sudo is a command. Not an account. Besides, if the user account has a poor password, then chances are that one of these is true: a) The user and root accounts have the same password. b) The root account has a different but similarly insecure password. c) The user made a file with the root password:
i) The file has mode 660, so all you need is the user's password
ii) The file has mode 666, so all you need is nobody access. d) The user somehow managed to get/bin/bash (or something similar) setuid (mode 4755).
I hate to reply to myself but reading again I see that the malware was not on any distro's repository so this doesn't affect my trust on them. Still I would prefer that there would be an easy way of installing packages without root access.
Probably a kernel module...
So, do you have a patch for that? No? Then stop whining that it doesn't exist. </sarcasm>
There's also been some evidence of malware that triggers AV software on purpose, and acts as a distraction while the real dirty payload gets delivered silently elsewhere in your system. You are now fooled into thinking your system is clean because your AV caught the distraction virus, completely missing the real one that was also installed.
AVs don't get "distracted" -- either the real payload is detectable by the AV, in which case the distraction won't be successful since both will be found and removed, or else the real payload is undetectable, in which case you don't need the distraction at all, and as a matter of fact it hurts you by making user more security-conscious.
My mother managed to get some nearly-impossible-to-remove scareware on her (Windows) netbook. She swears up and down that she never visited any sketchy sites, had AV (but no anti-malware), etc. She was basically using it for several things: 1) Visiting various newspapers' websites 2) Webmail (a dedicated server for her business) 3) Word processing (OpenOffice.org) 4) Spider Solitaire 5) A few online games (jigsaw puzzles, sudoku, presumably flash-based) she found on Google. I think this is the most likely vector, but she uses the same websites all the time. 6) Visiting certain reputable, ad-free (AFAIK) sites. She is smart enough to never download/run/open suspicious programs/files/etc and she was using Firefox 3.5. This thing was able to prevent itself from being uninstalled easily. On Linux, she could have simply killed any offending processes (O.K. that's nontrivial, but no root permissions needed in theory) and check the (graphical, so-easy-to-use-a-caveman^H^Hgrandma-could-do-it) Gnome startup programs tool for suspicious entries. On Windows, we eventually had to use "System restore" (an OS feature) -- which the program could potentially have disabled had the malware author thought to do so (it was totally rooted -- the malware was preventing the installation of some anti-malware programs) and then download the anti-malware program that had previously failed to install. Windows Vista/7 are probably more secure than XP which she has, but I'm still reluctant to blame all Windows security issues on user stupidity. Now I have her running Firefox+NoScript so that it (hopefully) won't happen again, but that's mostly because she refuses to switch to Linux. Most users would be running IE7 or so... not Firefox+NoScript. This is clearly not just "user stupidity" -- it's a windows genuine advantage^H^Hbug.
Intel is making a tidy profit, because their competition is low, and there are no new entrants into the x86 market because of copyright and patents
Competition is usually a good thing; anti-competitive actions are usually illegal
With no copyright system enforced by the goverment, I propose that we would see intel go out of business...
Copyright normally does not apply to physical objects (you're thinking of patents)
...because they would never recoup their billion dollar investment in there processor when others copy and sell it just above raw costs.
Companies do not "sell it just above raw costs." They sell items where marginal cost=marginal revenue (this is a simplification--competition with Intel would influence pricing, but not to the extent that economic profit becomes zero or negative)
I would say that a majority of copyrighted material would not be made [if not for copyright]
What about Creative Commons? What about William Shakespeare? Wikipedia? "All rights reserved; we will sue you into the ground" is not the only possibility.
It only worked the first 2 times. Marquette has a strange sort of 3-strikes policy. After the third alleged infringement, they said that I couldn't get it turned back on at all, but they still demanded that I sign the admission to guilt. I contacted ITS daily to try to get them to fulfill their contractual obligation (under the dorm's housing agreement) and restore my Internet access, but after about a week of this, the tech support people at ITS started telling me that they were forbidden from speaking to me. Eventually cops came and hinted that if I contacted IT Services again, they would arrest me.
If I was in that situation, I'd "hint" to ITS/the cops/whomever that I had a lawyer.
or one thing any app (even a software keylogger) has to have the proper permissions to run in *nix.
Setting the execute bit is not difficult... if someone emails someone else a binary the execute bit will probably already be set. Or are you talking about some weird thing that I've never heard of?
What do you people require from a life-form before you consider it to be intelligent? Farting is not very high on my list. I'd say it's not even on my list, but it does at least imply that something is digesting something, so there is some degree of intelligence there, but I'd have to rate it very very low.
It has to be a lot smarter than a computer, because most people would currently define a computer as "not intelligent". Note that "smarter" doesn't mean "more FLOPS". It means smarter.
You only get N installs and it appears that N=1. I found that via the search you linked to. Since new computers usually either include a recovery disk or else are capable of creating one, I assume that OEMs are (were, now that Windows 7 is out) receiving retail XP (with reinstalls allowed) rather than this.
At least mozilla disables the "OK" button for ~5 seconds so that you actually read the warning (and by default doesn't allow installation of extensions from anywhere other than addons.mozilla.org (but you can (easily) change that if you want to so it's not evil)).
And if you happen to have the wrong version of Word, opening the zip (in Word) without extracting it will corrupt the file (you don't even have to save)!
Slashdot Mirror
Linux sounds too good to be true. So does Firefox.
That's only through the repository.
Granted, there are big (well, maybe not) warnings about installing debs not through a repository (saying things like "you won't get updates").
Point is, if the user would just do what the OS tells them to, said user wouldn't be in this mess.
Probably / itself. Or else /etc and/or /boot .
sudo is a command. Not an account. Besides, if the user account has a poor password, then chances are that one of these is true: /bin/bash (or something similar) setuid (mode 4755).
a) The user and root accounts have the same password.
b) The root account has a different but similarly insecure password.
c) The user made a file with the root password:
i) The file has mode 660, so all you need is the user's password
ii) The file has mode 666, so all you need is nobody access.
d) The user somehow managed to get
I hate to reply to myself but reading again I see that the malware was not on any distro's repository so this doesn't affect my trust on them. Still I would prefer that there would be an easy way of installing packages without root access.
Probably a kernel module...
So, do you have a patch for that? No? Then stop whining that it doesn't exist. </sarcasm>
Go file a bug somewhere if you actually care.
There's also been some evidence of malware that triggers AV software on purpose, and acts as a distraction while the real dirty payload gets delivered silently elsewhere in your system. You are now fooled into thinking your system is clean because your AV caught the distraction virus, completely missing the real one that was also installed.
AVs don't get "distracted" -- either the real payload is detectable by the AV, in which case the distraction won't be successful since both will be found and removed, or else the real payload is undetectable, in which case you don't need the distraction at all, and as a matter of fact it hurts you by making user more security-conscious.
My mother managed to get some nearly-impossible-to-remove scareware on her (Windows) netbook. She swears up and down that she never visited any sketchy sites, had AV (but no anti-malware), etc. She was basically using it for several things:
1) Visiting various newspapers' websites
2) Webmail (a dedicated server for her business)
3) Word processing (OpenOffice.org)
4) Spider Solitaire
5) A few online games (jigsaw puzzles, sudoku, presumably flash-based) she found on Google. I think this is the most likely vector, but she uses the same websites all the time.
6) Visiting certain reputable, ad-free (AFAIK) sites.
She is smart enough to never download/run/open suspicious programs/files/etc and she was using Firefox 3.5. This thing was able to prevent itself from being uninstalled easily. On Linux, she could have simply killed any offending processes (O.K. that's nontrivial, but no root permissions needed in theory) and check the (graphical, so-easy-to-use-a-caveman^H^Hgrandma-could-do-it) Gnome startup programs tool for suspicious entries. On Windows, we eventually had to use "System restore" (an OS feature) -- which the program could potentially have disabled had the malware author thought to do so (it was totally rooted -- the malware was preventing the installation of some anti-malware programs) and then download the anti-malware program that had previously failed to install. Windows Vista/7 are probably more secure than XP which she has, but I'm still reluctant to blame all Windows security issues on user stupidity. Now I have her running Firefox+NoScript so that it (hopefully) won't happen again, but that's mostly because she refuses to switch to Linux. Most users would be running IE7 or so... not Firefox+NoScript. This is clearly not just "user stupidity" -- it's a windows genuine advantage^H^Hbug.
Intel is making a tidy profit, because their competition is low, and there are no new entrants into the x86 market because of copyright and patents
Competition is usually a good thing; anti-competitive actions are usually illegal
With no copyright system enforced by the goverment, I propose that we would see intel go out of business...
Copyright normally does not apply to physical objects (you're thinking of patents)
...because they would never recoup their billion dollar investment in there processor when others copy and sell it just above raw costs.
Companies do not "sell it just above raw costs." They sell items where marginal cost=marginal revenue (this is a simplification--competition with Intel would influence pricing, but not to the extent that economic profit becomes zero or negative)
I would say that a majority of copyrighted material would not be made [if not for copyright]
What about Creative Commons? What about William Shakespeare? Wikipedia? "All rights reserved; we will sue you into the ground" is not the only possibility.
I agree, but I don't think GP had that mindset when he posted.
The RIAA is too stupid to remember that when dealing with IPs.
It only worked the first 2 times. Marquette has a strange sort of 3-strikes policy. After the third alleged infringement, they said that I couldn't get it turned back on at all, but they still demanded that I sign the admission to guilt. I contacted ITS daily to try to get them to fulfill their contractual obligation (under the dorm's housing agreement) and restore my Internet access, but after about a week of this, the tech support people at ITS started telling me that they were forbidden from speaking to me. Eventually cops came and hinted that if I contacted IT Services again, they would arrest me.
If I was in that situation, I'd "hint" to ITS/the cops/whomever that I had a lawyer.
This post is not legal advice of any kind.
At best, the judge would say there was never a contract and you need to GTFO.
Good. The RIAA relies on the existence of a contract, not the GP.
Whooosh!
How so? Or did you read it?
Whooosh-maybe!
or one thing any app (even a software keylogger) has to have the proper permissions to run in *nix.
Setting the execute bit is not difficult... if someone emails someone else a binary the execute bit will probably already be set. Or are you talking about some weird thing that I've never heard of?
What do you people require from a life-form before you consider it to be intelligent? Farting is not very high on my list. I'd say it's not even on my list, but it does at least imply that something is digesting something, so there is some degree of intelligence there, but I'd have to rate it very very low.
It has to be a lot smarter than a computer, because most people would currently define a computer as "not intelligent". Note that "smarter" doesn't mean "more FLOPS". It means smarter.
The next step is to make sure that, in "go[ing] there and analyz[ing] it", we don't destroy it.
What about the fundamentalists? Do they count as adults?
I know you're being silly, but code is not a person and doesn't have "rights" like people do.
You only get N installs and it appears that N=1. I found that via the search you linked to. Since new computers usually either include a recovery disk or else are capable of creating one, I assume that OEMs are (were, now that Windows 7 is out) receiving retail XP (with reinstalls allowed) rather than this.
The link (to the AB+-like extension) in TFS is questionable... this is arguably a better target. OTOH, reviews are mixed (see for yourself).
At least mozilla disables the "OK" button for ~5 seconds so that you actually read the warning (and by default doesn't allow installation of extensions from anywhere other than addons.mozilla.org (but you can (easily) change that if you want to so it's not evil)).
Let me know when it gets adblock
Not exactly
And if you happen to have the wrong version of Word, opening the zip (in Word) without extracting it will corrupt the file (you don't even have to save)!
from the jargon file:
[long definition]
Note that the perjorative use has been deprecated.
I thought dictionaries were supposed to be descriptive, not prescriptive.
Reporter:Why are you a government?
Government:Because that lets us rob *everyone*.
FTFY. WTF is it with apostrophe's these day's?