Will a Virus or Malware inside a User Account or Guest Account Affect the Entire Ubuntu System?

security permissions login malware

When I started out with Linux, and while studying the file structure and access permissions of Linux systems, a thought formulated in my mind, that as long as you operate only within your less priviledged or restricted account, no virus or malware that ever gets into your account, will ever affect the entire system. Nor would "it" affect the various application installed, as the settings and saved documents are all stored exclusively in your account...or, am I mistaken on this?

Regarding this, I have concerns with the "sudo" command in Ubuntu. If ever I used sudo with a priviledged account using a terminal, from inside an unpriviledged but infected user or guest account, will a malware from the infected user's home folder still seep to the entire system, and render my Ubuntu system infected?

Also, with the Windows Emulator, Wine... I noticed the applications I installed are not system wide, but are localized in the account I was using when I installed it. Unfortunately, the wine applications are malware magnets. Within a week, ClamTK has detected 700+ threats. Should I be worried, of this threats getting out and infect the entire system?

Thanks in advance to the ones who could shed light on this.


One note before I start:
I talk about theoretical threats, not about actually existing and widespread pieces of malware.

As long as you operate an account without admin and sudo privilege and infect it by e.g. installing (manually or automatically behind your back, after clicking somewhere you shouldn't have clicked) a malware program to your home folder, this infection should stay limited to this account.

I say should, because:

  • an admin user could launch the infected file from his account as root and infect the machine this way.

  • the malware could infect portable devices (USB sticks etc.) mounted by the user, and then get spread on other machines or other user accounts on the same machine, when you mount it with another user later.

  • the malware could spread itself over the network, infect another machine in your LAN and then infect the admin account when it's logged on next time and connects to the other infected computer.

  • there are various known possibilities how an application could bypass the restrictions. This is called "privilege escalation", which means that the application runs with higher privileges than allowed/intended due to exploited software bugs, too permissive file system permissions, etc ...

  • As Ubuntu comes with a sudo timeout > 0s, you are not required to enter your sudo password multiple times within a short time period (by default 15 minutes, if I remember right?) to run several commands as root, but just get prompted once for the first one. If the malware now overwrote a file for which the infected user has write access (enters a command to run itself as root using sudo) and you later run the file without using sudo, but within the timeout, you don't even notice that there's something going on with elevated privileges.

  • probably more...

You see, most chances for the malware to infect the whole machine require user interaction and/or depend on how strictly one keeps his accounts, computers and pluggable drives separated.

The bugs allowing privilege escalations are usually quickly fixed after the developers learn about them, but in the time between the discovery of a bug through malicious hackers and the release of a fix, new malware could bypass the user restrictions exploiting the bug.

Conclusion:

Most malware is probably not capable of elevating its privileges and getting root access to infect your entire machine, unless you manually grant it by entering your sudo password in the wrong input box. That means behaving carefully and thinking about every command you run twice (especially if other users have write permissions on a file you want to execute) should protect you pretty well.

However, there's never 100% security, because malware developers are often one step ahead of the software programmers responsible for bug fixes and security patches.

Related

Installing symbolic package in octave
How can I install Sonos on Ubuntu
Office 2016 Installation Using PlayOnLinux
Remove language dialects from Thunderbird
Change the size of a ping
Is there a ONVIF Device Manager alternative for Ubuntu 16.04LTS
Xenial (16.04) cannot find package libboost-all-dev
How to install intel graphics driver for using vulkan on Ubuntu 16.04
What is the default theme name in Ubuntu 16.04?
How to use win explorer to create folders for Bash on Ubuntu on Windows?
How to activate a virtualenv within bash script resulting in activated prompt
Ubuntu 16 Samba server with Windows 10 client - Tutorial/Howto