Facebook users targeted by Zeus banking Trojan
Summary
Users of the popular social network are being tricked into revealing their passwords and downloading a Trojan that steals financial data. Here's how...
Topics
On the heels of one fake Facebook e-mail scam, a researcher warned on Wednesday of another such campaign in which users of the popular social network are being tricked into revealing their passwords and downloading a Trojan that steals financial data.
In the latest scam being blasted to e-mail in-boxes, a legitimate-looking Facebook notice asks people to provide information to help the social network update its log-in system, said Fred Touchette, a senior security analyst at AppRiver. When the user clicks the "update" button in the e-mail, they are directed to a fake Facebook log-in screen where their user name is filled in and they are prompted to provide their password.
Here is a screen shot of the message in the body of the fake Facebook e-mail.(Credit: AppRiver)
When they give that information, victims are taken to a page that offers an "Update Tool," but that is actually the Zeus bank Trojan that is designed to steal financial and personal data, Touchette said. Users of smart phones that have the Facebook app installed can also easily be duped because the phishing e-mail appears as an actual Facebook notification complete with Facebook icon, he said.
For more, read "Bank Trojan botnet targets Facebook users" from CNET News.
Just In
various Stallman cultist and Job cultist will try to argue that either Linux or MacOSX are immune to this because of a so called superior BSD security model or something along this line.
The Trojan is a Windows Trojan.
You're sounding like a Gates cultist, lol
You can write a Trojan for any OS, but this is
Windows only. No OS is immune to Trojans, but
some are better than others. Windows is slowly
getting a proper security model, well, actually
it has one, but there is still a lot of software
that will not function properly under this
security model. This means that for people to
run the software they need (and we don't have
PCs to run Windows) they need to disable Windows
security.
Since other OSs like BSD/Linux etc have had a
proper security model (albeit an inferior one to
the one in Windows right now) since their
inception, all software works within said
security model, and they are therefore generally
safer than Windows.
Another reason that BSD/Linux etc are safer than
Windows is their small market share. Most Trojan
writers simply do not write Trojans for other
operating systems than Windows. This alone makes
Windows significantly less secure. Windows
market share is therefore a "problem".
Can you write a cross-OS Trojan? Generally no,
you can't.
Windows only. No OS is immune to Trojans, but
some are better than others. Windows is slowly
getting a proper security model, well, actually
it has one, but there is still a lot of software
that will not function properly under this
security model. This means that for people to
run the software they need (and we don't have
PCs to run Windows) they need to disable Windows
security.
Since other OSs like BSD/Linux etc have had a
proper security model (albeit an inferior one to
the one in Windows right now) since their
inception, all software works within said
security model, and they are therefore generally
safer than Windows.
Another reason that BSD/Linux etc are safer than
Windows is their small market share. Most Trojan
writers simply do not write Trojans for other
operating systems than Windows. This alone makes
Windows significantly less secure. Windows
market share is therefore a "problem".
Can you write a cross-OS Trojan? Generally no,
you can't.
"(albeit and inferior one to the one in Windows right now)"
I highly doubt that any Windows security model is superior than any GNU/Linux/BSD Distribution. Windows is full of more holes than a bar of swiss cheese. Most of which seem to be put there on purpose and pretty much completely obvious.
I highly doubt that any Windows security model is superior than any GNU/Linux/BSD Distribution. Windows is full of more holes than a bar of swiss cheese. Most of which seem to be put there on purpose and pretty much completely obvious.
...have to assume . What's the point of the article if after reading it, you have more questions than answers. Which to most average user just an answer to the question would've nullified the unnecessary verbiage..
FYI: Windows Only!
^o^
FYI: Windows Only!
^o^
Your wording is difficult to understand do you mean most not must? What unnecessary verbiage...? user or users?
the phraseology that important to YOU?
Have a nice day
^o^
Have a nice day
^o^
that users of smart phones with the facebook app should be aware too so it did leave it open that since this redirects you to a web based page asking you to log in confirming your facebook account login info that it could affect anything with a web browser. The trojan may be an exe which I read on the CNet site but the phishing page is a web page and can be accessed on any OS and browser which was the point of my comment.
... knock on your reading comprehension. Your assumption was absolutely correct.
My question is, why can't they put at the top of the article the affected platform(s). The reader shouldn't have to read the whole article to get a simple answer.
Have a nice day
^o^
My question is, why can't they put at the top of the article the affected platform(s). The reader shouldn't have to read the whole article to get a simple answer.
Have a nice day
^o^
Instead of having to click on links to other articles they should list affected platforms.
Just a philosophical thought...
Instead of encouraging users to remember which viruses target which platforms, they should be educated to identify the model / mode of transmission: An email asks you to download & run software on your computer.
Since the program does not execute on non-targeted platforms, those users should avoid downloading the virus for other less tangible reasons: eating bandwidth and other resources, wasting their time, etc.
So, identifying the platform in the article is a red herring. The assumption users do need to have is: "If an unsolicited email asks me to provide passwords & such or download software, it's probably a bad thing."
Instead of encouraging users to remember which viruses target which platforms, they should be educated to identify the model / mode of transmission: An email asks you to download & run software on your computer.
Since the program does not execute on non-targeted platforms, those users should avoid downloading the virus for other less tangible reasons: eating bandwidth and other resources, wasting their time, etc.
So, identifying the platform in the article is a red herring. The assumption users do need to have is: "If an unsolicited email asks me to provide passwords & such or download software, it's probably a bad thing."
'"If an unsolicited email asks me to provide passwords & such or
download software, it's probably a bad thing."'
Yup, that's pretty much all that needs to be said.
And yes, never download ANYTHING you are not 100% sure of either;
a)what it is or, b) where it came from.
If you're unsure, but think it's something you might want to D/L or an
online app you want to use then I suggest you open a new browser
window and do a little homework about what exactly is involved with
this thing whatever it may be.
+[=TiM=]+
ARE WE NOT DRAWN ONWARD, WE FEW, DRAWN ONWARD TO NEW
ERA?
download software, it's probably a bad thing."'
Yup, that's pretty much all that needs to be said.
And yes, never download ANYTHING you are not 100% sure of either;
a)what it is or, b) where it came from.
If you're unsure, but think it's something you might want to D/L or an
online app you want to use then I suggest you open a new browser
window and do a little homework about what exactly is involved with
this thing whatever it may be.
+[=TiM=]+
ARE WE NOT DRAWN ONWARD, WE FEW, DRAWN ONWARD TO NEW
ERA?
Yes I totally agree.
if one gets a file sent to them that an EXEictution file (filename).exe then you should always read the "README.TXT or READ.ME file that accompanys it
if as applicable with this one has nto got a readme.txt or read.me file then it's as was said by public@ a bad thing and warning bells should be alerted to anyone you know who might get it
if one gets a file sent to them that an EXEictution file (filename).exe then you should always read the "README.TXT or READ.ME file that accompanys it
if as applicable with this one has nto got a readme.txt or read.me file then it's as was said by public@ a bad thing and warning bells should be alerted to anyone you know who might get it
No wonder the nature of first talkback posted, the M$ shill can do nothing but play defense.
And you ain't seen nothin yet, as win7 market share grows so will the new generation of malware that target the new vulnerabilities introduced with win7.
And you ain't seen nothin yet, as win7 market share grows so will the new generation of malware that target the new vulnerabilities introduced with win7.
What would you say if this phishing executable was written to run under a flavor of Linux or MacOS? Just because it was written for Windows doesn't mean Windows security is bad. Focusing blame based on the fact this was written as a Windows Executable is like saying Guns kill people. People Kill People and a person wrote this as a Windows EXE. Maybe their app writing/programming skills suck and they cannot write for another OS. Ever think of that?
One thing is getting the user to download malware and another very different one is getting it to run malware.
You see, in windows it is enough to have a .exe extension to make it executable but in Linux you need to set permissions first.
Linux is a whole different ball game.
You see, in windows it is enough to have a .exe extension to make it executable but in Linux you need to set permissions first.
Linux is a whole different ball game.
Most exe's need Admin Privileges to run too. In XP most people set their accounts as Admins which definitely is a problem but if they are set as "User" accounts then it will most likely not run automatically. In Vista and Win7 UAC would prompt (provided it is not turned off) and if they click ok blindly to let it run the same would happen in any OS if you give the executable to run. Also It remains to be seen if the security software suites have a detection method for this botnet if they do it may detect it as soon as the file is downloaded and stop it. So once again security measures are in place to help prevent situations such as this and all you continue to prove is that user interaction is the key to most infections and the OS is irrelevent.
In windows it prompts the user to give permission to run, something most users automatically/blindingly respond YES.
And it's done, infection accomplished.
In Linux it does absolutely nothing, not even present the user with a prompt.
Nothing, Nada...
The moment malware enters a Linux machine it is DEAD... DEAD DEAD DEAD!!!
And it's done, infection accomplished.
In Linux it does absolutely nothing, not even present the user with a prompt.
Nothing, Nada...
The moment malware enters a Linux machine it is DEAD... DEAD DEAD DEAD!!!
The trojan horse that come with email message but there several other I got on my mail server that are just links which doesn't matter which operating system you are running, which looks the Facebook registration page with a few added fields.
These thieves don't really care which operating system you are running as long they get your personal information or your money. If they get control of your system then they are more happy since they can get your data stored in your system and send that information in your stead from your system.
These thieves don't really care which operating system you are running as long they get your personal information or your money. If they get control of your system then they are more happy since they can get your data stored in your system and send that information in your stead from your system.
other systems with a relaxed security model. They don't stand a chance with Linux.
Now browser exploits... that's a whole different matter, those are platform agnostic in some sense.
Now browser exploits... that's a whole different matter, those are platform agnostic in some sense.
More and more Linux distros are adding ACL support to their filesystems since the traditional UGO system is notoriously inflexible. Windows has used ACLs since 1993. So while you trot out the "relaxed security model" time after time, keep in mind that Linux is moving towards the Windows model, not away from it. 
You are kind of right about Linux being immune to trojans though. Servers are immune to trojans since there is no one available at the keyboard to use them. Since nearly no one uses Linux on the desktop, 99% of all Linux deployments are immune to trojans.
You are kind of right about Linux being immune to trojans though. Servers are immune to trojans since there is no one available at the keyboard to use them. Since nearly no one uses Linux on the desktop, 99% of all Linux deployments are immune to trojans.
to me that looks like a pretty relaxed attitude.
If well implemented ACL can be more flexible and richer than UGO but to achieve that you need a different attitude.
If well implemented ACL can be more flexible and richer than UGO but to achieve that you need a different attitude.
And yet a .exe extension is all it takes to make it executable...
Remove the Read and Execute permission from a file with a .exe extension and then try to run it. So no, you are totally wrong. But keep writing. Please. Every time you do, you expose your ignorance about both Windows and Linux and give me yet another opportunity to highlight your ignorance for the entire community.
Remove the Read and Execute permission from a file with a .exe extension and then try to run it. So no, you are totally wrong. But keep writing. Please. Every time you do, you expose your ignorance about both Windows and Linux and give me yet another opportunity to highlight your ignorance for the entire community.
In windows You HAVE TO REMOVE the executable permission because it is the default while in Linux you have to enable it.
But when should the poor windows user remove the permission? After accidentally running the virus or before?
That says a lot about security relaxation.
But when should the poor windows user remove the permission? After accidentally running the virus or before?
That says a lot about security relaxation.
Admit it, you were wrong when you said that with Windows, all you needed was the .EXE extension. You wrote that and you were WRONG. You need permission to execute the file, just like with Linux.
And we've been through the default thing before. By default, files untar with whatever permissions they were tarred with. If the bad guy set the execute bit before tarring, it will be untarred with the execute bit set by default. Now, if you want to hope that the bad guys are as ignorant about Linux as you are, that is your prerogative. It makes you look like an idiot though.
I won't even bring up the fact that executables aren't even the only threat to a system. Trojans could just as easily be sent as a package which aren't "executed" and therefore don't require an execute bit to be set before they totally PWN your system. But, being a Linux expert, you knew that, right?
And we've been through the default thing before. By default, files untar with whatever permissions they were tarred with. If the bad guy set the execute bit before tarring, it will be untarred with the execute bit set by default. Now, if you want to hope that the bad guys are as ignorant about Linux as you are, that is your prerogative. It makes you look like an idiot though.
I won't even bring up the fact that executables aren't even the only threat to a system. Trojans could just as easily be sent as a package which aren't "executed" and therefore don't require an execute bit to be set before they totally PWN your system. But, being a Linux expert, you knew that, right?
To you, accidentally clicking on a file is as easy as extracting form a tar file, explicitly search for the directory where it uncompressed, navigate to it and then willingly run a file in there. All those steps you say are so complicated that they make Linux unsuable are as easy as clicking a file inan email message.
you just won't give up.
you just won't give up.
Modern window managers make that sort of thing very easy to do. Pardon me, I didn't realize that you were totally ignorant about the state of Linux today. Carry on then!
That scenario is only possible in windows where users routinely log on as administrators.
More than possible it is a very common scenario, in fact it is the rule in the windows world.
More than possible it is a very common scenario, in fact it is the rule in the windows world.
in fact it is the rule in the windows world.
You constantly prove that you have absolutely no facts to back you up!
A windows user can choose to run with administrator privileges but so can a Linux user. That crashing sound you just heard? Your argument crashing to the floor.
You constantly prove that you have absolutely no facts to back you up!
A windows user can choose to run with administrator privileges but so can a Linux user. That crashing sound you just heard? Your argument crashing to the floor.
I tried that and it won't let me. No Sir, no way, Ubuntu just won't let me no matter how hard I try and I tried real hard. You must be applying your secret sauce to soften it a little and make it bend to your will.
This is getting ridiculous...
This is getting ridiculous...
Is English your primary language? Do you understand the meanings of the words you use?
It may well be true that many Windows users make a habit of following poor security practices, but that doesn't mean Windows itself is at fault. That's like saying many Chevy drivers follow dangerous driving practices, therefore Chevys are dangerous cars to drive.
All your exaggerated claims seemed to be centered around the idea that Windows users follow bad security practices and blindly click "allow" when presented with UAC prompts, and therefore, Windows is the only OS that can possbily be infected with malware. Meanwhile, you claim that Linux is 100% immune to malware because Linux may require one or two extra steps before the same dumb user would be able to infect his computer with malware.
I guess that kind of logic makes sense in Linux Land, but in the real world, it just doesn't work. If you give a clueless user a computer, and present them with an official looking message on screen that tells them the steps they need to take to "correct a problem," or "remove a virus," they will do as they are told and they will infect their computer. There is nothing in Linux that makes it 100% immune to a dumb user who doesn't know he is doing something wrong.
Rick
It may well be true that many Windows users make a habit of following poor security practices, but that doesn't mean Windows itself is at fault. That's like saying many Chevy drivers follow dangerous driving practices, therefore Chevys are dangerous cars to drive.
All your exaggerated claims seemed to be centered around the idea that Windows users follow bad security practices and blindly click "allow" when presented with UAC prompts, and therefore, Windows is the only OS that can possbily be infected with malware. Meanwhile, you claim that Linux is 100% immune to malware because Linux may require one or two extra steps before the same dumb user would be able to infect his computer with malware.
I guess that kind of logic makes sense in Linux Land, but in the real world, it just doesn't work. If you give a clueless user a computer, and present them with an official looking message on screen that tells them the steps they need to take to "correct a problem," or "remove a virus," they will do as they are told and they will infect their computer. There is nothing in Linux that makes it 100% immune to a dumb user who doesn't know he is doing something wrong.
Rick
You must teach me how to run a full session as root in Ubuntu cause...
Look into sudo.conf if you want more information. Like I said, I didn't realize that you knew nothing about Linux. Read a book, you might not look like such an idiot afterward.
PS Even with XP, few ran as the administrator account so if you want to complain that the above isn't the same as running AS root, I'll remind you that nearly no one ran AS Administrator with Windows. I'll also remind you that most of the other distros will very happily let you run as root. Ubuntu is configured differently but the end result is that running with root privileges in Ubuntu is extremely easy.
Look into sudo.conf if you want more information. Like I said, I didn't realize that you knew nothing about Linux. Read a book, you might not look like such an idiot afterward.
PS Even with XP, few ran as the administrator account so if you want to complain that the above isn't the same as running AS root, I'll remind you that nearly no one ran AS Administrator with Windows. I'll also remind you that most of the other distros will very happily let you run as root. Ubuntu is configured differently but the end result is that running with root privileges in Ubuntu is extremely easy.
sudo su root
Well sorry to disappoint you but even that does not qualify as a full root session as you have to start it from inside a regular user session.
P.S. I have little hope you understand the command above but I leave it there anyway, it may prove a good subject for you to investigate.
Well sorry to disappoint you but even that does not qualify as a full root session as you have to start it from inside a regular user session.
P.S. I have little hope you understand the command above but I leave it there anyway, it may prove a good subject for you to investigate.
Not a single modern Linux distro allows that
"Ubuntu is configured differently but the end result is that running with root privileges in Ubuntu is extremely easy."
"Ubuntu is configured differently but the end result is that running with root privileges in Ubuntu is extremely easy."
the first thing he would understand is the Windows native .exe extension cannot be run in Linux unless you emulate it using Wine.
Any executable in Linux has to have either one of two headers in it, ELF or A.Out. Without the header, it would not execute and is merely a shell full of useless code. Programs downloaded outside the package repository would typically be compressed in a .tgz file which would then have to be unzipped to the desktop and run through a series of commands through the terminal.
Hence these executable trojans would have no effect in Linux, but it would be an advantage for certain Linux users to pass along this trojan to trolls like the zealot who shoot their mouths off about things they know nothing about.
Any executable in Linux has to have either one of two headers in it, ELF or A.Out. Without the header, it would not execute and is merely a shell full of useless code. Programs downloaded outside the package repository would typically be compressed in a .tgz file which would then have to be unzipped to the desktop and run through a series of commands through the terminal.
Hence these executable trojans would have no effect in Linux, but it would be an advantage for certain Linux users to pass along this trojan to trolls like the zealot who shoot their mouths off about things they know nothing about.
Well in the first 15 responses no one made the blindingly obvious point that this really has nothing, ya that's right nothing, to do with Windows security. This Trojan would have worked equally well on BSD/Linux systems if it were written for them. It only works because of social engineering - it PEBKAC not MS morons. Hell if they wrote it for the Mac it would be even more successful on a percentage basis as Macs are designed for the truly clueless - that's their appeal you don't have to be computer literate to use one.
Or are you talking out your you know what...
~
This Trojan would have worked equally well on BSD/Linux systems if it were written for them. It only works because of social engineering - it PEBKAC not MS morons.
Please cite where Linux is affected by this, before you sound pathetic too.
~
This Trojan would have worked equally well on BSD/Linux systems if it were written for them. It only works because of social engineering - it PEBKAC not MS morons.
Please cite where Linux is affected by this, before you sound pathetic too.
"Well in the first 15 responses no one made the blindingly obvious point that this really has nothing, ya that's right nothing, to do with Windows security"
The reason why these things exist is because there is no security between the browser and OS in Windows.So, yes they do exist because of Windows.
"Hell if they wrote it for the Mac it would be even more successful on a percentage basis as Macs are designed for the truly clueless - that's their appeal you don't have to be computer literate to use one."
I'm sorry but Windows was designed for the computer illiterate and that is why it has done so well in the market, and also why it has so many security flaws. Any Mac,GNU/Linux or BSD Distribution would simply have to clear their browser cache to get rid of anything that could remotely infect it through the browser. The reason why there are so many of these attacks is because there is no security model between the API(Application Program Interface) used in Windows and the programs that run on top of it.
The reason why these things exist is because there is no security between the browser and OS in Windows.So, yes they do exist because of Windows.
"Hell if they wrote it for the Mac it would be even more successful on a percentage basis as Macs are designed for the truly clueless - that's their appeal you don't have to be computer literate to use one."
I'm sorry but Windows was designed for the computer illiterate and that is why it has done so well in the market, and also why it has so many security flaws. Any Mac,GNU/Linux or BSD Distribution would simply have to clear their browser cache to get rid of anything that could remotely infect it through the browser. The reason why there are so many of these attacks is because there is no security model between the API(Application Program Interface) used in Windows and the programs that run on top of it.
The article describes a standard phishing attack, sent via email, that immitates Facebook instead of a bank or other institution. Many phishing attacks also install trojans, using user technology ignorance to accomplish the install. This is not a new tactic, and I'm not sure why ZDNet has published this article, other than the institution name that is being exploited in the attack.
And yet you go off on a foaming-at-the-mouth rant about Windows and new generations of malware and all the vulnerabilities of win7...
Thank you for demonstrating that not all FUD comes out of Redmond, and not all Mentalists have the ability to make logical arguments.
Your rant has not added to these boards, nor increased my knowledge of the situation.
Perhaps in the future, you would generate more useful discussion by making logical arguments pertinent to the topic being discussed.
Thank you.
And yet you go off on a foaming-at-the-mouth rant about Windows and new generations of malware and all the vulnerabilities of win7...
Thank you for demonstrating that not all FUD comes out of Redmond, and not all Mentalists have the ability to make logical arguments.
Your rant has not added to these boards, nor increased my knowledge of the situation.
Perhaps in the future, you would generate more useful discussion by making logical arguments pertinent to the topic being discussed.
Thank you.
to accomplish the install.
In windows having a .exe extension is enough to make it executable but in Linux you have to set the necessary permissions.
In summary, it exploits a relaxed security model not ignorance. User ignorance is only responsible for them choosing the wrong OS.
In windows having a .exe extension is enough to make it executable but in Linux you have to set the necessary permissions.
In summary, it exploits a relaxed security model not ignorance. User ignorance is only responsible for them choosing the wrong OS.
According to the article, a user has to be dumb enough to follow the links and download a program and allow it to run in order for the trojan to do any harm.
I could see blaming Windows security if this was something where you could be sitting there, minding your own business, and all of a sudden this malware sneaks into your system without you doing anything. But that is clearly not the case here. The user clearly has to take multiple actions and allow a program to run on their computer in order to become infected. User stupidity is not a problem that is unique to Windows.
Maybe you could blame this on Windows' popularity. Obviously the bad guys focus their efforts on developing malware for the most popular systems. If a different OS were more popular than Windows, the bad guys would be developing for that OS, instead of Windows. And stupid users would still be downloading and running the programs and getting their systems infected.
Perhaps The Mentalist needs to learn how to use his/her "mental powers" to think about what he or she is saying, instead of spouting off like a brain-dead moron.
Rick
I could see blaming Windows security if this was something where you could be sitting there, minding your own business, and all of a sudden this malware sneaks into your system without you doing anything. But that is clearly not the case here. The user clearly has to take multiple actions and allow a program to run on their computer in order to become infected. User stupidity is not a problem that is unique to Windows.
Maybe you could blame this on Windows' popularity. Obviously the bad guys focus their efforts on developing malware for the most popular systems. If a different OS were more popular than Windows, the bad guys would be developing for that OS, instead of Windows. And stupid users would still be downloading and running the programs and getting their systems infected.
Perhaps The Mentalist needs to learn how to use his/her "mental powers" to think about what he or she is saying, instead of spouting off like a brain-dead moron.
Rick
This is actually incorrect. There is nothing
really bad about Windows security. In fact, the
Windows security model is a significant
improvement on the traditional Unix security
model, and also its newer variations as found in
BSD/Linux etc.
Problem is, there are too many ret@rded Windows
developers out there, and they write cr@ppy
software that forces the user to circumvent the
security model. That is not the fault of
Microsoft.
Saying that Windows has a bad security model as
such as pure ignorance though.
really bad about Windows security. In fact, the
Windows security model is a significant
improvement on the traditional Unix security
model, and also its newer variations as found in
BSD/Linux etc.
Problem is, there are too many ret@rded Windows
developers out there, and they write cr@ppy
software that forces the user to circumvent the
security model. That is not the fault of
Microsoft.
Saying that Windows has a bad security model as
such as pure ignorance though.
So you claim that the windows relaxed security model is not to blame for this huh?
Having a .exe file automatically executable is a sane practice in your opinion huh?
The obligation to set executable permissions in Linux contributes nothing to its rock solid security huh?
YOU KNOW NOTHING ABOUT SECURITY!!!
Having a .exe file automatically executable is a sane practice in your opinion huh?
The obligation to set executable permissions in Linux contributes nothing to its rock solid security huh?
YOU KNOW NOTHING ABOUT SECURITY!!!
So you are saying that in Linux, a user cannot, under any circumstance, download a program and run/install it on his computer?
I'll admit my experience with Linux is rather limited, but I seem to remember downloading some software to play MP3s in Linux. I remember just downloading something and running it to install the program. I remember it asking me to enter my admin password to allow the program to run, but I don't remember having to do anything more complex than that.
If what you say is true, then that would explain why virtually no one wants to use Linux. If users can't easily install applications they want to use on their computers, they would not be happy.
Rick
I'll admit my experience with Linux is rather limited, but I seem to remember downloading some software to play MP3s in Linux. I remember just downloading something and running it to install the program. I remember it asking me to enter my admin password to allow the program to run, but I don't remember having to do anything more complex than that.
If what you say is true, then that would explain why virtually no one wants to use Linux. If users can't easily install applications they want to use on their computers, they would not be happy.
Rick
You cannot run a program accidentally ant then automatically/blindingly respond YES to a security prompt.
Only after setting permissions the necessary permissions can that happen.
There's nothing malware can do to fool the user, nothing. Trojan malware does not stand a chance in Linux.
The other case you mention is the installation of a distro specific package (.deb in Ubuntu, .rpm, etc) Those packages belong to the system and the reason it was installed without warnings is because the system could verify its origin and decided it came from a trusted source.
Had it come from an unreliable source and it would have warned you. Of course if the package was malware and you decided to install it despite the warning then you would have an infected system but only because you wanted to and... it's your machine after all, you can do with it whatever you want.
Only after setting permissions the necessary permissions can that happen.
There's nothing malware can do to fool the user, nothing. Trojan malware does not stand a chance in Linux.
The other case you mention is the installation of a distro specific package (.deb in Ubuntu, .rpm, etc) Those packages belong to the system and the reason it was installed without warnings is because the system could verify its origin and decided it came from a trusted source.
Had it come from an unreliable source and it would have warned you. Of course if the package was malware and you decided to install it despite the warning then you would have an infected system but only because you wanted to and... it's your machine after all, you can do with it whatever you want.
couldn't blindly download the executable set the permissions thinking he/she needs this program and then run it? Sounds the same to me just an extra step that is all.
When files are untarred, they are untarred with the same bits that they were tarred with. If a bad guy tarred his executable with the execute bit set, it will be untarred with the execute bit set and there is no need to manually do anything in order to run that file.
Every time MentalIdiot posts, it is clear he knows little about Linux and even less about Windows.
Every time MentalIdiot posts, it is clear he knows little about Linux and even less about Windows.
of what it really is.
That will never happen if you need to set permissions first.
That will never happen if you need to set permissions first.
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Facebook Activity
