This post is about preventing malware from sniffing the root password. This can be done in Whonix. Tails has no method for this. Some people on Youtube gives the bad advice that involves changing the password for the Root account. You should not do that, because since Whonix version 15.0.0.3.6, the Root account is disabled and expired by default. So if you change the root password, then you will in some cases enable the Root account. If you have enabled Root account, run this command to disable it: sudo passwd --lock root
Moreover, the ordinary sudo command gives you super user rights, the Sudo commands stands for Super User Do. Therefore, if a malware would sniff your user account password, that malware will then have Super User privileges. Here is how you take actions that will prevent malware from being able to sniff the password that have Super user privileges.
By doing so you will have to create an additional admin account,that will only be used for admin tasks. You will add the admin account to the sudo group, meaning that the admin acount will be able to run sudo commands. Then you will remove the user account from the sudo group, meaning that User account will not be able to run sudo commands anymore, leading to, any malware that will sniff the User password will not be able to use that for running Sudo commands. The advantage is that you will have better security. The account for doing updates and other impotent tasks will always be clean and malware free because you will never use that account for surfing the web, and malwares will have a really hard time trying to become a Super User Malware on your computer.
The disadvantage is that you will have to log out from user account, and log in to admin account every time that you want to run sudo commands, for example updating the system. But that is a fast process. Create admin account by running the command: Sudo adduser admin Follow the instruction. No asterix will be shown when you are choosing a password for admin account. Do not write anything when you are being asked by the system to write you name and telephone and other information for that new account. Just press enter every time so you will leave that blank. Add the admin account to group sudo: sudo addgroup admin sudo
Now you will log off from account user and log in to account admin. Instead of logging off the usual way by the graphical UI, use this method to defeat login spoofing to the admin account: With Virtualbox, press the key "right control" + F7. The "right control" is the virtual box host key. So it may be an other key if you have chosen to change that in virtualbox and therefore no longer have the default settings. The screen becomses small and black. then press alt + control + F1
You will now see the option to log in to Whonix as user or as admin. Log in as admin. Remove user USER from group sudo by running this command: Sudo delgroup user sudo Logout user admin and re-login as user. Never use the admin account for surfing the web.
0 comments:
Post a Comment