From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-148506-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id A33081381F3
	for <garchives@archives.gentoo.org>; Mon,  8 Jul 2013 14:52:49 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 498A1E0A8C;
	Mon,  8 Jul 2013 14:52:45 +0000 (UTC)
Received: from mail-pb0-f45.google.com (mail-pb0-f45.google.com [209.85.160.45])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id E6EC5E0830
	for <gentoo-user@lists.gentoo.org>; Mon,  8 Jul 2013 14:52:43 +0000 (UTC)
Received: by mail-pb0-f45.google.com with SMTP id mc8so4378989pbc.4
        for <gentoo-user@lists.gentoo.org>; Mon, 08 Jul 2013 07:52:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date
         :x-google-sender-auth:message-id:subject:to:content-type;
        bh=qggZ5Pd8EtTJSGV+xHSDU0tJ80/3mXRtYwaeo0CrtVM=;
        b=e6aMjaI4QXUg9kMwOG0m3tABw7+rocTrbPw4UwdBRdjBGIFge2Dm8nKhVrQGQJM84z
         7X4w/8cCZ07AfI4882haA3vwFluI7S5YCbFIYZ6uSj/3yBq4KCd3kqr9Gi/bmDpfK7G7
         s7iu4pFwdWbNMnaGCpB65JEu7r0Z1wUxzmYjolTMDDCK5eXp36dYaoImU0ebGCKsEgKK
         gJWyL6KfcPhtPm9hDDAqY0YatJDdcaT1RtUhVatG0WwoOrxZ8orBsBYrvYhXh/I1PkRK
         4NBP42jIsG2fn9fwsIDm8t4eRLZmx/NjYgzaSyMn97XBuGCc4DlMmBrj+ErN+vjo3Nib
         E1AQ==
X-Received: by 10.68.221.138 with SMTP id qe10mr21747837pbc.103.1373295162774;
 Mon, 08 Jul 2013 07:52:42 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Sender: paul.hartman@gmail.com
Received: by 10.70.62.105 with HTTP; Mon, 8 Jul 2013 07:52:22 -0700 (PDT)
In-Reply-To: <51DABD73.1080609@gmail.com>
References: <51D728BA.4060906@gmail.com> <51D73FFF.9020200@iinet.net.au>
 <51D746E5.1040606@gmail.com> <20130707092526.GA14811@waltdnes.org> <51DABD73.1080609@gmail.com>
From: Paul Hartman <paul.hartman+gentoo@gmail.com>
Date: Mon, 8 Jul 2013 09:52:22 -0500
X-Google-Sender-Auth: fUplqKDaCi-sYy0rRqOx-0dySTE
Message-ID: <CAEH5T2OR=tih0PkDhgFCXk6hYCcoOn8YOScQLXzScAK-3VGKfg@mail.gmail.com>
Subject: Re: [gentoo-user] Linux viruses
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
X-Archives-Salt: e4667fd5-a888-4f69-8c2e-da8da4371548
X-Archives-Hash: 9db088b8508f32611fcc1cc27b5e4804

On Mon, Jul 8, 2013 at 8:24 AM, Dale <rdalek1967@gmail.com> wrote:
> Questions.  Can a virus infect the OS when running on Linux through
> java/javascript/flash?  Or would the infection at the least be limited
> to that user?

I think how they typically work, on any OS, is they exploit a bug in
the browser (or a browser plug-in) to run code on your local machine,
and then that code exploits the operating system in order to get
root-level privileges. After it has that, the possibilities are
endless...

There's nothing special about Linux that would make that scenario play
out any better than it does on Windows, but in reality the number of
exploits found for Windows has been greater, and the number of Linux
web browser users is far fewer, so it's pretty rare to see web pages
that target Linux exploits (but I do read about them from time to
time).

I personally use Firefox with RequestPolicy, NoScript and Adblock
Plus. That still won't protect me from a bug in Firefox itself. I
suppose if I really wanted to be paranoid I would run it in a virtual
machine (but, hey, those can be exploited, too). At some point, you
have to just go with it and hope for the best. Either that or turn off
the computer. :)

> How is html5 going to affect this?  Better or worse?

HTML5 is already here and you're probably already using it. :) The
biggest benefit to using "anything but Flash" is the idea that the
code is not in Adobe's hands and that the community would identify and
fix bugs sooner. But that's not guaranteed to be the case.

A web browser is perhaps the most complicated piece of software most
of us will ever run on our computers, and there's a lot of room for
mistakes to happen in those millions of lines of code. Anything can
happen.