• Welcome to Valhalla Legends Archive.
 

Running as non-administrator is pointless?

Started by Negotiable, May 04, 2005, 03:39 PM

Previous topic - Next topic

Negotiable

QuoteI defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say "oh, yeah, it is!", but it really isn't. Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.
- Michael Robertson, CEO of Linspire


Comments?

Newby

If they get access to your account, they can get your data and run processes that don't require root privlidges. They can't view data that is only accessible to root and/or other users on the system.

For the most part, your computer is safe.

If they get access to root, they can get your data and all the other data on that computer that isn't yours. They can also run processes that require root that could possibly do harm to your computer.

Some might argue "all they need is gcc to compile an exploit to get r00t and all you need to access gcc is a normal account".

Guess what? They're still trying to get root!

My two cents.
- Newby

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote<TehUser> Man, I can't get Xorg to work properly.  This sucks.
<torque> you should probably kill yourself
<TehUser> I think I will.  Thanks, torque.

nslay

Quote from: Negotiable on May 04, 2005, 03:39 PM
QuoteI defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say "oh, yeah, it is!", but it really isn't. Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.
- Michael Robertson, CEO of Linspire


Comments?


It's simple, if you make a mistake on root, it can cause global system effects.  You're more likely to make a mistake if you use root for your own personal use (that includes using potentially vulnerable programs such as internet browsers and email clients)...
Desktops are also more complicated and can have potential vulnerabilities ... someone may be able to access the system remotely with root privelages because of this.
It's not necessarily the libraries you're worried about.  It's your system's configurations.  Having the system's configurations is like having the architectural specs of a bank you wish to rob.  This allows attackers to examine configurations as well as factor known vulnerabilities to services and applications to have alternate ways to remotely access the system.  Furthermore, the attacker can install rootkits and other backdoors and use your system as a robot, whether for distributed attacks, or distributed email/im/netmsg spam.  Spam is very dangerous since some states and countries have harsh laws or  fines for the person or persons responsible for the spam.  The attacker can also install keyloggers and steal identities or even examine the /temp directory or even individual user folders for the same information (some users store passwords).  The attacker can bruteforce the password cache and use those as alternate logins too.  The attacker can even damage the configurations or the file system itself.  So, as you can see, there is quite a bit to worry about.

iago

Quote from: nslay on May 04, 2005, 06:56 PM
Quote from: Negotiable on May 04, 2005, 03:39 PM
QuoteI defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say "oh, yeah, it is!", but it really isn't. Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.
- Michael Robertson, CEO of Linspire


Comments?


It's simple, if you make a mistake on root, it can cause global system effects.  You're more likely to make a mistake if you use root for your own personal use (that includes using potentially vulnerable programs such as internet browsers and email clients)...
Desktops are also more complicated and can have potential vulnerabilities ... someone may be able to access the system remotely with root privelages because of this.
It's not necessarily the libraries you're worried about.  It's your system's configurations.  Having the system's configurations is like having the architectural specs of a bank you wish to rob.  This allows attackers to examine configurations as well as factor known vulnerabilities to services and applications to have alternate ways to remotely access the system.  Furthermore, the attacker can install rootkits and other backdoors and use your system as a robot, whether for distributed attacks, or distributed email/im/netmsg spam.  Spam is very dangerous since some states and countries have harsh laws or  fines for the person or persons responsible for the spam.  The attacker can also install keyloggers and steal identities or even examine the /temp directory or even individual user folders for the same information (some users store passwords).  The attacker can bruteforce the password cache and use those as alternate logins too.  The attacker can even damage the configurations or the file system itself.  So, as you can see, there is quite a bit to worry about.

Thank you, that's exactly what I was thinking but didn't feel like saying :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*