>>51723769
>Because you already made a decision to run it in the first place.
If it's some drive-by download malware that you never gave the command to run, having it run as a limited user limits the things it can do to sink its claws into the machine. You're thinking of this from the wrong direction. Limited user privileges aren't a be-all end-all defense, they're one part of a defense-in-depth strategy to make life harder for an intruder at every step along the line. That intruder won't necessarily have done something to alert you to the possibility that he's there, like having you make a decision to run a program.

>>51723883
/thread

>>51723883

> having it run as a limited user limits the things it can do to sink its claws into the machine

This only make sense in a multiuser environment. Like, really multi user. To contain the damage one user can do to the rest of the system. It does not protect the user himself in any way and it's all zeroed the moment you give him sudo rights.

>>51724282
Wouldn't some sort of virus need to be blocked just like a malicious user?

>>51723769
root/user is an arbitrary decision. hence shitty workarounds are necessary.

>>51723769
Doesn't it bother you that someone would only be one input away from destroying everything?

>>51724282
>it's all zeroed the moment you give him sudo rights.

There's still a passphrase in the way.

>It will also be able to read 99% of system files.

It won't be able to read a lot of stuff in /proc/ and /sys/, which is the really important part. Some files in /etc/ are also not readable by non-root.

The point is that you can't _write_ to anything but directories you've been given access to, and as such, cannot do particular damage to your system nor can potential malware or an intruder. For example, writing stuff on the boot track would be doable as root, but not a user, and this can be used to create a persistent infection across multiple installations unless you wipe the boot track every time. It also allows you to do arbitrary code execution in kernel space and change kernel memory.

File: Steve_Ballmer_peace.jpg (52 KB, 600x377) Image search: [Google]

52 KB, 600x377

Windows lets you run any suspicious program as a sandboxed user. Just right-click and choose "run as". It won't be able to touch your files. If you want to give it access to a specific file or folder, just edit their ACLs. You can't do that in Linux by default.

>>51724282
you seem to have an implicit assumption that the intruder is targeting *you*, and that he's interested in the shit in your home folder. Some are, of course, but there's a lot of possible threats that don't give half a shit, and as a matter of fact would much rather you never knew they were there. Say I'm running a botnet (like, a real one, not the meme) and I want your computer to send spam, or host CP, or be a piece of a DDoS attack. You happen to come across some website I've compromised that has an exploit on it, and I get code running on your system, under your account. Now, to do my job I need to stay hidden from you, and send data out from the machine. Having root will help the first one, I can put things in places you can't look at, at least unless you elevate. It'll enable me to patch libraries, or hell, the kernel, to report back "nope, everything's fine! :^)" when you go poking around. To send data I need privileges to get past the firewall. And again, to mock things up so that if you look, you won't see anything amiss.

I'm not going to be able to do this if I'm a limited user. Either I'll be stopped there, or I will need another exploit, for privilege escalation, to get to my goal, which makes my life a lot harder. The limited user account put a big hurdle in my way. The first rule of security is to have lots and lots of these hurdles.

>>51724373
>You can't do that in Linux by default.

>what is any sort of su derivative

You're plain wrong. The user isn't even sandboxed, it's simply not your user.

> It won't be able to read a lot of stuff in /proc/ and /sys/, which is the really important part.

Nothing is important outside of my Home.

> The point is that you can't _write_ to anything but directories you've been given access to, and as such, cannot do particular damage to your system nor can potential malware or an intruder.

The only valuable part of my system is my home folder and the least protected one.

>>51723769
>linux fags actually use a limited account
TOP KEK, even on windows im always admin with UAC turned off. Do you lack Common Sense 2015??

>>51724417 Yes it's not my user, the point is, you can run something isolated and still choose to give it access to specific files in your home dir easily when you need to. You can also choose to give it read only or write access.

>>51724424
>Nothing is important outside of my Home.
>The only valuable part of my system is my home folder and the least protected one.

Then why is getting root one of the first things every attacker attempts to do?

>>51724373
What you are describing is fairly easy to set up.
But something like a virtualized environment is a lot better if you want to make sure that the application does not interact with the rest of the system.
Does windows has something like this?

>>51724487 It's what security hipsters want you to believe.

>>51723769
Yep, you're pretty much right. Unfortunately there's a ton of people stuck on the "dont do shit as root" mantra.

>>51724367
>There's still a passphrase in the way
But a malicious program could do tons of thing to fuck that plan up. It could install a keylogger in my x startup. It could fuck with my $PATH to lead me to a malicious version of sudo.

>>51724400
Wrong, see above. There's nothing stopping the malware, through whatever means, to act as a shim between me and anything I might use to discover the malware.
Not to mention, most firewalls aren't going to be configured to block outbound connections, so it doesn't need shit for firewall rights.

Of course, you're overestimating most malware. Most linux compromises come from brute force attacks on servers and vulnerable server-side web code. And they usually don't try to hide it a whole lot, because it's easier to focus on exploiting more machines than retaining the ones youget.

>>51724639
>But a malicious program could do tons of thing to fuck that plan up.
you're still making it harder for them. Again, defense in depth.

>>51724424
>>Nothing is important outside of my Home.
This doesn't even rise to the level of being wrong.

>>51724373
su nobody -c shit
or run in a container or in a virtual machine

>>51724542
>Does windows has something like this?
Yes. it's called Sandboxie

I used to make mods for GTA 5, and I would mod the game directory and play the game from within a Sandboxie sandbox. This is because, earlier on, I got a seriously bad virus from using an early GTA5 mod (angry planes/noclip mod). The mod/virus-maker stole thousands of dollars from YouTube let's-players, and wasn't even caught. His mod downloaded a Steam-inventory virus module that sold all my old TF2 hats in like 10 minutes. No virus scanners detected it as malicious for like 10 days after it was released on a huge modding site.
Anyway, sandboxie is awesome for running GTA5 as fast as it normally would. Also for giving you a chance to do whatever you want to all your files (like modding them) within a sandboxed version of Windows explorer, and it will never affect the real files outside the sandbox.