Re: [PLUG] "Most Secure" heh heh

Michel van der List on 2 Mar 2017 07:03:24 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] "Most Secure" heh heh

From: Michel van der List <plug@vanderlist.com>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] "Most Secure" heh heh
Date: Thu, 2 Mar 2017 10:03:14 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=vanderlist.com; h=content-transfer-encoding:content-type:content-type :in-reply-to:mime-version:user-agent:date:date:message-id:from :from:references:subject:subject:received:received; s= vanderlist; t=1488466995; x=1490281396; bh=RFvSERY7erJtcaquQrOG2 LFLlZDMohzzQafnbu5SEfs=; b=idaN4CvW+pxfohfoBwYm8PzOxR9kvAofPKBJu YhwF0s+yipUFovIXfwUHBjfjg+PoZMQHA0ZM91lNQrT54lzRPnBOT9B98c6VSNpd S1QX+g7OKhn5Kww1QNGDabVkot3S0m8SV5r28VM3o3J2oGYB3mTj4D+x33PgtHnm DNcrbU=
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0

Obligatory XKCD: https://xkcd.com/1200/


On 03/02/2017 09:45 AM, Rich Freeman wrote:

On Thu, Mar 2, 2017 at 9:22 AM, jeff <jeffv@op.net> wrote:

the majority of Windows 10 vulnerabilities (93 percent)
could be mitigated by removing admin rights.

How are they defining a vulnerability?  Just something that leads to
admin rights?  They mentioned that removing admin rights solves the IE
vulnerabilities.  That suggests some kind of sandbox violation.  Well,
removing admin rights might block that vulnerability leading to a root
compromise, but probably not a local user compromise.

I think people pay far too little attention to local user compromises.
On the typical single-user desktop box (no matter what OS it runs) an
exploit that lets you run arbitrary code as the logged in user lets
you do just about anything a root compromise would.  It just can't
affect other users on the same machine (on these machines there
typically aren't any other users anyway).

Is it really comforting to know that malware can no longer listen on
port 100 but it can still read your keystrokes and send them to an
arbitrary remote server, read your browser cache, copy all your
documents, encrypt and ransom all your documents and every network
share you have access to, and so on?

Now, cleaning up a PC that is only compromised at the level of an
unprivileged account is going to be much easier as you don't have to
worry about the bootloader or OS itself.  But, is the effort of a
re-install really the biggest cost of a malware infection?  And is any
serious admin going to even take a chance that the malware didn't get
root at some point?

(I'm not really trying to debate whether Windows vs Linux is more
secure overall, just the statement that you can mitigate a lot of
issues by not running privileged.  You can probably mitigate some, but
on a desktop OS it probably isn't as much as you might think.)


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] "Most Secure" heh heh
  - From: jeff <jeffv@op.net>
- Re: [PLUG] "Most Secure" heh heh
  - From: Rich Freeman <r-plug@thefreemanclan.net>

Prev by Date: Re: [PLUG] "Most Secure" heh heh
Next by Date: Re: [PLUG] "Most Secure" heh heh
Previous by thread: Re: [PLUG] "Most Secure" heh heh
Next by thread: Re: [PLUG] "Most Secure" heh heh
Index(es):
- Date
- Thread