| 1 |
Alan McKinnon wrote: |
| 2 |
> On 08/07/2013 15:24, Dale wrote: |
| 3 |
>> Walter Dnes wrote: |
| 4 |
>>> On Fri, Jul 05, 2013 at 05:21:25PM -0500, Dale wrote |
| 5 |
>>> |
| 6 |
>>>> Well, no Wine here. So that won't happen. Actually, I don't have a |
| 7 |
>>>> copy of windoze here at all. Neither of my two rigs have ever had |
| 8 |
>>>> windoze installed on them at all. |
| 9 |
>>>> |
| 10 |
>>>> BTW, I have been known to open those attachments before. I usually open |
| 11 |
>>>> them with kwrite or something and try to see what is human readable in |
| 12 |
>>>> there. Most is machine language but there is usually a small portion |
| 13 |
>>>> that is human readable. They sent it and I'm nosy that way. lol |
| 14 |
>>> The bad guys go after the "low hanging fruit", i.e. the easiest |
| 15 |
>>> targets. Years ago, it was Internet Explorer. This also included |
| 16 |
>>> Outlook and Outlook Express, which were glorified IE frontends. There |
| 17 |
>>> were many "drive-by-downloads", thanks to Active-X (aka "Active-Hacks"). |
| 18 |
>>> |
| 19 |
>>> MS has gotten its act together on IE, so the bad guys are now going |
| 20 |
>>> after other stuff. The "other stuff" is cross-platform stuff like Java |
| 21 |
>>> and Javascript and Adobe Acrobat and Flash (known affectionately as |
| 22 |
>>> "Schlockwave Trash"). So yes... it can happen here. |
| 23 |
>>> |
| 24 |
>>> I've been Java-free for years. I use Noscript and Flashblock on |
| 25 |
>>> Firefox. I keep Opera around for those sites that don't work on |
| 26 |
>>> Firefox. I also use mupdf instead of the bloated Acrobat Reader |
| 27 |
>>> monstrosity. |
| 28 |
>>> |
| 29 |
>> |
| 30 |
>> Questions. Can a virus infect the OS when running on Linux through |
| 31 |
>> java/javascript/flash? |
| 32 |
> Yes. If you can get the payload to run, then that code will run and will |
| 33 |
> do whatever the environment it is in will let it do. |
| 34 |
> |
| 35 |
>> Or would the infection at the least be limited |
| 36 |
>> to that user? |
| 37 |
> That's the normal case, but by no means the only one. |
| 38 |
> |
| 39 |
> If you have sudoers set up to run any command as root without using a |
| 40 |
> password, well then.... |
| 41 |
> |
| 42 |
>> How is html5 going to affect this? Better or worse? |
| 43 |
> |
| 44 |
> I think you need to gain a deeper understanding of how computer software |
| 45 |
> works Dale. You are asking black/white questions, and the world just is |
| 46 |
> not like that. It's all grey. |
| 47 |
> |
| 48 |
> These questions do not have simple answers. Windows well-deserved it's |
| 49 |
> bad rep from many years ago - that came not from bad security or |
| 50 |
> loopholes but more from the simple fact that early Windows had no |
| 51 |
> security to speak of. It wasn't poor locks, there just wasn't a lock, |
| 52 |
> not a door ... oh stuff it there wasn't even a wall to put the door in |
| 53 |
> for many years! |
| 54 |
> |
| 55 |
> Things have vastly improved now and Windows in the hands of someone with |
| 56 |
> clue rates about the same as (more-or-less conventional) Linux in the |
| 57 |
> hands of someone with clue. |
| 58 |
> |
| 59 |
> Lastly, gaining root permissions is no longer the holy grail it used to |
| 60 |
> be. Nowadays first prize is ability to send mail through your mail |
| 61 |
> accounts, access your browsing history, and get into your password |
| 62 |
> wallet. All of which by their very nature, MUST be accessible to the |
| 63 |
> user's account. |
| 64 |
> |
| 65 |
> |
| 66 |
|
| 67 |
I'm getting there Alan. I'm always learning something. It's retaining |
| 68 |
it that is the issue. ;-) |
| 69 |
|
| 70 |
Dale |
| 71 |
|
| 72 |
:-) :-) |
| 73 |
|
| 74 |
-- |
| 75 |
I am only responsible for what I said ... Not for what you understood or how you interpreted my words! |
Archives