Sorry, I worded that wrong... The only time that i ever login to the system is when something is wrong/do updates/admin stuff. Which is very rare. I only login to the servers for administrative purposes thats what I was getting at sorry.

Let's skip theory and get to real life examples. We all know about the "rm -rf" command, but what about malicious attacks from the outside?

Say you are surfing the internet with Firefox, and there is a zero-day security hole that you don't know about. If a website exploits that hole, but you are running as regular user, then nothing will happen because regular users cannot modify binaries. If you are running as root, the entire system is compromised.
(If you use the closed source 'Adobe Flash Plugin', your odds of being cracked as root are greatly increased, because security holes would likely be left open for months or years.)

Another example, someone posted a very cool document on the internet that you want to read. Unfortunately, you may not know of the recent security hole in Open Office. You download the file immediately and open it, but all you see is a smiley face. If you're running as regular user, you close the file and delete it.
If you're running as root, you close the file and delete it... but unknown to you, your computer is now a drone for spam or ddos attacks.

I can see the point you are trying to make, but "nothing will happen" is extremely far-fetched, bordering on naive. The amount of things that could happen should be a concern to any surfer. From identity theft, to launching a local root exploit, to stealing copies of all your documents, and everything in between, there's TONS of stuff that can happen. The same applies to your OpenOffice.org example - plus you don't need to be root to send SPAM or participate in a DDoS. Running as root only for administrative purposes is a great habit (and I highly encourage it), but it doesn't make you invulnerable. Use common sense, and take as many precautions as possible.

win32sux, you make valid points, and they are all true. You neglect to mention though, that if you did become infected as a regular user, that it can be cleaned by easily recreating that user. Which would seem to be better solution than a complete system reinstall. (Not to mention, if there are any other users on the system, all of their files are still safe.)

Because of the many configurations and distributions of Linux, falling victim to a remote user exploit AND a local root exploit is so highly unlikely that for all practical purposes it doesn't exist. Only institutions need that level of security.

So what if they get into your local account and want to steal your identity? What are the necessary requirements to complete this task?
1) They must exploit you some how. The difficultly of this alone is very underestimated, especially in the OSS world.
2) You actually have to store info about your identity, in an unencrypted (or low encryption) format. How many people do this? I'm sure a few people do.
3a) They actually have to FIND the few select file(s) that have that info. If you have a file named "MyCreditCards.txt", then that's not good (unless it's a decoy ).
3b) If you don't have any files like "MyCreditCards.txt", then they would have to do some sort of regex search through your files. They must search your files slowly, and depending on how many files you have, it could take days or weeks. If they search your files quickly, it will consume your pc resources and cause you to become suspicious, potentially leading you to discover the attack.
4) You have to stay connected to the internet. Which I'm sure most people do.


Break any of those four items and you are not at risk of identity theft. Item number 3 could potentially be found out by the rootkit detection software. I don't know for sure, I've only used it briefly before.


PS.
You don't need to advocate using root for administrative purposes. It's practically impossible any other way. Personally, I open a root terminal everytime I log on and leave it there 24/7. I have it because I often mess with apt or fstab or some system file. For everything else, I use a regular user.

Sure, but by then the damage is already done. What we want is for things to not get to this point in the first place - prevention. It's much harder to prevent this sort of thing if we think we are invulnerable to it. Also, keep in mind that I'm not necessarily referring to "infections". It's really up to the attacker, perhaps all he wanted was to steal a photograph or to look at your instant messenger's log files. Like I said, there's TONS of stuff that could happen without root.

Yes, I agree that other accounts should be fine if it was a non-root exploit. It just seems to be sort of beside the point, IMHO. A writer has a draft of her new book stolen but the admin tells her "Hey, it's okay! The documents on the other people's accounts are safe! And I don't need to reinstall the OS!" See my point?

If you are referring to browsers, I do admit it's not an attack combo we've heard a lot of in the wild. But that doesn't in any way mean it hasn't happened, or worse yet, that it can't happen. Regardless, when I was addressing the "nothing will happen" part in your post, I wasn't necessarily talking about launching local root exploits. That is just one of the great assortment of things which can be done by an attacker who manages to execute arbitrary code on your user account.

Ummm, OK.

I hope you aren't setting a straw man up for me. I mentioned identity theft merely as one of the many possiblities of things that can happen to a user when attacked with a non-root exploit. This is in direct response to your extremely dangerous "nothing will happen" comment. As for your requirements: You don't necessarily need access to the local filesystem to do this. To get a better idea of the possibilities, I would suggest you have a look at the vast array of security vulnerabilities Firefox has suffered, because tons of them are apt for identity theft attacks, while not requiring any access to the local filesystem.

At this point, I'm gonna have to ask you to please refrain from posting misinformation here.

Very good point, win32sux. Many of the identity thieves I've heard about are on the other side of the globe. As I mentioned recently in another thread, what a person does from within a web browser is not protected by their local OS and most, if not all, Firefox vulnerabilities affect all platforms. That's why I encourage people to be careful and on their guard while online because once they send those packets that information is in cyberspace. Even if you're invincible, is the recipient of your packets and every other machine the packets have passed through?
This would imply the website running code on your machine. If running as a user the code will execute with the same permissions that the the user has. If the user has permission to read and copy files in /etc or /var then so does that code. If the code simply wants to hijack your browser or send spam from your email client what's to stop it? Modifying binaries implies an infection of some kind. I've seen many users who install programs such as Firefox and Thunderbird in their home directories.
Add AdBlock Plus and NoScript to Firefox.
I'm still looking for the "real life" examples. Without statistics or documented cases these are still only theoretical.

A bug in a program, however small, unintended or not, may sometimes allow arbitary code execution with the user privileges that the original program was executed. That basically means that if you're running some program as root (with the highest user privileges available), somebody's mistake may let somebody else easily do whatever wanted. Permissions can restrict a breaker to get hands on important data that's "stored away", but for a root-privileged breaker this doesn't mean a thing. A good example of this kind of problem in an Unix-like operating system is the new iPhone; in one of the models tested where Safari was run with high privileges (on mobile devices it's not uncommon that the user has unlimited privileges, nothing restricted) it was found out that it was possible, and not even too difficult, to have the phone send all kinds of things over the wireless network without giving the user a hint. That's pretty bad if you think that some people store a lot of important data on their cellphones, not to mention on an i-whatever-like product which is a small computer. The first step in security should always be to restrict access to things that aren't needed; it's also the easiest method to grow security (simply not allow doing everything just like that). Windows used to work with the "do everything that isn't specifically forbidden" attitude, hopefully shouldn't anymore; Unix way is "do nothing you're not explicitly allowed". Results should be clear. Since there is no special need to always have root privileges, why should you then? You can work just as well as a regular user. Configure once, enjoy always -- not enjoy once, configure always (means that you take some time to configure things so they run without needing to become root all the time rather than just use root account all the time).

Shortly said, not using root account means less privileges means a breakage causes less potential trouble. Nothing's bullet-proof, but why would you put a "Welcome, crackers!" sign at your login prompt?

a few points on identity theft.

post 20 has already established that a normal user using a normal browser can have browser exploits that I infer can lead to identity theft....such as phishing and various problems with certificate sites. We are supposed to trust a certificate site saying that some company /organization is kosher so I may feel inclined to commit transactions on the net with that assurance.

In other words, run as root, because you may be just as easily be screwed out of money as a user.

I do not deny that black hats may want to make my machine a zombie but there are a lot who only care about money.

It would seem the proverb? may still have merit.

It is the enemy you do not see who will get you or beware the enemy in the sun.

That's a recipe for disaster, and I find it hard to believe you are actually giving this type of advice here. Hopefully you are being sarcastic or something like that. I can tell you that my point was that plenty of security damage can be incurred whether or not you are root. This is something that many people need to be reminded of, because they are holding on to a false notion that because they are running Firefox (or whatever) as a non-root user nothing bad can happen to them.

The fact that identity theft can occur whether or not you are running as root doesn't change the fact that by not running as root you are drastically reducing your risk in other areas. And reducing risk is fundamental to increasing security.

Putting id theft and user error aside, I think an important point to mention is that users have limited access outside their own home directories. Sensitive files in /etc and /var/log (/etc/shadow, /var/log/syslog) have strict permissions that don't allow a user to view or copy them. Also, users cannot fully use programs in /sbin and /usr/sbin. For example, a user can run /sbin/ifconfig to display interface information but cannot change addresses. That's why I don't allow my user accounts to mount/umount my devices. If someone did gain access to my user account I wouldn't want them to be able to create new users, change my network settings, unmount my disks or mess with lilo.

well I thought I already recommended not running as root so I was being mischievious. I wanted to get this debate onto the OP question. I thought we had a bit of drift earlier.

Login as Root and look at all the file permissions under /
Login as User and look at all the file permissions under /

Any questions?

For me personally, it would already be the overkill if someone gained access to my /home. If /etc or /bin or /usr was destroyed, that would cost me no more than 15 minutes of my time to fix everything but my /home contains the real sensitive data (pictures of my family, digitalized bills/documents, accounting etc.).

Having said that, because of the general lack of linux malware, I don't see a very high risk in being default root, at least not for outside attacks. The risk of self-made mistakes is imho much higher, so not being default root mainly protects me from myself. Personally I put much more effort in protecting the data in my /home folder.

That's for personal home desktop of course, I do realize that the priorities and risks of servers or commercial desktops are different. On a home desktop however I want a certain amount of convenience, which is directly inverse proportional to security and if this meant being default root (which it does not) I would do it without worries because, in my personal opinion, the risk is not very high.

almatic

I think you hit the main issue right there. The OP was probably thinking it was inconvenient to use su or sudo commands when "he" can stay logged in as root.

And you are saying you have weighed up the inconvenience of security.

IMHO all security has to have a price of inconvenience....time to read info, config tools.

But if you look at your main concern, to you, losing personal data would be inconvenient.

So you may want to burn your stuff to cdr?

Or, consider that the long term benefit of securing your box is worth the short term inconvenience of having some min security tools.

I am not a security expert....far from it....but the min would be to turn off all un-necessary services....eg ssh......checking with internal and external scans your firewall....running rootkit hunter...as IMHO if someone intrudes they nearly always install a kit.

cheerio

Personally, I don't keep much in my /home. I store most of my personal files on flash disks. In fact, my user's directory in /home is a 1GB flash disk often backed up on CD-RW.

Security and convenience do have a give/take relationship - you have to give some of one to get more of the other. We each have our own reasons for how much security/convenience we choose.

This is probably the most important step in security. Take the time to read what the threats are, how they gain access to systems, what they do once they're in and how to protect yourself from them. Keep up to date with information about new threats including online ones. Don't ignore Windows-targeting threats and viruses just because you don't use Windows. You can still send infected files or emails to Windows users. With the knowledge you can make educated decisions in your personal security and also give useful advice to others.

When it comes to security I'm always reminded of one of my favorite quotes. I had to Google a bit to find the correct wording.
"A wise man knows he knows nothing, the fool thinks he knows all.
-- Socrates"