<div dir="ltr">When using my Ubuntu I used to make the following pattern, whenever an update symbol showed up in the "taskbar" above (in gnome it's the upper panel), I clicked on it, entered my password to sudo up the privileges of the update process, and installed the needed packages to the machine.<div>
<br></div><div>Then I thought, wait a mintue, this is happening all too often! The only security signature I trust here is the shape of the symbol on the taskbar! A malicious program can immitate the update GUI, and lure me to leverage its permissions very easily.</div>
<div><br></div><div>It can't be that bad, I thought, I can probably only sudo a known program. Alas, in the latest version of Ubuntu the sudoers file says</div><div><br></div><div><div>%admin ALL=(ALL) ALL</div></div>
<div><br></div><div>and the default user is indeed in the admin group.</div><div><br></div><div>Is that really a problem (I'm probably not the only one who noticed it)? Is it like that in other distributions?</div><div>
<br></div><div>In Windows when you're asked to leverage a permission of a program, it shows you the digital signature of the executable asking for privileges (or at least that's how it looks like in the dialog), which is not a very good solution IMHO, but it's at least better than nothing.</div>
<div><br></div></div>