• kittenzrulz123
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 months ago

    Thats why on Linux you need to run the sudo command and type the root password (or user password) to install something. I get this isn’t Linux but its a serious security vulnerability that someone could run a super user level command by clicking yes on a confirmation box that pops up so often that nobody thinks twice.

    • cley_faye@lemmy.world
      link
      fedilink
      English
      arrow-up
      21
      ·
      2 months ago

      The goal is not always to “take control” of the whole system. A cryptolocker that makes all your files unreadable will happily run in user space.

      Also, you’re forgetting that windows also have UAC, and that people will happily type the admin password of their device when asked to, because they’ve been conditioned to not care by badly made stuff. And, while win+r is unlikely to work in most Linux DE I know about, triggering a visual prompt that ask for your password is also a thing.

      There is not much difference between common Linux distro and windows as far as seizing user files with malware is concerned, aside from the fact that no website will care to try telling you “press alt+space” instead of “win+r”.

    • Honytawk@lemmy.zip
      link
      fedilink
      English
      arrow-up
      16
      ·
      edit-2
      2 months ago

      If Linux was more popular, you would definitely see a Linux variant of this doing the exact same thing.

    • brucethemoose@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      2 months ago

      The behavior is configurable just like it is on linux, UAC can be set to require a password every time.

      But I think its not set this way by default because many users don’t remember their passwords, lol. You think I’m kidding, you should meet my family…

      Also, scripts can do plenty without elevation, on linux or Windows.

      • kittenzrulz123
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 months ago

        It should be default, its a good security practice and not every app needs super user permissions.

    • dch82@lemmy.zip
      link
      fedilink
      English
      arrow-up
      6
      ·
      2 months ago

      But something like this can still erase everything stored in your home folder or launch further exploits to gain root or something.

      • kittenzrulz123
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 months ago

        Its a lot harder and can do significantly less damage if it doesnt have root privileges, its like how putting a lock on the door to your house wont stop thieves but its better then not having one.

        • dch82@lemmy.zip
          link
          fedilink
          English
          arrow-up
          8
          ·
          2 months ago

          Bruh, let’s say an attacker deleted all of my important documents, say book drafts, and assume I don’t have a backup.

          Now my progress has been set back six months and the publisher is angry.

          Would I care if they deleted my system files or not?

          • T156@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            2 months ago

            Or, session cookies. They don’t need special privilege to access, and if you grab all of someone’s cookies, you can probably get some valid session cookies for logged in accounts just by checking for some common domains in one/by keyword.

            From there, it would be trivial to get into email, social media, and other accounts to do other things with.