From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 129151381F3 for ; Wed, 10 Jul 2013 01:41:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9BE4EE096C; Wed, 10 Jul 2013 01:41:27 +0000 (UTC) Received: from mail-gh0-f173.google.com (mail-gh0-f173.google.com [209.85.160.173]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7A8CEE094C for ; Wed, 10 Jul 2013 01:41:26 +0000 (UTC) Received: by mail-gh0-f173.google.com with SMTP id g16so2245835ghb.32 for ; Tue, 09 Jul 2013 18:41:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=jlRC10nSOiszMIBQiUONLWod5GGI6vRAHEiV4jiLOZU=; b=DpSt8VT+8B0IF4lO5KUl4ipPe5sPHi5txiBbpZdm+EM1qH2X/5QfF1dnVBTrLzIw+R eBPkdAl3x72GV8BWLMk6WZKkQ/PfTj39P/AElBLFRS5q5HqREY7tuiEMf+kPHE6uFTLT MSjlFnpG/h3ORPs5ClvCAkdpCftd4je5Tr26JHD0yr2EgREbQMdGm4NRFiJd2gPVfg5L XBsyraNqFYx6ZRXKN3nSwCyBs1D6ySqDFTkO29z2QAdl9HleGqLjX6I/sPTIuJRch16y 7vwyiNtMImqITyMPXVmHTPDHP5OFRH3rhPGp3dMTQp8U6E8Zkw4rgSlzeNlpcRVC3Puh 9h9w== X-Received: by 10.236.63.132 with SMTP id a4mr16629600yhd.41.1373420485650; Tue, 09 Jul 2013 18:41:25 -0700 (PDT) Received: from [192.168.2.5] (adsl-65-0-120-51.jan.bellsouth.net. [65.0.120.51]) by mx.google.com with ESMTPSA id o32sm49078158yhi.5.2013.07.09.18.41.22 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 09 Jul 2013 18:41:24 -0700 (PDT) Message-ID: <51DCBBC1.1090606@gmail.com> Date: Tue, 09 Jul 2013 20:41:21 -0500 From: Dale User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 SeaMonkey/2.17.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Linux viruses References: <51D728BA.4060906@gmail.com> <51D73FFF.9020200@iinet.net.au> <51D746E5.1040606@gmail.com> <20130707092526.GA14811@waltdnes.org> <51DABD73.1080609@gmail.com> <20130709233957.GB20591@waltdnes.org> In-Reply-To: <20130709233957.GB20591@waltdnes.org> X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 4719843c-e9db-405e-8095-ff41546f925a X-Archives-Hash: ed6617309cdf881cd2f2f67c894d7455 Walter Dnes wrote: > On Mon, Jul 08, 2013 at 08:24:03AM -0500, Dale wrote > >> Questions. Can a virus infect the OS when running on Linux through >> java/javascript/flash? > There are two levels of "infection"... > > 1) One-off execution of bad stuff when you visit a web page. > > 2) A more permanent infection that survives restarting the web browser, > and rebooting the machine. But that would need to be linux executable. OK. I do banking online. I also pay my bills online along with social sites as well. I use Lastpass so that I can have some really REALLY funky passwords. I think I am one of few that has not had his facebook hacked. Anyway, I run Gentoo which is known here. I use Firefox/Seamonkey as my web browser. So next question sort of takes us back to my point with the knucklehead in the store. Am I safer, much safer, using Linux over windoze? That answer would take into account the fact that most virus/nasty code is written for windoze and not Linux but also that Linux is just built with security in mind. I belive that I am much safer with Linux myself. Just a rough example of what some passwords look like for me: 5u9YU7335cb29hPE I don't actually use that as a password so no need in some script kiddy trying it. LOL >> Or would the infection at the least be limited to that user? > Usually, unless they find a privilege escalation hole. Then again, > it's the user-info (bank login and password, credit card number, etc) > that's really profitable for organized crime. I can certainly agree with that. I have a few people that use windoze and refuse to even think about ordering online, banking or anything that requires financial type info. If they are not going to keep their stuff up to date, may be a good idea. These are the same folks that don't update anti-virus and such too. :/ > >> How is html5 going to affect this? Better or worse? > If/when it results in the end of Flash, that's an improvement. The > thing I worry about is that anything "powerful enough" can be (ab)used. > I was hoping if they was going to all the trouble on creating this that it was going to do some sort of good and improve security. I don't mean just for Linux folks either. For the record, I use https everywhere and I think I have a similar thing for html5 too. I know I opted in for youtube. Thanks for the answers. I think you see where I am going with this. I still laugh when I think about what that guy said tho. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words!