What's the chance of getting malware/virus when logged in as root ? - Hardware & Software

Well, I hate to type su root for every single program that I run, but I'm also a bit scared of getting malware/virusses from using root as primary account.

It's still slim to nothing. People are just super paranoid of "super hackers" thanks to movies over-hyping them.

Do you really need to run them as root?

There has been a lot of effort put into Linux so that things just won't execute themselves like on Windows. Visiting a web page with your browser running as root isn't really dangerous because Linux is smart enough to not execute any random crap on a web page. The only thing you'd want to watch out for would be trojans. That would be like "click here to win $1 million dollars", and then you download a shell script and run it yourself.

I stumbles upon this while on Facebook: [url]http://www.omgubuntu.co.uk/2011/02/how-usb-autorun-malware-could-easily-infect-linux/[/url] Looks like I posted above too soon. :ohdear:

[QUOTE=.:GHOST:.;27958392]I stumbles upon this while on Facebook: [url]http://www.omgubuntu.co.uk/2011/02/how-usb-autorun-malware-could-easily-infect-linux/[/url] Looks like I posted above too soon. :ohdear:[/QUOTE] From the looks of it, it seems that you would have to put in an infected USB in your drive. Can't really view videos on this computer ATM so I wouldn't know.

[QUOTE=.:GHOST:.;27958392]I stumbles upon this while on Facebook: [url]http://www.omgubuntu.co.uk/2011/02/how-usb-autorun-malware-could-easily-infect-linux/[/url] Looks like I posted above too soon. :ohdear:[/QUOTE] All he uses can be turned off by a few clicks. Auto mount - User and groups > advanced settings > May automatically use USB mass storage devices (something like that didn't install in English) Auto thumb - Nautilus settings, has its own tab. And dunno about the autorun, never seen or used it.

[QUOTE=Cornelisjuh;27953957]Well, I hate to type su root for every single program that I run, but I'm also a bit scared of getting malware/virusses from using root as primary account.[/QUOTE] Don't use root as your primary account.

[QUOTE=.:GHOST:.;27958392]I stumbles upon this while on Facebook: [url]http://www.omgubuntu.co.uk/2011/02/how-usb-autorun-malware-could-easily-infect-linux/[/url] Looks like I posted above too soon. :ohdear:[/QUOTE] Just a hint: He used an old version of Evince to exploit a security vulnerability that was fixed 5 weeks before the presentation [b]and[/b] he disabled Address Space Layout Randomization and AppArmor, both being security mechanisms. Great. [QUOTE=.:GHOST:.;27955207]It's still slim to nothing. People are just super paranoid of "super hackers" thanks to movies over-hyping them.[/QUOTE] The problem is, root access allows control over the [b]whole[/b] machine and [b]all[/b] of the file system. If Cornelisjuh would download an unknowingly malicious program and run it as root, said program can do pretty much anything on the machine. The chance's relatively low to stumble upon such malware, but it exists.

[QUOTE=Jookia;27964613]Don't use root as your primary account.[/QUOTE] Ok. I was asking this cause it can sometimes be a pain in the ass to run everything from terminal when you just have a link on your desktop. And yes somethings requires root.

Look up gtksudo and gtksu. They give you a nice GUI way to run application as root without the command line. It'll give you a password prompt. Just do: [code]gtksudo command[/code] in the launcher

[QUOTE=Cornelisjuh;28003841]Ok. I was asking this cause it can sometimes be a pain in the ass to run everything from terminal when you just have a link on your desktop. And yes somethings requires root.[/QUOTE] Debian/Ubuntu has fakeroot that lets a program think it has root.

About 30% of windows viruses work because people always run their system as root. Its a good thing that it asks you for the root password whenever it needs it, even if it's annoying.

where did you pull that figure from

Didn't know Windows had a root user.

[QUOTE=bootv2;28069570]linux root == windows admin.[/QUOTE] Linux root has more control over the system than a windows admin, in windows isnt it something like there are actually 3 security levels, and you can only normally access the top 2?

[QUOTE=Roo-kie;28063507]where did you pull that figure from[/QUOTE] unfortunately my ass. Let me find a reference. My bad, it's actually 64% [url]http://techreport.com/forums/viewtopic.php?f=6&t=71364[/url]

At least in Vista and up the main account created on installation is admin like (missing as few rights as far as I could find). Not that it helps much.

[QUOTE=PvtCupcakes;27956351]There has been a lot of effort put into Linux so that things just won't execute themselves like on Windows. Visiting a web page with your browser running as root isn't really dangerous because Linux is smart enough to not execute any random crap on a web page.[/QUOTE] So is Windows. No OS is going to stop you if your browser has a buffer overflow vulnerability and you're running it as root or admin (*cough* looking at you XP)

[QUOTE=bootv2;28089780]allright, then it's close to. but can I ask what I cant do as a windows admin then?[/QUOTE] Uninstall Norton.

Personally, I hate being a limited user. I'm tired of popups nagging me to allow programs and type my password for things every 5 seconds. It's annoying as hell. This goes for both Windows AND Linux.

Pop-ups? I have never seen a pop-up asking me for my password, but then I do all my root work in the terminal and not in the GUI.