Quote:
Originally Posted by mihalisla
Hello ,
I 'm having a concern lately about security on my newly beloved system(I'm quite newbie).Suppose that i log in as a "user" not root and i visit several web pages.Can a virus ,worm or other that kind of source be installed on my system without my permissions?
|
sure, it's possible... but the attacker would need to have an exploit he could use on your system to gain root privilages... and before doing that, he'd need an exploit for your browser (unless he uses a regular dialog box and you click "yes" on your own)...
Quote:
I'm not reffering to the existing viruses but to the capability of someone doing such thing.
I know that "user" can only compile from src or tared files.So is my concern for real?
|
your concern is for real... but keep in mind that with a properly updated (and configured) installation, the risk of something like this happening is low... and if you harden your box with things like
grsecurity (for example) then the risk is even lower...
in summary, there's no such thing as a 100% secure installation... at best you basically just get to 99% and then keep adding numbers after the decimal point...
Quote:
ps Ialso read sth about package verification like md5*? what is this and how is it possible to setup?
|
there's no setup needed for md5sum... your distribution already provides the program, and you just need to run it to get it to work...
http://en.wikipedia.org/wiki/Md5sum
http://en.wikipedia.org/wiki/MD5
usage can be as simple as doing a:
Code:
md5sum name_of_file
keep in mind that MD5 only tells you the file integrity is fine (nothing changed during download, etc.) - it doesn't tell you if the file has a virus or anything like that... for that you would need a virus scanner, such as clamav:
http://www.clamav.net/