On 08/07/2013 15:24, Dale wrote: > Walter Dnes wrote: >> On Fri, Jul 05, 2013 at 05:21:25PM -0500, Dale wrote >> >>> Well, no Wine here. So that won't happen. Actually, I don't have a >>> copy of windoze here at all. Neither of my two rigs have ever had >>> windoze installed on them at all. >>> >>> BTW, I have been known to open those attachments before. I usually open >>> them with kwrite or something and try to see what is human readable in >>> there. Most is machine language but there is usually a small portion >>> that is human readable. They sent it and I'm nosy that way. lol >> The bad guys go after the "low hanging fruit", i.e. the easiest >> targets. Years ago, it was Internet Explorer. This also included >> Outlook and Outlook Express, which were glorified IE frontends. There >> were many "drive-by-downloads", thanks to Active-X (aka "Active-Hacks"). >> >> MS has gotten its act together on IE, so the bad guys are now going >> after other stuff. The "other stuff" is cross-platform stuff like Java >> and Javascript and Adobe Acrobat and Flash (known affectionately as >> "Schlockwave Trash"). So yes... it can happen here. >> >> I've been Java-free for years. I use Noscript and Flashblock on >> Firefox. I keep Opera around for those sites that don't work on >> Firefox. I also use mupdf instead of the bloated Acrobat Reader >> monstrosity. >> > > > Questions. Can a virus infect the OS when running on Linux through > java/javascript/flash?
Yes. If you can get the payload to run, then that code will run and will do whatever the environment it is in will let it do. > Or would the infection at the least be limited > to that user? That's the normal case, but by no means the only one. If you have sudoers set up to run any command as root without using a password, well then.... > > How is html5 going to affect this? Better or worse? I think you need to gain a deeper understanding of how computer software works Dale. You are asking black/white questions, and the world just is not like that. It's all grey. These questions do not have simple answers. Windows well-deserved it's bad rep from many years ago - that came not from bad security or loopholes but more from the simple fact that early Windows had no security to speak of. It wasn't poor locks, there just wasn't a lock, not a door ... oh stuff it there wasn't even a wall to put the door in for many years! Things have vastly improved now and Windows in the hands of someone with clue rates about the same as (more-or-less conventional) Linux in the hands of someone with clue. Lastly, gaining root permissions is no longer the holy grail it used to be. Nowadays first prize is ability to send mail through your mail accounts, access your browsing history, and get into your password wallet. All of which by their very nature, MUST be accessible to the user's account. -- Alan McKinnon alan.mckin...@gmail.com
