Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
As I am a newbie I can not get it. I see that even if my computer is connected
to Internet it is just like one in billions of telephone numbers. Who would hook on
to mess in my computer for what reason? I just don't know. I can guess ones
who want to spread virus or spams to sell their unti-xxxx softwares are very cleaver.
But I never had any problem of been used my computer by them to spread spam
or virus for last 2 years or more. I don't really understand what is the problem
to you for us to be using our own computer as superuser. At worst we only have
to reinstall or may take the occasion to try some other distro?
What I think is that distro that stop making fuss over this "root login or not" only
would survive in peoples personal computers in future. Those cautions are needed
only for the computer systems of schools or company offices or the service providers
systems?
I see that even if my computer is connected
to Internet it is just like one in billions of telephone numbers. Who would hook on
to mess in my computer for what reason?
You are right, nobody will look especially for your computer. Because the attackers need not to do that. They will setup websites that are normal looking, but are full of browser exploits. So it is you who makes them aware of you.
Quote:
But I never had any problem of been used my computer by them to spread spam
or virus for last 2 years or more.
How do you know? Have you ever tested your computer for such things?
Quote:
I don't really understand what is the problem
to you for us to be using our own computer as superuser.
Because you may harm othesr with machines that are wide open to the net, so that they can be used for malicious things by every one.
Quote:
At worst we only have
to reinstall or may take the occasion to try some other distro?
At worst they will compromise your bank accounts, know your ebay login, ... .
If you don't care about that then let them do it.
Quote:
What I think is that distro that stop making fuss over this "root login or not" only
would survive in peoples personal computers in future.
So you mean only insecure systems will have a future?
Quote:
Those cautions are needed
only for the computer systems of schools or company offices or the service providers
systems?
So you mean that you are perfectly secure, when your bank, your office or your service provider is safe? But then you are giving every one the possibility to read your data, log your passwords and install other malicious programs.
In short: Do what you want with your systems. But keep them in a state that you don't harm others.
*Everything that follows is opinion and 'as-far-as-I-know' type stuff. Their may be inaccuracies (if so please feel free to tell me where). And please note that I am not trying to argue,insult, or dismiss anyone or their point of view, I am just trying to get at the point that I think a smooth running system does not to be altered if it is not completely necessary.*
Quote:
Who would hook on
to mess in my computer for what reason
Viruses and other malicious programs get in, and spread ... That is just their nature. IF you have one, it knows everything you know. When you are root everything is open and visible. this includes where you go, and what IPs you interact with, if you upload part of a file with a messed up program on it, it can (and will) spread as soon as it gets a chance. This is part of why linux is more secure then MS. Windows assumes that all users have administrative power - or are root, and can access all directories.
As to what reason why someone would do that kinda thing ... That's simple ... Some people are just dicks.
Quote:
I don't really understand what is the problem
to you for us to be using our own computer as superuser. At worst we only have
to reinstall or may take the occasion to try some other distro?
As stated a few times, It justs less secure. but on top of that changes you make will effect the whole system, and can be hard to repair. and having to reinstall a distro simply because you purposely made a mistake is pointless. You could lose data, you have to sit through the install, you have to re-partition, you have to re-get all your favorite programs and re-setup your desktop to look and behave as you want ... It's a lot of work just so you can be root for 30 seconds.
Quote:
Those cautions are needed
only for the computer systems of schools or company offices or the service providers
systems?
Or anyone running a server, anyone with a network, anyone who chat/skypes,anyone with internet access, and anyone who has a birthmark on the inside of their left thigh in the shape of Thomas Jefferson. (Alright that last one's taking it too far)
In the end though if you want to do it ... Go nuts ... Knock yourself out. It's been posted how to do it in a couple threads, and if you want to waste your time and resources fixing what may happen (you're right ... It may not) then go right ahead. No-one is trying to stop you. The point is that it is good practice to be in the habit of doing (or not doing I guess) what is right for your system. Linux is meant for you to access and interact with, how you do it is up to you.
Tobi:
Quote:
How do you know? Have you ever tested your computer for such things?
Is there a way to do this in linux? I never thought about installing stuff like that (least not yet.). I mean I know that MS has norton, and all the MSsheild based stuff ... But is there a necessity for it in linux? Most downloads I do are from repositories, and most info on .configs I edit and commands I type originate from this forum or other trusted sites.
And hypothetically if someone where to be doing everything as root, if they did regular scans, and manually verified all scripts and configurations would it be possible to still maintain a secure system?
Is there a way to do this in linux? I never thought about installing stuff like that (least not yet.). I mean I know that MS has norton, and all the MSsheild based stuff ... But is there a necessity for it in linux? Most downloads I do are from repositories, and most info on .configs I edit and commands I type originate from this forum or other trusted sites.
There are virus scanners for Linux, and programs that check for rootkits and altered programs. If you get all your programs from the distribution's repositories you are on the safe side, as long as you use a distribution with signed packages. So in regards to security, using Arch is not the best thing.
Also, if you trust the source of your config-files and scripts you should be pretty safe, and with the enormous number of knowledgeable members here that are somewhat "peer-reviewing" the posts here I would consider LQ as a trusted source.
Quote:
And hypothetically if someone where to be doing everything as root, if they did regular scans, and manually verified all scripts and configurations would it be possible to still maintain a secure system?
You are only safe at the time you make the scan, but may be infected or have an keylogger installed five minutes after that. If you don't make those scans every day, which would be rather inconvenient, you will give attackers enough time to make malicious things or steal your money.
It is a shame everything is occupied by all kinds of fraud-stars' protection rackets?
Cause problems endlessly and sell the solutions for the problems they make?
These poo-poo dropping shameless vandals are extreme minority which may
not wake up from their sleep one day in near future. It could be the fore told
story of "ascension"? The God's tiding to come, to reclaims the God's property
for all the honest and good ones who have no possessions but themselves.
You are right in telling me many of "don't". My NetworkManager-applet stop
showing up on taskbar. The launcher for firefox disappear from taskbar too.
Ignorance is bliss but only a very short while. Do you have any idea what I
should look at to fix this? I can get it back by starting "NetworkManager". If
I keep the launcher for firefox on the desktop it stay there???...Any idea?
Any one can use my computer as a launching pad as their spam or virus emitter
so I gather from what you said already. But in this case what ever we may do
they can do that they are so cleaver at it? The activity of expert who does do
such we never can prevent? No computer is secure from them who know what
they are doing? The security for us are only an illusion but their? This is why I
think those unti-xxxx are protection-rackets. Am I wrong?
But what I can not see is that how what I do on my computer affect others
system. Would you please tell me "how" in simplest possible way so that novice
like me even can understand?
"Novice wondering where to look at to fix the problem",---godoten
P.S.:
I also hope you to look at what is said at the link below for yourself, yo-family
and friends. In the simplest term "death is a belief" and "only if one make self
a fair being the one does not have to die" is the truth?
------------------------------------------------------------------------------
The most positive thought: ===TENPAGE===
"You are not suppose to die.....", by Otomakas http://tenpage.pwp.blueyonder.co.uk/en/welcome.html
Any one can use my computer as a launching pad as their spam or virus emitter
so I gather from what you said already. But in this case what ever we may do
they can do that they are so cleaver at it? The activity of expert who does do
such we never can prevent? No computer is secure from them who know what
they are doing? The security for us are only an illusion but their? This is why I
think those unti-xxxx are protection-rackets. Am I wrong?
What you actually are saying is like that: When I drive my car, there is a potential risk that an accident may happen. I can do nothing about that, so I don't have to use a seatbelt and turn off my airbags. To make it even worse, you are endangering others by driving drunk and ignoring traffic lights.
Quote:
But what I can not see is that how what I do on my computer affect others
system. Would you please tell me "how" in simplest possible way so that novice
like me even can understand?
If an attacker can use an exploit for your browser (or any other software, like e-mail clients, download managers, ...) to get a shell, he can install any software he wants, because the browser is run with root rights, and therefore any process (in this case the shell) it launches is also run as root. So now, that the attacker has a root shell open and therefore the right to do anything on your system he can install software that is intended to do malicious things. For example he can:
Let be your computer a part of a DDOS attack on other systems.
Let your computer do a brute force attack to remote login services of other computers.
Let your computer download or host childporn.
Use your computer as proxy while hacking other computers.
Use your computer to send spam.
Just what comes to my mind in 2 minutes, I think there are many more things what the attacker can do with your insecure computer that is doing indirect or direct harm to others.
It is a shame everything is occupied by all kinds of fraud-stars' protection rackets?
Cause problems endlessly and sell the solutions for the problems they make?
These poo-poo dropping shameless vandals are extreme minority which may
not wake up from their sleep one day in near future. It could be the fore told
story of "ascension"? The God's tiding to come, to reclaims the God's property
for all the honest and good ones who have no possessions but themselves.
Umm..half saying that the antivirus/antimalware companies are at least in part responsible for security problems?
I dont believe it. No need to make a conspiracy when its just as easily explained by malice, boredom, and anti-social attitudes.
BTW, its not just 'vandals' who like to break into unprotected computers. There a few companies (non 'security') that scan for unprotected computers. When I bother checking my logs it is suprising how many scans, etc. came from what looked to me like the chinese inteligency agencies. Not that they are the only ones doing it, and every major inteligence agency in the world does the same.
I have no idea why you have brought up christian theological ideas on this thread. :S
Tobi correct me if I am wrong, because of all the people involved here ... You seem to have the most insight.
But this is the way an attacker would get something like a keylogger on to your system as well, Yes?
Which would give them access to every keystroke made by you ... Passwords,commands,bank number, email, all that private stuff? ... I am not trying to steer the topic of subject or anything, It's just that it fascinates that you can lose that much security by running one thing as root! (Granted it is a pretty important thing)
But this is the way an attacker would get something like a keylogger on to your system as well, Yes?
Which would give them access to every keystroke made by you ... Passwords,commands,bank number, email, all that private stuff?
That is only one way to get access to your system, but i would assume that it is the most used, except probably by spreading trojans.
i Have moved debian to ubuntu server, Thank you very much to all solutions. Thanks to comp_brad1136, austinium, repo, kevinbenko, xetaprime, TobiSGD, godoten and Hevithan.
I found the pengue(Tux)-Commander very good. gedit works as good
as ever(except spellcheck essential for my terrible English). No more
fuss of root or user login or not...etc! Fix the gedit plugins and gcc
install then I need no more great and proud bloated ones on my
computer in near future. Mean while I stick to the Debian-5 with my
single user mode trick. Not knowing what so not knowing what to
worry about. Ignorance was a bliss after all.(笑顔)
Thank you for your kind responses, "I hope all of you start to live long!"---godo
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.