Slashdot Mirror
'Bagle' Worm Heading For A Windows PC Near You
mrSinclair writes "the 'Bagle' or 'Beagle' worm is expected to hit the U.S. by midweek, probably Tuesday as many employees return from a three-day weekend." He points to this Washington Post story (via Yahoo!), which describes the Windows mass-mailing worm as being transmitted via email as an .exe attachment and as installing "a program that lets attackers connect to infected machines, install malicious software or steal files." The article says Bagle has been detected in more than 100 countries. Other readers have sent in links to coverage at the BBC and at SearchSecurity.com.
"They attributed the worm's high infection rate to curious home and small office computer users who could not resist clicking on the attachment." -You would think by now even the person with the lowest possible computer knowledge would have picked up on this. Good to see people are getting right on the reporting of this though... now we just have to hope people will update their virus definitions! -olo
Why is this one unique? It's just the next worm.
And it replicates by *emailing* itself...
No remote root/admin exploits, no network-clogging mass scanning, no nothing.
Maybe just a few malconfigured mailservers going down, that's it.
yawn, wake me up when we're at threatcom 4
For Christ's sake, it's the users, stupid.
Not that Windows is blameless here, mind you, but I seriously suspect that I could cococt a shellscript that could do something similar (at least in terms of self-propagating) and send it to all my friends who run UNIX. And then you'd see! Oh, wait, THEY KNOW BETTER THAN TO RUN UNKNOWN CODE.
I've got two windows boxen at home. They've never been infected. My virus scanner doesn't save me -- running them behind a firewall and not executing random content on them does. It's not Windows that's the problem -- it's those damned Windows users.
Now, excuse me while I call my parents to have them update their virus definitions...
"The computer security community recommends that home computer owners never click on attachments unless they are expecting them from a trusted source. They also recommend that PC owners install and run up-to-date anti-virus programs to scan for computer infections".
They could stop sucking up to M$ and also recommend that home users consider another OS.
First, you'd have to save it to your hard drive, clicking on it wouldn't work (email attachments are data files, not executables). Then you'd need to "chmod +x" it, and then you could run it as your user, in which case it can infect only things associated with that user. Assuming these unlikely things happened, the superuser can simply disable your account and clean things up, while everyone else on the system can chug along happily.
In other words, its not the same. Unix made the right decision from the beginning to separate data and executables, and to keep most users at a non-Administrator/non-root capability level.
> Then you'd need to "chmod +x
.py, etc) and just go launch the script intepreter when you double-click on the file. This does not require +x access!
This all really depends on how much "Shell Integration" your Unix desktop has.
It's quite possible that a Unix Mailer would look at the file extention (.pl,
KMail was caught launching PE EXE viruses using Wine for example.
In reality, most of these mail viruses have nothing to do with OS security and everything to do with poorly designed mailers and dumb users.
The virus uses exe files, company mail server is setup to block all executable attachments. Any emails that make it through that are then scanned. Easy solution.
When new viruses comes out, me not worried.
(\(\
(^.^)
(")")
*This is the cute bunny virus, please copy this into your sig so it can spread
Right. Mass migration to FreeBSD, Linux, Mac OS X. Massive porting of all possible windows apps to Unix. Suppose that whould happen quickly or even overnight. You can always hope.
Will the problem become less severe? Probably, at least for a while. Will the problem go away? Of course not.
Because insecurity stems not from some flaw in an OS but from a fundamental problem with the users and industry's mindset which stresses features and convenience over security. Just imagine what a simple script could do on a Uix dervative when accidentatlly run aby a user. Now imagine what happens when that user is running as root. And that's just what many people are going to do...
Once in a while, I even pass the Turing-Test
Not speaking as a Windows user, but: I don't think you have to be "stupid" to click on a certain clickable thing. That's why it's clickable.
.exe. The user is the last to blame for all this virus nonsense - it's the guys writing the OS and the email software who should know better!
It's the developers of said email software who are stupid. The idea that their users should want an email... a totally insecure message, to have full access to their personal Turing Machines in the form of a clickable
Two main reasons - the extra load generated and the risk of false positives.
If filtering were done as you suggest, with a simple attatchment file size check, then there's a reasonable chance a perfectly legitimate mail would be dropped. It also wouldn't take very long for the virus writers to create viruses that vary the file size on every reproduction.
If a customer gets themself infected with a virus then it's their fault for not have adequate virus protection - if the ISP drops their mail because it was of a similar size to a virus it's the ISP's fault.
Blaming GW Bush for the Iraq war is like blaming Ronald McDonald for the poor quality of food.
We had the same executable attachment problem back when I was in school in the late '80s. Our VM Mainframe E-Mail system got shut down because of some christmas card program that remailed itself to everyone in your address book. Sound familiar?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I don't know whether it applies to that one, but a _very_ efficient way to avoid the annoyance of Windows email worms is to use your firewall block all incoming traffic from a Windows machine to port 25.
:
On OpenBSD, the following line is enough
block drop in log quick proto tcp from any os Windows to any port smtp
There is really not a lot of legacy mail exchangers running Windows so it doesn't hurt.
However, it blocks most worms that are trying to directly send mail.
{{.sig}}
Je fume. Tu fumes. Nous fûmes!
The virus exploits the massive Windows bug that clicking on an attachment is enough to run an executable with full user priveleges (root privileges, often) and that there is no safe mechanism to _open_ a file without the risk of _running_ it.
-- Ed Avis ed@membled.com
I don't see how pipes are such a nightmare. It makes sense to allow programs to direct their input and output to eachother without needing to use an intermediate file. (And WinNT and its derivatives have pipes as well, so it's not like it's a UNIX-specific weakness.)
RPM hell is pretty much gone in any mainline distribution these days, what with apt-get, yum, emerge, urpmi, and yast's online updating. All of the major distributions have a free way for you to update your system with full dependency checking and resolution. Even Slackware's got it with swaret.
If you don't think KDevelop is a "real" IDE you might want to look again. The newest release, based on the Gideon codebase, is astounding. Code completion is only part of the good stuff included.
OpenOffice is just about the same as MS Office - I haven't seen any compelling reasons to use Microsoft's version instead, especially considering that OpenOffice runs on my OS and MS Office doesn't (at least, not natively).
The technology is pretty much in place at this point. There might still be a few straggling areas (games are a sore point at the moment, but more and more developers are releasing Linux versions these days than ever before) but on the whole, Linux on the desktop is just building momentum, and nothing is stopping it. It'll hit critical mass sooner or later, and once it does, it's game over for Microsoft. I don't really care personally when it does for the rest of the world - I'm happy with it right now.
Anyway. Good times. Use what works, as that's what you need. But you might be surprised if you try out a mainstream distro, as a lot more works these days than ever has before. And no, FreeBSD isn't even close to mainstream. I love FreeBSD5 and I'm using it (with pf) on my firewall, but I use Linux on my workstation.
For games? What rock do you live under?
Yeah, i'm still anti-windows and rah-rah go Linux and all that - but until I can play the majority of my collection of games on Linux, there is no way in hell i'm switching.
Like the original poster said, its not impossible to run Windows cleanly. A decent amount of smarts, and an honest attempt at keeping your system/anti-virus/firewall up to date, and you'll have no security problems. Its really no different than a competant admin lording over their Linux domain. Reasonably intelligent users don't have as many problems as idiots, no matter what OS they use.
That said, Windows can still be a major pain in the ass. But as much as i'd love to (try to) hop the fence, Linux just doesn't offer me what I need. Which is funny, y'know, because theres a whole friggin sea of people out there that would love to ditch Windows but won't, because Linux lacks something they need. Hopefully one day the floodgates will open, but until then, a good chunk of us will be chained to M$' ankle, just waiting for someone to come save us.
This situation is NOT that simple. Viruses spread very fast on Windows because a number of factors happen to coincide.
#1. Email program runs executables just by clicking on them.
#2. User has full access to install any crap on that machine.
#3. Vendor did not offer "patch" to fix the above problems.
#4. "Patching" is not done, for whatever reason.
Just as there are more Apache installs than IIS, but Apache is exploited less than IIS, this is NOT about marketshare.
If the user wouldn't click on the attachments (or if the email client wouldn't allow the user to launch the attachments), the virus threat would be reduced.
If the user had to supply a root password to run the app, the virus threat would be reduced.
If the vendor would offer patches to deal with problems, and the users would just patch their machines...
If Linux had 90%+ of the desktop, the situation MIGHT be the same. But not necessarily. Outlook is the reason so many viruses spread before. All that Linux has to do is be a bit more intelligent about handling executables as attachments.
But that isn't Linux. That is the email app.
And it should be easy to change to a less virus-prone email app on Linux.
You could create a priveledged system since NT. Heres a scenario for you, Linux comes preinstalled on every new computer sold and is the dominant OS. Do you think resellers would setup non-root/non-rootlike accounts for the user? It's not like they couldn't do that with 2k or XP. And what about the bagillion possible daemons that the reseller might turn on just to make things even easier for the user? do you think the reseller would educate the buyer on the importance of actually maintining a system or firewalls? *nix (as much as I love it) is not the be all, end all to this little annoyance. Education is. If people were educated on how to actually use their machine, this problem wouldn't exist.
do you really think that this is a matter of OS ?
i'm sure that everybody capable of doing a simple shell scripting (or perl) is able to write similar virus for linux/unix
in the fact, it is just a program which sends itself via email as soon as you start it
or do you think that whoever wants to use linux/unix has to be more inteligent than clicking on every attachment ?
i'm not a microsoft fan, but this seems not to be a problem in their software, but rather in their users !
At least with Windows Update, the user can be assured that they will get a secure untrojaned binary. No one has any evidence that Windows Update has been rooted.
Of course six months from now, when they finally get around to issuing a patch, the lack of source code also leaves no evidence that a new vulneralibility wasn't created when the old one is closed, does it?
Time is what keeps everything from happening all at once.
Well in any case it should be a non-issue. If you are running Windows correctly, you're not running as a member of Administrators but rather a regular user with all the permissions correctly set. This way you can't inadvertently destroy data that should be secured (e.g., programs). In any case, I have grown tired of attempts to trivialize the would-be damage of worms on UNIX systems as "oh it will only trash /home/user" -- as if that's not bad or something!
(Also of note is that most people sending these worms unbeknownst to them are home users, not corporate users on multiuser systems.)
Having said that, this worm doesnt exploit any Windows or Outlook vulnerabilities. It emails an exe file. The simple fact is that if users are so naive / stupid that they will just run any program that pops up in their inbox, it doesnt matter what OS they are running, the end result will be the same; an infected computer.
If you receive a linux binary and you run it it could cause you trouble. I know, it couldnt infect your system etc because you dont run as root, but it could re-email itself to your contact list, delete your documents, fill your hard drive or do any other number of annoying things while still propagating.
Moral of the story, MS is not ALWAYS at fault, just quite often.
Except half the Windows programs out there refuse to run as a regular user, as they expect to have write access to system level directories. Consequently it is generally not practical to run Windows as a regular user.
ipfw add allow tcp from any to legit.mailhost.com 25
ipfw add allow tcp from any to legit2.mailhost2.com 25
ipfw add reset tcp from any to any 25
This cuts off SMTP except for (e.g.) 2 legitimate servers. Since most worms have their own SMTP engine these days and spread the "direct-to-MX" way, they get stopped dead. You could add more entries prior to the reset rule if you use more than one SMTP server.
So basically it exploits user stupidity. Thanks for putting it so eloquently :)
Why? you can easily write a userspace smtp client for linux, which is what this virus is. add it to .bash_rc or similar and away you go, each time the user logs in they start hammering away with copies of itself. Then, after 2 weeks, have it wipe out every file it can on the system - sure the OS will survive but plenty of what the user considers vital information will be lost.
Backups are just as required in Linux as they are in Windows.
Ewan
Yeah, but how much time do you spend trying to make sure you don't get anything? Searching for viruses on my 2.8GHz SATA 150 through less than 30GB of data on a RAID 0 drive takes HOURS. Then another 5-10 minutes everytime you install a program to make sure it's not kitted with spyware and such crap. Besides even normal users can install stuff in linux (contained to their home directory, only), whereas you cannot in windows, which forces Windows' users to Admin up EVERY time , which GREATLY increases the virus' accessibility. Plus the file structure is alot more accessable to normal users in Windows. Remember, the UNIX backbone has been around WAY before Gates stole DOS from that poor guy. If Windows users didn't have to admin up so much, they would be less inclined to log in as root all the time. I mean, even the "Run as.." function is hidden in windows! you have to hold the Shift key down while right mouse clicking to get it! If they can't figure out how to run as/su without jumping through hoops, of cource they are going to login and run everything as admin. I NEVER run Linux as root, I ALWAYS run windows as admin. It's just too much of a pain in the @ss in windows. Does the world need better PC education, or a better OS? I think we need both.
Notice that I wrote data-files. Because that's what they are from the system point of view. Datafiles that are opened with an application.
/bin/sh, or MAME, etc). You still have absolutely all the power you need to both spread and release a payload. "Melissa" was a data file for microsoft word, and others have been data files for Windows Scripting Host, so this isn't exactly new.
But with this defenition the discintion is useless. So you wouldn't write a Linux email worm an executable, but rather as a datafile for wine, or perl (or lisp, or
What is relevant is that the email program should never allow data to be sent to a program that runs it as code, unless that code is executed in a very strict sandbox. Having to explicitely state that files are executable is a first step, but it does nothing when so much of the code we execute is sent as data to an interpreter rather than made executable.
What is needed is a "tainted" flag on files, which would need to be explicitely and manually removed. Files carrying the flag would be rejected as data for all interpreters. That would make writing worms a lot more difficult, but Linux doesn't have it, and I have seen no reason to expect it on the horizon (except some of the very slow work around SELinux.)
I don't hate Microsoft because of having to pay for it. I gladly pay. Windows OS is one helluva bargain. Its having the code hidden from me that bothers me so... its as if somebody has figured out how to pull a fast one on me by requiring me to sign documents - legally binding - but I am not allowed to verify the contents of it, by enforcing my ignorance of the language used. I have to go on faith that whatever a vendor tells me is what it really does. And not all people tell the truth. And fewer yet tell the *whole* truth.
The main thing Linux has going for me is that its code is inspectable. I can personally verify it if I have to. Line by line if I feel its warranted. I don't mind paying for well-crafted code. But, for my own peace of mind, if I am going to be held accountable for my decision to use that code, I must know exactly what it does. And have any and all tools I need to verify their operation.
I have had supervisory types come in and extoll the virtues of ignorance by statements such as them not understanding how their car works - but that does not keep them from driving. Fine, if you explicitly trust your mechanic. When there's millions of dollars at stake, trust is sometimes not what it is stacked up to be. I don't like to be in positions where I am trying to explain to somebody else why things are so f*k*d up when I don't myself know why. By golly, I have had the training and skills to craft code personally, and run debuggers. I feel its my job and responsibility to my company to keep them out of hot water. And that means knowing exactly how their system works.
Trusted Computing is Verifiable Computing.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
First, you'd have to save it to your hard drive, clicking on it wouldn't work
Most Windows e-mail clients will not open an executable when you simply click on it. In fact, they usually open multiple warning windows saying, essentially, "If you run this, you are a complete and total moron. Are you a moron? [YES] [NO]".
Then you'd need to "chmod +x" it
This provides about the same amount of protection as said warning windows. In order to run the program, you have to be fully aware that you are trying to run an executable. Having to chmod +x it is just an inconvenience, really.
and then you could run it as your user, in which case it can infect only things associated with that user.
Seriously, how many people read their e-mail on multi-user machines? Yes, I know there are some, but it's rare. In most cases, the person reading the e-mail is the only user of the particular machine they are on, and so having their own account totally trashed isn't really any better than just having the whole computer trashed.
Besides that, most viruses these days can accomplish all of their goals just as easily from a user account as they can from root. Typically, this involves propogating itself (requires only network access) and then carrying out some form of DDoS (again, requires only network access). Who needs root?
(Of course, on Windows, if you're smart, you're probably running ZoneAlarm, which will tell you when a program tries to access the internet and allow you to deny it that access. I am not familiar with any similar software for Linux. Though, if you're smart, you aren't running attachments anyway, regardless of OS.)
What it all comes down to is that the user/super-user separation really does not provide any significant protections against viruses, especially on typical desktop systems. Sorry, but Linux is, for most intents and purposes, just as vulnerable to these types of viruses as Windows is.
Unix's security model is far from ideal. It's a very simple model that can't really do a whole lot. Not that Windows is any better; in my book, Windows is just a colorful variant of Unix. On the other hand, an OS that supports capability-based security (like EROS) would actually be able to safely run untrusted software -- viruses and all -- without harming the system, or even the individual user running it. Sadly, the idea has not been implemented in any mainstream OS (though I am currently working on a project that would bring such ideas to existing OS's).
I really wish people would stop making OS's that just copy Unix and create something new already! There are so many great ideas out there; so many better paradigms. Ugh...
To reply to several of your posts:
In Linux most software is written such that it works with the permissions it has - ie, the permissions of the unprivileged user. Under Windows (as mentioned by the parent poster) this is quite often not the case. I had huge headaches just trying to set up my home machine under Windows 2000 so that the rest of my family were normal users and not administrators. Not only did quite a few applications not work, they didn't even have the courtesy to display an error message. In the end I gave up because quite a few things just refused to work. No wonder most Windows users run as administrators - it's too difficult to do otherwise for most people.
Granted, there have been exploits in Linux software that are most likely to be installed SUID root - which is why SUID/SGID executables are to be kept to a minimum on a secure system. Most user-level applications, I mean the kind that desktop users would be using, will not be SUID/SGID because they don't need to be.
Minutes to restore files from installation CDs? How are you supposed to know which files to restore? Even assuming the user is capable of this, what if the software completely hoses the system? Wouldn't you rather your system at least stayed running? I struggle to understand people who try to take the stance in this case that no protection at all is somehow better than limiting the damage.
that there is no safe mechanism to _open_ a file without the risk of _running_ it.
:)
So basically it exploits user stupidity. Thanks for putting it so eloquently
If you mean user stupidity in using a system that deprives the user of essential information as to whether or not to click on something "interesting", then yes. The malware would make much less progress if the dialog used "Run Virus" instead of "Open".
Of course you can do it in windows. But close to everyone in Windows runs as admin, while close to no one in Linux runs as root. In effect you wouldn't have to change anything in Linux, while you'd have to drop all your admin privileges in Windows. I've tried maintaining an XP box, and on most occations I had to log out my normal user and log in as admin because the run as feature simply did not work properly. Games couldn't run because the permissions were wrong, and impossible to change to the right ones (I tried, I called friends of mine who are windows admins, who told me it was different on their XP boxes...). ... I don't believe it's as easy to do to every windows box as it is to every Linux box. In Linux all you need is the capacity, in Windows the users need to refrain from using their default proile. Big difference!
------- I fumbled my registration and I now must suffer
And I'm sure many people do. The real problem with security for home systems is people have to WANT it there. You can setup as much as you like, but since they own the system they can just turn it off. They will too, by and large, if they feel it interferes with what they want to do.
Oh great, the minute anti-virus software begins to detect a virus my mailbox gets flooded by auto-genereated replies tell me that I've been sending out viruses. This is a stupid feature which should be disabled, when was the last time a virus didn't fake its origin?
The filters on my mail serveres are configured to drop virus emails and NOT bounce, auto-reply or alert me. The waring emails from antivirus software generates almost as many emails as the virus it self. Don't do that.
Spamassassin is great...
However, people likely to get hit by this "bagle", is very much unlikely to be able to operate their own server running procmail + spamassassin.
If everyone repeats this refrain enough people may actually start to believe it, and that would be good in counteracting that old 'many eyes make all bugs shallow' phrase we keep hearing about open source.
Taken at face value the statement seems reasonable, but I'm a scientist and I like to hold theories up to the light of reality and see how they do. I know that testing theories annoys people because it makes them question their deepest held beliefs, but hey I'm an annoying guy anyway.
We could test the statement by finding an Open Source project that has much more market share than a closed source project, then compare the rates of exploit. Hmmmm... how about Apache vs. MS IIS?
According to Netcraft Apache has about 67% of the market and Microsoft's IIS has about 21% of the market. The often quoted FUD says that Apache is used by so many more people it must have many more exploits.
We can search the CERT website for the terms 'Apache' and 'Microsoft IIS' clicking on the boxes for :
Advisories
Incident Notes
Security Improvement Modules
Vulnerability Notes
'Apache' gives 180 results.
'Microsoft IIS' gives 830 results.
Wait! That means that just because something is used much more widely than another thing it does not result in more attacks! That proves the statement that if Linux were used more it would have more viruses is a false statement! It could be that open source actually does produce more secure code after all!
If Linux had 60% or 70% market share, there would probably be more viruses written for Linux than there are now. But, as we can see with the real world example of Apache and Microsoft IIS, the open source development model produces more secure software.
Sorry to step on that often quoted line about linux and viruses, but I like reality.
Here here! I really wish people would understand the difference.
This is *not* a virus for Windows, it is a manifestation of social engineering using a trojan application. For that matter, just about any modern operating system would be capable of executing this code (Linux, NT, MacOS X, etc.) -- the real source of the problem here are the end users.
If I sold you a gun, is it my fault when you shoot yourself with it?
Eric Sarjeant
eric[@]sarjeant.com
You're going to block all incoming mail from them?
Photography, technology, and my dog Scout - http://mattstratton.com
It's even dumber to code as root. Then you don't know if what you're coding even works as a normal user. At that point it's no longer a laziness issue.
LilMikey.com... I'll stop doing it when you sto
As a scientist, I'd think you'd know that only using one data point is not 'holding it up to the light'. I'm not saying the OP is correct, but you haven't proved anything, except that IIS has more reports on CERT than Apache does.
Probably because it steals a little of the victory from the person who made it.
Patch for what? Someone figure out how to keep retarded users from running unknown attachments?
IMHO there is a delicate balance between security and getting the job done.
In many organizations, the developers are under the gun to meet project deadlines. You are more likely to get in trouble for not meeting a deadline than for running X as root.
Similarly, the system administrators are rated by how smoothly things run. Taking a chance by allowing developers to run things as root does not do them any good.
Sadly, from a developer's perspective, system administrators are rarely rewarded by their managment for helping developers sort out all the permissions issues.
If this is done, then one can figure how to set up the non-root account to get the work done without creating security problems.
It doesn't help that developers are often considered "knowing enough to be dangerous."
So system administration managers sometimes set the tone of "lock down the developers so they can't get away with anything."
One place I worked had the development servers locked down so tight, it was said you could only test in production.
Through my career, I have seen a lot of development move from the Unix platform to the Windows platform, partly for this reason:
1) The Unix System Administration department doesn't care about windows boxes, so they don't bother to control them.
2) The Development department knows that they can set up a bunch of windows boxes, give themselves administrator access.
3) The development project proceeds quickly in terms of accomplishing the project goals. The development manager is not rated on how few security holes he sets up in the process.
4) The managers learn: "Wow, if we bypass the Unix System Admins, we get projects done so much faster."
It is unfair to blank admins for security holes created by developers.
It is unfair to give an agressive deadline to the developement department and then ask them to work with a system administration department that has no incentive to help you meet your project deadline.
"We can't solve problems by using the same kind of thinking we used when we created them." -- Albert Einstein
Also, it doesn't seem like anyone who did break into Microsoft's servers would be too eager to offer proof of guilt.
I don't recall that anyone offered proof of the Debian or Savannah break-ins except for Debian and Savannah.
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-U
Then you have some really slow anti-virus software. This should only take that much time ONCE. Subsequent runs should be very quick because all of the scanned files have hash values which are stored. The files will only be re-scanned if the hash value does not match.
No one actually installs apps in Linux this way. Only small toy programs or utilities that are of no consequence and aren't shared with other users on the machine are installed this way. That probably accounts for about 1% of the software you install on a computer. When you install an RPM or an application shared across many users, you HAVE to "root up" just as Windows users have to "Admin up." Whether you use SUDO or the application does it for you and asks for your root password, it's the exact same process. The fact that Windows users don't start the install programs using runas simply means they're uninformed and improperly educated. Windows provides the SAME mechanisms that Unix does for running in least privileged mode: users simply do not do it.Check your facts. Just TRY to clobber an NTFS directory to which you have no write permissions. The "Limited Account" in Windows won't let you write to \Windows or \Program Files or other people's user folders. How is this "a lot more accessible"? Only Administrators have complete access to the file system, the same as in Unix/Linux. If you are logging in as Administrator, it's your own damned fault if you run a Trojan and it trashes your files.
I don't know what version of Windows YOU have, but in XP simply right clicking on an executable file offers "Run As..." as the first menu option! Does KDE offer this in their shell? How about GNOME? And of course, at the Command Prompt in Windows you can still use the runas command.