Hacker News new | past | comments | ask | show | jobs | submit login

His comment went right past you. What you care about the most on your computer is your personal data, and all of it sits under $HOME. Any script running as $USER can steal sensitive data, wipe out personal and work files, maybe even cloud storage services. None of that requires admin rights.

The only solution is sandboxing everything.




For things that are likely to carry malware, use a separate account. Probably a good idea for a Bittorent client in any case.

In practice, however, it is much easier to deal with malware if there's no admin rights. It matters even for a clueless user, since the OS mechanisms of detection can't be altered and more much so for a power user.

This specific malware installs a kernel module, as far I can tell. I am guessing it would be harder to encrypt data and not be noticed and removed quickly.

Of course, there are even more obvious reasons, like sharing a computer with... kids that tend to bring malware at every turn.

We really need to educate the devs and change the culture. There's no reason for something like a word processor and file sharing app to require full access to the system. That's why we have access controls in the first place.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: