sudo without password

[ubuntu at rio.vg]

Florian Diesch wrote:
> Alan McKinnon <alan at linuxholdings.co.za> wrote:
>>
>> Which raises the question: what _will_ work? I believe this question 
>> needs some attention and a solution now, before the malware problem 
>> hits Linux in a big way (which it surely will).
> 
> As long as windows is such an easy target I don't think this will
> happen.  
> 
> And malware needs critical bugs that aren't fixed for some time or a bad
> user interface design that makes it easy to fool the user about what's
> happening or make him ignore warnings. In both cases Ubuntu is much
> better than windows

Not at all.  All you need is to convince the user to run it.  You could
have a completely bug free system, but if the user executes the malware,
it's over.  No one here, however, is suggesting that Linux is in any way
as vulnerable as Microsoft.  But there are still potential threats to
Linux that we can glean from the current state of Windows.

> If your system is infected by malware it's to late. The way to go is to
> prevent the infection.

That's not enough for many users.  The users will run the malware.

>> are easy to ignore. We know that Ubuntu can easily install a 
>> well-configured system suitable for a desktop, but the Achilles heel 
>> is stuff installed afterwards.
> 
> People should know that it may be dangerous to install stuff from
> obscure sources. They should know that most of the software they want
> is available from their distribution.

But people don't know.  As we've pointed out in this thread, take a look
at half the windows machines out there, they're filled with stupid
toolbars and adware and all kinds of trash that people download and
install just to see the dancing baby that somebody forwarded to them
from someone else.

Most of the adware out there doesn't come from viruses or trojans, but
are installed right alongside these stupid little programs and toolbars.
 It's not from gaping security holes.  (The more malicious stuff gets
into windows from security holes.)  Linux has no magical immunity to
users that will run anything they download off the net.

Being secure from network attacks alone isn't enough for the threats
Linux will face in the future.  Consider: What do you see when you
install a deb or rpm?  How would you know that it isn't just installing
Mozilla Thunderbird, but also a trojan right along with it?  Right now,
sophisticated users are smart enough to only install signed packages.
But that won't be enough when the average user wants to see the dancing
baby animation and will override it because the website told him to.
It's not enough to say "Well, that's his own damn fault!"  You could say
the same thing for many of windows' problems.