On Saturday 09 February 2008, Dale wrote: > But can they "infect" a Linux box the way they do a M$ box? I don't > use Windoze here but since I only use Linux I would like to know just > how secure it is. I manage my bank account and credit card account > from my Linux box. I also have java and OOo installed.
It's a bit of a loaded question, but here goes anyway: It's extremely hard to quantify just secure or insecure a machine and/or OS is. Some try and count number of bugs found - well, total number of bugs per 1000 lines of code seems to mostly fall in a standard range regardless of programmer or team (!) Strange but true - I've read studies that show it. So Firefox gets about as many bugs as IE by and large, as does Office and OpenOffice.org. That much you can measure. What is much harder to measure is how severe those bugs are. On a Windows machine, an account with admin rights that gets compromised can be pretty severe. On a Linux machine less so, as long as the machine has sane permissions. But in either case, all your user data, photos and music can still be trashed. To most users that's more catastrophic than being pwned. What is undeniable is that zombie networks consist almost exclusively of Windows machines, not Linux ones. Once the bad guys turn their attention to Linux (which will happen it's just a matter of time) I'm sure you will see an increase in this stat. I can't give figures, and I've never seen someone else who can either. It's my opinion that right now phishing and good old-fashioned spy tricks are more of a risk than Linux spyware, so you should pay attention to pros who know Linux well and follow their advice. For instance it's a good idea and a good convenience to allow cookies for b.g.o. to log you in immediately. You should not be doing this with your on-line banking site.... -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
