nanog mailing list archives
Re: Spyware becomes increasingly malicious (let's return to reality)
From: "Alexei Roudnev" <alex () relcom net>
Date: Thu, 15 Jul 2004 21:38:16 -0700
Did you try to run Windoze as 'not admin user'? Ok, try, then install, say, harmless user-level (not a server at all) Visio package... They run as admin, because Windoze (1) have not easy (temporary) switching between User and Admin, and (2) 99.99% applications require user privilege to be installed or configured (and they are not sevice applcaitions).
Not necessarily true. Security/permissions plays a major part in the effectiveness of adware and spyware. A majority of consumer Windows OS's run with the default login as an admin user. When a user chooses to install "Cool-Search", their user rights allow for registry changes and alterations of system libraries, which cause ads to display when using IE. Can this be prevented by running Windows as a non-privileged user, yes. But people want to install their "Cool-Search" and non-privileged users can't install anything.
If I am in Unix, I can install Cool-Search when I am a normal 'user', BUT these will not be a system-wide application. I need root privileges to install a service, and I do not neeed it to install something which is client only (can not run by itself). // I am not advice for Unix here. These is a difference - in a very old, ansient Unix system there is simple and effective privilege segregation (and everyone understands it). No one application writes into /bin and /usr/bin, and only very few badly designed applications try to write anything into /etc; user's directory have simple '-rwxrwxr-x- (or other) access list (easy to understand), etc etc... As a result, 99% of this _old_ OS are more secure than99% of Windoze installations (through Windoze can be made much more secure than Unix). There is all result of 'hidden complexity'. Install 'Osiris' (or Tripwire) IDS and try to configure rules for Unix and Windoze, then compare. Tremedows difference!
When using OS's other than Windows, users can install their own binaries, but they do not have access to modify the system binaries. Then can still browse with the system wide Mozilla/whatever, but their actions will not have the ability to alter anything that will allow for ads to be served when browsing, or for browsing habits to be sent to a third party.
Technically they can run some startup script, but even if they do it, it is _very_ easy to get rid of such thing. And (what is most important) usesr can do 100% tasks when logining as a 'user' not as an 'admin' (if they need temporary permission change, they can got it).
Current thread:
- RE: Spyware becomes increasingly malicious, (continued)
- RE: Spyware becomes increasingly malicious Michel Py (Jul 13)
- RE: Spyware becomes increasingly malicious Brian Battle (Jul 13)
- Re: Spyware becomes increasingly malicious Alexei Roudnev (Jul 14)
- Re: Spyware becomes increasingly malicious John Underhill (Jul 14)
- Re: Spyware becomes increasingly malicious Niels Bakker (Jul 14)
- Re: Spyware becomes increasingly malicious John Underhill (Jul 14)
- Re: Spyware becomes increasingly malicious sthaug (Jul 14)
- Re: Spyware becomes increasingly malicious (let's return to reality) Alexei Roudnev (Jul 14)
- Re: Spyware becomes increasingly malicious (let's return to reality) Brett (Jul 15)
- Re: Spyware becomes increasingly malicious (let's return to reality) Curtis Maurand (Jul 15)
- Re: Spyware becomes increasingly malicious (let's return to reality) Alexei Roudnev (Jul 15)
- Re: Spyware becomes increasingly malicious Alexei Roudnev (Jul 14)
- Re: Spyware becomes increasingly malicious Alexei Roudnev (Jul 14)
- Re: Spyware becomes increasingly malicious Jeff Shultz (Jul 15)
- Re: Spyware becomes increasingly malicious Valdis . Kletnieks (Jul 16)
- Re: Spyware becomes increasingly malicious Valdis . Kletnieks (Jul 16)
- Re: Spyware becomes increasingly malicious Alexei Roudnev (Jul 14)
- Re: Spyware becomes increasingly malicious Adrian Chadd (Jul 14)