From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 4286E1381F3 for ; Mon, 8 Jul 2013 14:54:20 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BF6F5E0A9B; Mon, 8 Jul 2013 14:54:08 +0000 (UTC) Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 66BFEE0A82 for ; Mon, 8 Jul 2013 14:54:07 +0000 (UTC) Received: by mail-bk0-f44.google.com with SMTP id 6so1928769bkj.31 for ; Mon, 08 Jul 2013 07:54:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=FDI1PvJoXJQ45Sse8Nosu0ukJ9eMqCRAP9pNPsFz9Yw=; b=Dtzt0a0EMbI5D7yEqVfBHXiQbDaJeD5jhBbJzF/ZhevloKLBOOKdxYis2gefKk39bq SZDSahJauRjgvUF5pd95G+bxQEb0utH9I3qI1b/zq1XLPi3ELybUoH+GHnO0LMx14m5N tfcFI10MyhSsiIr4DktChf4RkawnTSsNa2b8rYttSYg5V3wRyINTrzExxznle+e8FBt2 LZEVUNT0kS2r6ZU1VKkNmewI+kOSWoSUGFlggu43pdE0/0HOT0hhmCDFz3QoOTE75vb3 DL42SOZ5miFzGV2HWnS0V/eBJ8grduDKNPub+xp/PkaPRkbmw6HmebzOckfT1Ihmr7dR kmPw== X-Received: by 10.204.227.11 with SMTP id iy11mr3515170bkb.158.1373295245874; Mon, 08 Jul 2013 07:54:05 -0700 (PDT) Received: from [172.20.0.41] (196-210-126-90.dynamic.isadsl.co.za. [196.210.126.90]) by mx.google.com with ESMTPSA id ok9sm4621501bkb.8.2013.07.08.07.54.03 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 08 Jul 2013 07:54:05 -0700 (PDT) Message-ID: <51DAD213.8040208@gmail.com> Date: Mon, 08 Jul 2013 16:52:03 +0200 From: Alan McKinnon User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130701 Thunderbird/17.0.7 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Linux viruses References: <51D728BA.4060906@gmail.com> <51D73FFF.9020200@iinet.net.au> <51D746E5.1040606@gmail.com> <20130707092526.GA14811@waltdnes.org> <51DABD73.1080609@gmail.com> In-Reply-To: <51DABD73.1080609@gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 27cac17b-ad6c-4965-8760-8fdb19cb045c X-Archives-Hash: d647beb96f06ce03d6c66799eefcd51b On 08/07/2013 15:24, Dale wrote: > Walter Dnes wrote: >> On Fri, Jul 05, 2013 at 05:21:25PM -0500, Dale wrote >> >>> Well, no Wine here. So that won't happen. Actually, I don't have a >>> copy of windoze here at all. Neither of my two rigs have ever had >>> windoze installed on them at all. >>> >>> BTW, I have been known to open those attachments before. I usually open >>> them with kwrite or something and try to see what is human readable in >>> there. Most is machine language but there is usually a small portion >>> that is human readable. They sent it and I'm nosy that way. lol >> The bad guys go after the "low hanging fruit", i.e. the easiest >> targets. Years ago, it was Internet Explorer. This also included >> Outlook and Outlook Express, which were glorified IE frontends. There >> were many "drive-by-downloads", thanks to Active-X (aka "Active-Hacks"). >> >> MS has gotten its act together on IE, so the bad guys are now going >> after other stuff. The "other stuff" is cross-platform stuff like Java >> and Javascript and Adobe Acrobat and Flash (known affectionately as >> "Schlockwave Trash"). So yes... it can happen here. >> >> I've been Java-free for years. I use Noscript and Flashblock on >> Firefox. I keep Opera around for those sites that don't work on >> Firefox. I also use mupdf instead of the bloated Acrobat Reader >> monstrosity. >> > > > Questions. Can a virus infect the OS when running on Linux through > java/javascript/flash? Yes. If you can get the payload to run, then that code will run and will do whatever the environment it is in will let it do. > Or would the infection at the least be limited > to that user? That's the normal case, but by no means the only one. If you have sudoers set up to run any command as root without using a password, well then.... > > How is html5 going to affect this? Better or worse? I think you need to gain a deeper understanding of how computer software works Dale. You are asking black/white questions, and the world just is not like that. It's all grey. These questions do not have simple answers. Windows well-deserved it's bad rep from many years ago - that came not from bad security or loopholes but more from the simple fact that early Windows had no security to speak of. It wasn't poor locks, there just wasn't a lock, not a door ... oh stuff it there wasn't even a wall to put the door in for many years! Things have vastly improved now and Windows in the hands of someone with clue rates about the same as (more-or-less conventional) Linux in the hands of someone with clue. Lastly, gaining root permissions is no longer the holy grail it used to be. Nowadays first prize is ability to send mail through your mail accounts, access your browsing history, and get into your password wallet. All of which by their very nature, MUST be accessible to the user's account. -- Alan McKinnon alan.mckinnon@gmail.com