francois wrote:Mark, can you explain in simple terms but also concretely how a hacker could get around someone who always work in root mode?
I wouldn't be able to. As I said previously, the chances of being hacked as root or a guest account are the same. It's not who you use to login as. It's your network and machine. If your network is "secured" (at least as much as it can be) then the hacker can't reach your machine. If he does reach your machine then it's a matter of whether your services are patched enough to keep the hacker out. Do your patches, updates, that's key - it diminishes the attack vectors a hacker can use. If your machine is not patched or updated and exploits in your services are open, the it won't matter who you use to log in.
In the first few comments of this thread, some one mentioned that if you work as root and a hacker hacks your application they will have root. This is false unless you are running a service as root and the application is vulnerable. This has nothing to do with you being root and logging on or being a guest. A service is what starts up and runs when the machine is switched on and because of the nature of the service may need to run as a privileged user (eg:root). In the old days Apache was like that - run as root and was easily broken by buffer overflows and the like, giving the attached root privileges. Or XSS vulnerabilities of using specially crafted commands in MySQL web interfaces that can execute command as root because the MySQL service is running as root. But none of these have anything to do with who you login as. Whether it's root you work as or a guest user, it's irrelevant. All these services are already running before you even log on. It's just a matter of how well these services have been written and secured while they run.
As I keep reiterating, who you log in as is just a preference of the user. If you don't feel like using root especially on a single user machine, then it's nothing to do with security, just fear of screwing something up. But whatever it is, it is just the user's preference.
Secure your network using a good routerr running firmware you can trust. Enable ids and firewall on the router. Use your end machines with an arp tool like arpwatch, Xarp or Winarp to do simple detection if a mitm attack is happening, limit wireless usage and stick to a wire unless absolutely necessary to go wireless. Patch your OS and apps and for goodness sakes don't answer strange emails or click links sent blindly.