Re: Require password to install anything onto system?
Quote:
Originally Posted by
toolmania1
Guess what google is written in?
LOLCODE ?
http://lolcode.com/lib/tpl/minima/im...dium_green.jpg
Re: Require password to install anything onto system?
Quote:
Originally Posted by
toolmania1
Ya, good point. If I am a troll, I am a troll. I realize I did not get the information so that people could check it out. I did not mean to cause any confusion. I did not want to open up my system again to find out. I honestly wasn't the user in front of the pc. When I got home, the PC was turned off. I stuck the Ubuntu CD in and installed from scratch. So, sorry, I don't have more info. I am going to mark this as closed. I don't want to offend anyone. You're right. Thanks everyone for your help. I will learn to make sure and have more information next time. Later!
The simplest way to protect your system from such things is to create a second user for it, with a blank password, and if you have automatic login enabled, set it to log in as that second user. The second user will NOT have the ability to install anything, although it will be able to clobber its own home directory. Your home directory, however, will be safe, and if someone else does the same thing again and clobbers the restricted home directory you'll be able to clear it up easily without any damage to your own data or to the system. Then log out of your user id any time that you leave the system. Anyone else will only be able to get to the new user account.
I'd guess that what happened was probably similar to something that happened to me a few weeks ago. I received an email purporting to be from a cousin, and opened it. There was nothing inside but a link, and against all security principles I clicked on it. When nothing happened immediately, I shut down the mail program and opened a browser -- and sure enough got a pop-up message that an automatic virus scan was running and had detected more than a hundred baddies on my system!
Fortunately the mail program and browser were running in a virtual machine that was pretty well locked down, and some quick work with a couple of cleaning programs got rid of the offending single scareware package that had been installed by the fake message when I clicked on its link.
These scareware programs are, for the most part, written in JavaScript to look as if they were actual programs, and their goal is to trick you into downloading still larger trojans and thus conscript your machine into a bot-net without your knowledge. However, their downloads are Windows executable files, and won't run at all under Linux unless you install them within Wine -- and so far as I can tell they are not smart enough to do so themselves. Thus even though you were told that something had been installed, the odds are good that nothing really had been.
Still, your immediate re-install was probably the best thing you could do at the time anyway. I hope you didn't lose any important date from it...
Re: Require password to install anything onto system?
No, I did not lose important data. I keep that backed up off line.
You are right. The funniest thing the other user noticed was that it said we had windows viruses...lol. Uh, we're not on windows, lol. Ya, I have been studying a little bit about cross site scripting and things of that nature. That is why I reinstalled. I will look into this other user thing too. You may be onto something.
Thanks!a
Quote:
Originally Posted by
JKyleOKC
The simplest way to protect your system from such things is to create a second user for it, with a blank password, and if you have automatic login enabled, set it to log in as that second user. The second user will NOT have the ability to install anything, although it will be able to clobber its own home directory. Your home directory, however, will be safe, and if someone else does the same thing again and clobbers the restricted home directory you'll be able to clear it up easily without any damage to your own data or to the system. Then log out of your user id any time that you leave the system. Anyone else will only be able to get to the new user account.
I'd guess that what happened was probably similar to something that happened to me a few weeks ago. I received an email purporting to be from a cousin, and opened it. There was nothing inside but a link, and against all security principles I clicked on it. When nothing happened immediately, I shut down the mail program and opened a browser -- and sure enough got a pop-up message that an automatic virus scan was running and had detected more than a hundred baddies on my system!
Fortunately the mail program and browser were running in a virtual machine that was pretty well locked down, and some quick work with a couple of cleaning programs got rid of the offending single scareware package that had been installed by the fake message when I clicked on its link.
These scareware programs are, for the most part, written in JavaScript to look as if they were actual programs, and their goal is to trick you into downloading still larger trojans and thus conscript your machine into a bot-net without your knowledge. However, their downloads are Windows executable files, and won't run at all under Linux unless you install them within Wine -- and so far as I can tell they are not smart enough to do so themselves. Thus even though you were told that something had been installed, the odds are good that nothing really had been.
Still, your immediate re-install was probably the best thing you could do at the time anyway. I hope you didn't lose any important date from it...
Re: Require password to install anything onto system?
Quote:
Originally Posted by
toolmania1
No, I did not lose important data. I keep that backed up off line.
You are right. The funniest thing the other user noticed was that it said we had windows viruses...lol. Uh, we're not on windows, lol. Ya, I have been studying a little bit about cross site scripting and things of that nature. That is why I reinstalled. I will look into this other user thing too. You may be onto something.
Thanks!a
just remember, XSS/CSS is a web based attack used to attack a site or user of a site, not an attack on your host. there would be no need to rebuild your system after falling prey to xss, but changing the password on the web page account that was attacked would be a good place to start.