1 |
Alan McKinnon wrote: |
2 |
> On 08/07/2013 15:24, Dale wrote: |
3 |
>> Walter Dnes wrote: |
4 |
>>> On Fri, Jul 05, 2013 at 05:21:25PM -0500, Dale wrote |
5 |
>>> |
6 |
>>>> Well, no Wine here. So that won't happen. Actually, I don't have a |
7 |
>>>> copy of windoze here at all. Neither of my two rigs have ever had |
8 |
>>>> windoze installed on them at all. |
9 |
>>>> |
10 |
>>>> BTW, I have been known to open those attachments before. I usually open |
11 |
>>>> them with kwrite or something and try to see what is human readable in |
12 |
>>>> there. Most is machine language but there is usually a small portion |
13 |
>>>> that is human readable. They sent it and I'm nosy that way. lol |
14 |
>>> The bad guys go after the "low hanging fruit", i.e. the easiest |
15 |
>>> targets. Years ago, it was Internet Explorer. This also included |
16 |
>>> Outlook and Outlook Express, which were glorified IE frontends. There |
17 |
>>> were many "drive-by-downloads", thanks to Active-X (aka "Active-Hacks"). |
18 |
>>> |
19 |
>>> MS has gotten its act together on IE, so the bad guys are now going |
20 |
>>> after other stuff. The "other stuff" is cross-platform stuff like Java |
21 |
>>> and Javascript and Adobe Acrobat and Flash (known affectionately as |
22 |
>>> "Schlockwave Trash"). So yes... it can happen here. |
23 |
>>> |
24 |
>>> I've been Java-free for years. I use Noscript and Flashblock on |
25 |
>>> Firefox. I keep Opera around for those sites that don't work on |
26 |
>>> Firefox. I also use mupdf instead of the bloated Acrobat Reader |
27 |
>>> monstrosity. |
28 |
>>> |
29 |
>> |
30 |
>> Questions. Can a virus infect the OS when running on Linux through |
31 |
>> java/javascript/flash? |
32 |
> Yes. If you can get the payload to run, then that code will run and will |
33 |
> do whatever the environment it is in will let it do. |
34 |
> |
35 |
>> Or would the infection at the least be limited |
36 |
>> to that user? |
37 |
> That's the normal case, but by no means the only one. |
38 |
> |
39 |
> If you have sudoers set up to run any command as root without using a |
40 |
> password, well then.... |
41 |
> |
42 |
>> How is html5 going to affect this? Better or worse? |
43 |
> |
44 |
> I think you need to gain a deeper understanding of how computer software |
45 |
> works Dale. You are asking black/white questions, and the world just is |
46 |
> not like that. It's all grey. |
47 |
> |
48 |
> These questions do not have simple answers. Windows well-deserved it's |
49 |
> bad rep from many years ago - that came not from bad security or |
50 |
> loopholes but more from the simple fact that early Windows had no |
51 |
> security to speak of. It wasn't poor locks, there just wasn't a lock, |
52 |
> not a door ... oh stuff it there wasn't even a wall to put the door in |
53 |
> for many years! |
54 |
> |
55 |
> Things have vastly improved now and Windows in the hands of someone with |
56 |
> clue rates about the same as (more-or-less conventional) Linux in the |
57 |
> hands of someone with clue. |
58 |
> |
59 |
> Lastly, gaining root permissions is no longer the holy grail it used to |
60 |
> be. Nowadays first prize is ability to send mail through your mail |
61 |
> accounts, access your browsing history, and get into your password |
62 |
> wallet. All of which by their very nature, MUST be accessible to the |
63 |
> user's account. |
64 |
> |
65 |
> |
66 |
|
67 |
I'm getting there Alan. I'm always learning something. It's retaining |
68 |
it that is the issue. ;-) |
69 |
|
70 |
Dale |
71 |
|
72 |
:-) :-) |
73 |
|
74 |
-- |
75 |
I am only responsible for what I said ... Not for what you understood or how you interpreted my words! |