[linux-elitists] Comprehensive list of Linux malware

Rick Bradley roundeye@roundeye.net
Fri Nov 19 13:15:17 PST 2004


* Andrew Kohlsmith (akohlsmith-le@benshaw.com) [041119 16:03]:
> The user's web browser and email client actually run on their alternative 
> login, and the point-n-click interface seamlessly sudo's to the intarweb user 
> in order to use these applications.  Thus any malware cannot directly attack 
> the user's home directory or data.
> 
> For added protection the intarweb user could have certain restrictions placed 
> upon it -- say the inability to run su or sudo, and perhaps a GUI-level lock 
> which prevents any dialog boxes or modal windows from popping up without a 
> visible and unobscurable "scar" indicating that the window in question is NOT 
> a normal system window.
> 
> Not a perfect solution but certainly one which it would significantly raise 
> the bar on making applications which could trash a user's data or present 
> them with password entry screens which would allow the attacker to get at the 
> user's data.

This makes it kind of hard to say, save a file that you might actually
want to be able to actually do something with though, doesn't it?

Rick
-- 
 http://www.rickbradley.com    MUPRN: 910
                       |  (BlakeR1234@aol.com) on
   random email haiku  |  open or resolved (but
                       |  not verified) bugs.



More information about the linux-elitists mailing list