create a boot-able disk from an iso file

Nils Kassube kassube at gmx.net
Wed Jan 12 09:00:45 UTC 2011 

Joep L. Blom wrote:
> On 11/01/11 23:42, Nils Kassube wrote:
> > I think root access isn't necessary at all for doing serious
> > damage. For a "normal user" like me, the most valuable data are
> > stored in my home directory and malware running with my privileges
> > can delete all those files. That would probably be the greatest
> > damage that could be done to my system.  Furthermore, as a normal
> > user the malware can start applications e.g. to join a botnet and
> > send spam mails. That would also be a major damage, this time for
> > the network, not for my machine. And again root access isn't
> > necessary.
> 
> I tend to disagree. Malware has to enter. This of course can occur
> via port 80. However, to run a program an execute command must be
> given and the executable bit must be set. You can install as many
> programs as you want but a program that is not installed by you can
> not run as you and therefore cannot damage your home directory.

I tend to disagree as well. How does malware get into a Windows system? 
Usually there is a vulnerability of the browser or email client or 
whatever. The same is possible with Linux / Unix programs. Granted, 
clicking on an email attachment under Linux usually isn't as dangerous 
as it is under Windows because it isn't automatically executable.

But we all know that programs like Adobe reader and flash player are a 
major target of malware and the security holes found in those two alone 
often are exploitable for Linux as well. If I stumble upon a malicious 
website with a flash exploit targeted at Linux systems, the malicious 
code runs with my privileges and I don't see why it can't install 
something permanently which is executable and which is run at every 
startup of my KDE or Gnome session. Something like "tar xfz malware.tgz" 
inside the exploit code should suffice.

> Another thing is to always have a
> firewall not so much for fending off intruders (OK is handy) but to
> prevent unknown malware to contact the outside world which means in
> practice that all outgoing ports are closed except when specific
> programs (listed on the firewall) request access.

That's certainly good practice but unfortunately it is not the default 
setup and as a "normal user" I wouldn't even think about the possibility 
to lock down outgoing traffic.


Nils

More information about the ubuntu-users mailing list