Ubuntu asks for my password far too much

Is it just me or does ubuntu ask for your password far too much, i have to enter it a few times every day, a minor inconvenience at first but then it becomes a daily habit that you don’t even think about, which leads onto security flaws “oh you want my password, whatever, just get doing your thing”.

When a user is accustomed to performing a task such as this over and over again a malicious program simply has to run itself with gksudo and the user will happily enter their password and give the program root privileges, especially if you combine the gksudo with a custom message by passing –message “your message” to it, such as this:

Of course this completely bypasses the whole “how does the malicious program get onto your system in the first place” thing, but through my dealings with support requests I can say that people will find random debs/programs on the Internet and they will find ways of running them thinking that everything will be fine.

Do we really need to ask for root privilages so much or is this simply an education on security issue? either way I have a feeling we are sleepwalking into problems down the line.

About these ads

4 responses to “Ubuntu asks for my password far too much

  1. Education is always a security issue. If people can be victim to social engineering, it doesn’t matter how well the system’s security is constructed.

  2. If you install a malicious deb you don’t need to ask for the password. The deb itself can run whatever it wants while it is being installed. It can disable services, replace them, and also do a simple rm -Rf /.
    You don’t have to install some radom deb you find on the web, that is why there are repositories and digital signatures.

  3. Hey, cool screenshot!
    But really, security should always be present in a users mind. Do not blindly install debs, compile or even run commands without verifying that what you will be doing does not cause harm.

    Sudo does not bother me. It makes my life more secure, and simpler for me.

  4. i am a new user of the software and love it. i do however get rather irritated when my netbook asks for my password when i told it not to in security settings? even after selecting the ‘dont ask me for my password at start up’ tick in the box wont stop it from asking me for my password when i start up my machine which worries me. its a shame because it excels in a lot of areas, but fails in some simple.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s