's still there; why M$ hasn't eliminated from their OS??

**daihard** · May 31, 2008, 02:39 AM

Re: It's A Cruel World Out There

Originally posted by askrieger

Sudo is a small price to pay for internet security. In addition, it serves as a reminder that what you are about to do has consequences. Moreover, if it were THAT hard why would Apple, the acknowledged leader in computer usability, use sudo?

Apple makes the use of sudo transparent to the user by wrapping the process around with a nice GUI dialog box. I'd imagine the same thing can be done with Ubuntu / Kubuntu. The current approach by letting the user hit the "Administration Mode" button isn't too bad either, IMO, though.

I'd much, much prefer the "sudo / su" security model over the Windows-style, lets-make-everyone-admin model... that's for sure.

**askrieger** · May 31, 2008, 09:25 PM

Re: It's A Cruel World Out There

The nice gui wrapper is called kdesudo and shows up on your desktop when you try to run something like Adept by clicking on an icon. The only time you have to use the command line sudo is when you try to run a shell command as root from Konsole, Yakuake , or an Alt-F2 entry on the desktop.

**daihard** · May 31, 2008, 09:44 PM

Re: It's A Cruel World Out There

Originally posted by askrieger

The nice gui wrapper is called kdesudo and shows up on your desktop when you try to run something like Adept by clicking on an icon. The only time you have to use the command line sudo is when you try to run a shell command as root from Konsole, Yakuake , or an Alt-F2 entry on the desktop.

That's nice. I didn't notice it because I give my account the "NOPASSWD" privilege in /etc/sudoers.

**askrieger** · May 31, 2008, 09:54 PM

Re: It's A Cruel World Out There

I give my account the "NOPASSWD" privilege in /etc/sudoers.

That seems to defeat the purpose with regard to local security, I take it you have a single user computer in a comparatively secure location (like a home office) and no linux-illiterate family members.

**daihard** · May 31, 2008, 10:59 PM

Re: It's A Cruel World Out There

Originally posted by askrieger

I give my account the "NOPASSWD" privilege in /etc/sudoers.

That seems to defeat the purpose with regard to local security, I take it you have a single user computer in a comparatively secure location (like a home office) and no linux-illiterate family members.

Believe me, my machine is not secure at all. I only do that because yes, the computer is in my home office, and nobody else even touches it except, possibly, for my wife. Even that should not be a concern since I make a habit of locking my computer whenever I am away from my desk. Even better, she has no idea what "sudo" is.

**lmilano** · Feb 09, 2011, 07:05 PM

Re: It's A Cruel World Out There

Mmm .... wouldn't it be nice to have a Plasma Widget scanning the network logs periodically and reporting fishy stuff? Is there such a thing?

**MoonRise** · Feb 10, 2011, 06:10 PM

Re: It's A Cruel World Out There

I started an FTP site to support a gamer server I was running. I eventually shut it all down because of the number of attacks. The attacks on that one open port to the server actually caused D.O.S. like affects. Sad!!!

Announcement

It's A Cruel World Out There

It's A Cruel World Out There

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment