| 1 |
On 08/07/2013 15:24, Dale wrote: |
| 2 |
> Walter Dnes wrote: |
| 3 |
>> On Fri, Jul 05, 2013 at 05:21:25PM -0500, Dale wrote |
| 4 |
>> |
| 5 |
>>> Well, no Wine here. So that won't happen. Actually, I don't have a |
| 6 |
>>> copy of windoze here at all. Neither of my two rigs have ever had |
| 7 |
>>> windoze installed on them at all. |
| 8 |
>>> |
| 9 |
>>> BTW, I have been known to open those attachments before. I usually open |
| 10 |
>>> them with kwrite or something and try to see what is human readable in |
| 11 |
>>> there. Most is machine language but there is usually a small portion |
| 12 |
>>> that is human readable. They sent it and I'm nosy that way. lol |
| 13 |
>> The bad guys go after the "low hanging fruit", i.e. the easiest |
| 14 |
>> targets. Years ago, it was Internet Explorer. This also included |
| 15 |
>> Outlook and Outlook Express, which were glorified IE frontends. There |
| 16 |
>> were many "drive-by-downloads", thanks to Active-X (aka "Active-Hacks"). |
| 17 |
>> |
| 18 |
>> MS has gotten its act together on IE, so the bad guys are now going |
| 19 |
>> after other stuff. The "other stuff" is cross-platform stuff like Java |
| 20 |
>> and Javascript and Adobe Acrobat and Flash (known affectionately as |
| 21 |
>> "Schlockwave Trash"). So yes... it can happen here. |
| 22 |
>> |
| 23 |
>> I've been Java-free for years. I use Noscript and Flashblock on |
| 24 |
>> Firefox. I keep Opera around for those sites that don't work on |
| 25 |
>> Firefox. I also use mupdf instead of the bloated Acrobat Reader |
| 26 |
>> monstrosity. |
| 27 |
>> |
| 28 |
> |
| 29 |
> |
| 30 |
> Questions. Can a virus infect the OS when running on Linux through |
| 31 |
> java/javascript/flash? |
| 32 |
|
| 33 |
Yes. If you can get the payload to run, then that code will run and will |
| 34 |
do whatever the environment it is in will let it do. |
| 35 |
|
| 36 |
> Or would the infection at the least be limited |
| 37 |
> to that user? |
| 38 |
|
| 39 |
That's the normal case, but by no means the only one. |
| 40 |
|
| 41 |
If you have sudoers set up to run any command as root without using a |
| 42 |
password, well then.... |
| 43 |
|
| 44 |
> |
| 45 |
> How is html5 going to affect this? Better or worse? |
| 46 |
|
| 47 |
|
| 48 |
I think you need to gain a deeper understanding of how computer software |
| 49 |
works Dale. You are asking black/white questions, and the world just is |
| 50 |
not like that. It's all grey. |
| 51 |
|
| 52 |
These questions do not have simple answers. Windows well-deserved it's |
| 53 |
bad rep from many years ago - that came not from bad security or |
| 54 |
loopholes but more from the simple fact that early Windows had no |
| 55 |
security to speak of. It wasn't poor locks, there just wasn't a lock, |
| 56 |
not a door ... oh stuff it there wasn't even a wall to put the door in |
| 57 |
for many years! |
| 58 |
|
| 59 |
Things have vastly improved now and Windows in the hands of someone with |
| 60 |
clue rates about the same as (more-or-less conventional) Linux in the |
| 61 |
hands of someone with clue. |
| 62 |
|
| 63 |
Lastly, gaining root permissions is no longer the holy grail it used to |
| 64 |
be. Nowadays first prize is ability to send mail through your mail |
| 65 |
accounts, access your browsing history, and get into your password |
| 66 |
wallet. All of which by their very nature, MUST be accessible to the |
| 67 |
user's account. |
| 68 |
|
| 69 |
|
| 70 |
-- |
| 71 |
Alan McKinnon |
| 72 |
alan.mckinnon@×××××.com |
Archives