| 1 |
Paul Hartman wrote: |
| 2 |
> On Mon, Jul 8, 2013 at 8:24 AM, Dale <rdalek1967@×××××.com> wrote: |
| 3 |
>> Questions. Can a virus infect the OS when running on Linux through |
| 4 |
>> java/javascript/flash? Or would the infection at the least be limited |
| 5 |
>> to that user? |
| 6 |
> I think how they typically work, on any OS, is they exploit a bug in |
| 7 |
> the browser (or a browser plug-in) to run code on your local machine, |
| 8 |
> and then that code exploits the operating system in order to get |
| 9 |
> root-level privileges. After it has that, the possibilities are |
| 10 |
> endless... |
| 11 |
> |
| 12 |
> There's nothing special about Linux that would make that scenario play |
| 13 |
> out any better than it does on Windows, but in reality the number of |
| 14 |
> exploits found for Windows has been greater, and the number of Linux |
| 15 |
> web browser users is far fewer, so it's pretty rare to see web pages |
| 16 |
> that target Linux exploits (but I do read about them from time to |
| 17 |
> time). |
| 18 |
> |
| 19 |
> I personally use Firefox with RequestPolicy, NoScript and Adblock |
| 20 |
> Plus. That still won't protect me from a bug in Firefox itself. I |
| 21 |
> suppose if I really wanted to be paranoid I would run it in a virtual |
| 22 |
> machine (but, hey, those can be exploited, too). At some point, you |
| 23 |
> have to just go with it and hope for the best. Either that or turn off |
| 24 |
> the computer. :) |
| 25 |
> |
| 26 |
|
| 27 |
That's my thinking to but also see my reply to Walter. I use Linux for |
| 28 |
several reasons and security is one of them. Linux is more security |
| 29 |
oriented and faster with fixes be it a browser or some other package. |
| 30 |
Gentoo works with upstream to get serious issues fixed pretty fast. |
| 31 |
|
| 32 |
|
| 33 |
>> How is html5 going to affect this? Better or worse? |
| 34 |
> HTML5 is already here and you're probably already using it. :) The |
| 35 |
> biggest benefit to using "anything but Flash" is the idea that the |
| 36 |
> code is not in Adobe's hands and that the community would identify and |
| 37 |
> fix bugs sooner. But that's not guaranteed to be the case. |
| 38 |
> |
| 39 |
> A web browser is perhaps the most complicated piece of software most |
| 40 |
> of us will ever run on our computers, and there's a lot of room for |
| 41 |
> mistakes to happen in those millions of lines of code. Anything can |
| 42 |
> happen. |
| 43 |
> |
| 44 |
> . |
| 45 |
> |
| 46 |
|
| 47 |
I have opted in for html5 on youtube. I think I also have a plugin that |
| 48 |
enables html5 as well when available. I have one for https as well. |
| 49 |
Given this NSA mess, may help a little anyway. O_O |
| 50 |
|
| 51 |
Dale |
| 52 |
|
| 53 |
:-) :-) |
| 54 |
|
| 55 |
-- |
| 56 |
I am only responsible for what I said ... Not for what you understood or how you interpreted my words! |
Archives