From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 6A4D31381F3 for ; Wed, 10 Jul 2013 01:46:31 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 577D4E09C1; Wed, 10 Jul 2013 01:46:25 +0000 (UTC) Received: from mail-gg0-f178.google.com (mail-gg0-f178.google.com [209.85.161.178]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 31247E0963 for ; Wed, 10 Jul 2013 01:46:23 +0000 (UTC) Received: by mail-gg0-f178.google.com with SMTP id l12so2193838gge.37 for ; Tue, 09 Jul 2013 18:46:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=TKrReBq9g0GA0uv/+Q6kvQGsxB+I1+h5FI9sTPLi740=; b=OQEefqaEk7/1hDphY7HpNr9WpD9COWPL4xjPs4W56M9zsMo9NbpuJRvaAjY4DunGMC OR6EtlTKJu9RiLIqJM+SLpYtXdLeQyJJTMe0oWN3JvR/7/Gmd6RHyTA75FByNV5yfrWM OZABhhKXpx3MT0V5dwaZcBrKH1ssGhUMV+TcPkLKdPwIHETRtYxfqe3zgsvQvhP3xDVj 0BVcpfO2cA+/VH+ZDyPpgQB7aafM/BhkVbhHmd/XY5W2iOf1K3USc9ZJutfn7cMQD1Is 17q++LsJTgwAW+AhJs++2x+VKmWdGqwuvnuYMhmTLaqcli2CManNCJCPn3ZHJUWLnIUK xcqg== X-Received: by 10.236.4.72 with SMTP id 48mr16604303yhi.209.1373420783377; Tue, 09 Jul 2013 18:46:23 -0700 (PDT) Received: from [192.168.2.5] (adsl-65-0-120-51.jan.bellsouth.net. [65.0.120.51]) by mx.google.com with ESMTPSA id a62sm49111908yhk.4.2013.07.09.18.46.22 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 09 Jul 2013 18:46:22 -0700 (PDT) Message-ID: <51DCBCED.3030407@gmail.com> Date: Tue, 09 Jul 2013 20:46:21 -0500 From: Dale User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 SeaMonkey/2.17.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Linux viruses References: <51D728BA.4060906@gmail.com> <51D73FFF.9020200@iinet.net.au> <51D746E5.1040606@gmail.com> <20130707092526.GA14811@waltdnes.org> <51DABD73.1080609@gmail.com> In-Reply-To: X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 0c45dbff-9c29-42e4-b3fb-778199e4568c X-Archives-Hash: 88d82398a183e82498ae970a21908907 Paul Hartman wrote: > On Mon, Jul 8, 2013 at 8:24 AM, Dale wrote: >> Questions. Can a virus infect the OS when running on Linux through >> java/javascript/flash? Or would the infection at the least be limited >> to that user? > I think how they typically work, on any OS, is they exploit a bug in > the browser (or a browser plug-in) to run code on your local machine, > and then that code exploits the operating system in order to get > root-level privileges. After it has that, the possibilities are > endless... > > There's nothing special about Linux that would make that scenario play > out any better than it does on Windows, but in reality the number of > exploits found for Windows has been greater, and the number of Linux > web browser users is far fewer, so it's pretty rare to see web pages > that target Linux exploits (but I do read about them from time to > time). > > I personally use Firefox with RequestPolicy, NoScript and Adblock > Plus. That still won't protect me from a bug in Firefox itself. I > suppose if I really wanted to be paranoid I would run it in a virtual > machine (but, hey, those can be exploited, too). At some point, you > have to just go with it and hope for the best. Either that or turn off > the computer. :) > That's my thinking to but also see my reply to Walter. I use Linux for several reasons and security is one of them. Linux is more security oriented and faster with fixes be it a browser or some other package. Gentoo works with upstream to get serious issues fixed pretty fast. >> How is html5 going to affect this? Better or worse? > HTML5 is already here and you're probably already using it. :) The > biggest benefit to using "anything but Flash" is the idea that the > code is not in Adobe's hands and that the community would identify and > fix bugs sooner. But that's not guaranteed to be the case. > > A web browser is perhaps the most complicated piece of software most > of us will ever run on our computers, and there's a lot of room for > mistakes to happen in those millions of lines of code. Anything can > happen. > > . > I have opted in for html5 on youtube. I think I also have a plugin that enables html5 as well when available. I have one for https as well. Given this NSA mess, may help a little anyway. O_O Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words!