Page 3 of 3 FirstFirst 123
Results 21 to 24 of 24

Thread: Require password to install anything onto system?

  1. #21
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Require password to install anything onto system?

    Quote Originally Posted by toolmania1 View Post
    Guess what google is written in?
    LOLCODE ?

    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  2. #22
    Join Date
    Sep 2007
    Location
    Oklahoma, USA
    Beans
    2,284
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: Require password to install anything onto system?

    Quote Originally Posted by toolmania1 View Post
    Ya, good point. If I am a troll, I am a troll. I realize I did not get the information so that people could check it out. I did not mean to cause any confusion. I did not want to open up my system again to find out. I honestly wasn't the user in front of the pc. When I got home, the PC was turned off. I stuck the Ubuntu CD in and installed from scratch. So, sorry, I don't have more info. I am going to mark this as closed. I don't want to offend anyone. You're right. Thanks everyone for your help. I will learn to make sure and have more information next time. Later!
    The simplest way to protect your system from such things is to create a second user for it, with a blank password, and if you have automatic login enabled, set it to log in as that second user. The second user will NOT have the ability to install anything, although it will be able to clobber its own home directory. Your home directory, however, will be safe, and if someone else does the same thing again and clobbers the restricted home directory you'll be able to clear it up easily without any damage to your own data or to the system. Then log out of your user id any time that you leave the system. Anyone else will only be able to get to the new user account.

    I'd guess that what happened was probably similar to something that happened to me a few weeks ago. I received an email purporting to be from a cousin, and opened it. There was nothing inside but a link, and against all security principles I clicked on it. When nothing happened immediately, I shut down the mail program and opened a browser -- and sure enough got a pop-up message that an automatic virus scan was running and had detected more than a hundred baddies on my system!

    Fortunately the mail program and browser were running in a virtual machine that was pretty well locked down, and some quick work with a couple of cleaning programs got rid of the offending single scareware package that had been installed by the fake message when I clicked on its link.

    These scareware programs are, for the most part, written in JavaScript to look as if they were actual programs, and their goal is to trick you into downloading still larger trojans and thus conscript your machine into a bot-net without your knowledge. However, their downloads are Windows executable files, and won't run at all under Linux unless you install them within Wine -- and so far as I can tell they are not smart enough to do so themselves. Thus even though you were told that something had been installed, the odds are good that nothing really had been.

    Still, your immediate re-install was probably the best thing you could do at the time anyway. I hope you didn't lose any important date from it...
    --
    Jim Kyle in Oklahoma, USA
    Linux Counter #259718
    Howto mark thread: https://wiki.ubuntu.com/UnansweredPo.../SolvedThreads

  3. #23
    Join Date
    Nov 2010
    Beans
    183
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Require password to install anything onto system?

    No, I did not lose important data. I keep that backed up off line.



    You are right. The funniest thing the other user noticed was that it said we had windows viruses...lol. Uh, we're not on windows, lol. Ya, I have been studying a little bit about cross site scripting and things of that nature. That is why I reinstalled. I will look into this other user thing too. You may be onto something.

    Thanks!a



    Quote Originally Posted by JKyleOKC View Post
    The simplest way to protect your system from such things is to create a second user for it, with a blank password, and if you have automatic login enabled, set it to log in as that second user. The second user will NOT have the ability to install anything, although it will be able to clobber its own home directory. Your home directory, however, will be safe, and if someone else does the same thing again and clobbers the restricted home directory you'll be able to clear it up easily without any damage to your own data or to the system. Then log out of your user id any time that you leave the system. Anyone else will only be able to get to the new user account.

    I'd guess that what happened was probably similar to something that happened to me a few weeks ago. I received an email purporting to be from a cousin, and opened it. There was nothing inside but a link, and against all security principles I clicked on it. When nothing happened immediately, I shut down the mail program and opened a browser -- and sure enough got a pop-up message that an automatic virus scan was running and had detected more than a hundred baddies on my system!

    Fortunately the mail program and browser were running in a virtual machine that was pretty well locked down, and some quick work with a couple of cleaning programs got rid of the offending single scareware package that had been installed by the fake message when I clicked on its link.

    These scareware programs are, for the most part, written in JavaScript to look as if they were actual programs, and their goal is to trick you into downloading still larger trojans and thus conscript your machine into a bot-net without your knowledge. However, their downloads are Windows executable files, and won't run at all under Linux unless you install them within Wine -- and so far as I can tell they are not smart enough to do so themselves. Thus even though you were told that something had been installed, the odds are good that nothing really had been.

    Still, your immediate re-install was probably the best thing you could do at the time anyway. I hope you didn't lose any important date from it...
    Switching from Windows to Ubuntu one small step at a time

  4. #24
    Join Date
    Dec 2007
    Location
    The last place I look
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Require password to install anything onto system?

    Quote Originally Posted by toolmania1 View Post
    No, I did not lose important data. I keep that backed up off line.



    You are right. The funniest thing the other user noticed was that it said we had windows viruses...lol. Uh, we're not on windows, lol. Ya, I have been studying a little bit about cross site scripting and things of that nature. That is why I reinstalled. I will look into this other user thing too. You may be onto something.

    Thanks!a
    just remember, XSS/CSS is a web based attack used to attack a site or user of a site, not an attack on your host. there would be no need to rebuild your system after falling prey to xss, but changing the password on the web page account that was attacked would be a good place to start.
    Things are rarely just crazy enough to work, but they're frequently just crazy enough to fail hilariously.

Page 3 of 3 FirstFirst 123

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •