So now your story is that it "can" do all that but as a non-root user it wouldn't be able to without the user's help. So now you think Linux is susceptible to a social engineering attack but windows isn"t? Tell you what, if you are absolutely positive that Linux is so susceptible to "hacking", I will gladly create a text file and place it in my home directory to see if you can "hack" in and steal the information. Deal or are you afraid?
Strawman argument: I said
nothing about the susceptibility of Linux or Windows to social engineering attacks.
You originally asked what harm a program could do when running as a non-root user, on the apparent assumption a hacker needs root privileges to do damage. I answered that: if a program is able to run at all, it can use standard system services to connect to the internet and transmit information to third parties.
If it is able to run with
your privileges, it can steal your information and transmit it over the internet, and delete your files. (And I think you'll agree your files are pretty important to you.) I didn't say it requires the user's
help to run the program; I said it has to run
with your privileges to do significant harm to your personal data. There are known ways for programs to gain those privileges without you being involved.
Now, a cracker trying to get that program to run without you knowing it faces a considerable challenge. But if you think it's impossible to sneak past Linux's defenses, take a look at the
Security page over at LWN.net. Do the terms "privilege escalation," "information leakage," and "insecure temp file handling" mean nothing to you?
As to your challenge, I personally don't have the programming skills to exploit these bugs. That requires knowledge in the C programming language, and my languages of choice these days are perl and bash. But just because I don't doesn't mean others on the net don't.
Having said all that, I agree with general consensus that Linux is inherently more secure than Windows. *NIX machines connected to the Internet have a double whammy that crackers have to contend with in order to cause damage:
- They have to be able to get past whatever defenses are currently in place on the daemons that are listening on net-facing ports, or exploit bugs in those daemons, and Linux/BSD/Unix programmers have been diligent in their programming. (These can be defeated if the cracker can convince a Linux user to connect to a site in order to exploit, for example, a browser bug or something in, say, wget or curl.)
- These daemons are usually running with their own user privileges. In order to do harm, a program spawned by these daemons has to be able to get the privileges of another user or (best case for the cracker), root.
In addition, modern Linux distributions are much more parsimonious about the daemons they start up, and many come with firewalls that prevent packets from getting through ... which can make for frustrating times when trying to get something like an FTP server running on your system.
