1 |
On 08/07/2013 15:24, Dale wrote: |
2 |
> Walter Dnes wrote: |
3 |
>> On Fri, Jul 05, 2013 at 05:21:25PM -0500, Dale wrote |
4 |
>> |
5 |
>>> Well, no Wine here. So that won't happen. Actually, I don't have a |
6 |
>>> copy of windoze here at all. Neither of my two rigs have ever had |
7 |
>>> windoze installed on them at all. |
8 |
>>> |
9 |
>>> BTW, I have been known to open those attachments before. I usually open |
10 |
>>> them with kwrite or something and try to see what is human readable in |
11 |
>>> there. Most is machine language but there is usually a small portion |
12 |
>>> that is human readable. They sent it and I'm nosy that way. lol |
13 |
>> The bad guys go after the "low hanging fruit", i.e. the easiest |
14 |
>> targets. Years ago, it was Internet Explorer. This also included |
15 |
>> Outlook and Outlook Express, which were glorified IE frontends. There |
16 |
>> were many "drive-by-downloads", thanks to Active-X (aka "Active-Hacks"). |
17 |
>> |
18 |
>> MS has gotten its act together on IE, so the bad guys are now going |
19 |
>> after other stuff. The "other stuff" is cross-platform stuff like Java |
20 |
>> and Javascript and Adobe Acrobat and Flash (known affectionately as |
21 |
>> "Schlockwave Trash"). So yes... it can happen here. |
22 |
>> |
23 |
>> I've been Java-free for years. I use Noscript and Flashblock on |
24 |
>> Firefox. I keep Opera around for those sites that don't work on |
25 |
>> Firefox. I also use mupdf instead of the bloated Acrobat Reader |
26 |
>> monstrosity. |
27 |
>> |
28 |
> |
29 |
> |
30 |
> Questions. Can a virus infect the OS when running on Linux through |
31 |
> java/javascript/flash? |
32 |
|
33 |
Yes. If you can get the payload to run, then that code will run and will |
34 |
do whatever the environment it is in will let it do. |
35 |
|
36 |
> Or would the infection at the least be limited |
37 |
> to that user? |
38 |
|
39 |
That's the normal case, but by no means the only one. |
40 |
|
41 |
If you have sudoers set up to run any command as root without using a |
42 |
password, well then.... |
43 |
|
44 |
> |
45 |
> How is html5 going to affect this? Better or worse? |
46 |
|
47 |
|
48 |
I think you need to gain a deeper understanding of how computer software |
49 |
works Dale. You are asking black/white questions, and the world just is |
50 |
not like that. It's all grey. |
51 |
|
52 |
These questions do not have simple answers. Windows well-deserved it's |
53 |
bad rep from many years ago - that came not from bad security or |
54 |
loopholes but more from the simple fact that early Windows had no |
55 |
security to speak of. It wasn't poor locks, there just wasn't a lock, |
56 |
not a door ... oh stuff it there wasn't even a wall to put the door in |
57 |
for many years! |
58 |
|
59 |
Things have vastly improved now and Windows in the hands of someone with |
60 |
clue rates about the same as (more-or-less conventional) Linux in the |
61 |
hands of someone with clue. |
62 |
|
63 |
Lastly, gaining root permissions is no longer the holy grail it used to |
64 |
be. Nowadays first prize is ability to send mail through your mail |
65 |
accounts, access your browsing history, and get into your password |
66 |
wallet. All of which by their very nature, MUST be accessible to the |
67 |
user's account. |
68 |
|
69 |
|
70 |
-- |
71 |
Alan McKinnon |
72 |
alan.mckinnon@×××××.com |