Alan, Quoting alan c <[EMAIL PROTECTED]>:
> With Ubuntu in mind I would be grateful for more information about the > possible vulnerability - or not - of the sort of malware (trojan) > which is likely to be used in the sort of current, and on a new scale, > attack via infected websites as described in the Guardian: > > http://www.guardian.co.uk/international/story/0,,2106855,00.html > > My initial reaction is of course that linux doe snot install anything > without a password, but then I remembered that in my user activities I > was able to install a firefox extension without a password (I think), > and in principle I can install into my user area with no password > generally. > > So could a trojan be installed easily from an infected website without > my knowledge? The answer is that at some point, there will be a vulnerability in Firefox or any other open-source web browser that allows for this kind of content to download itself onto your computer. This could be a keylogger which then emails logfiles to an irc-chat room somewhere for _your user_, however it would not be able to run as root unless you let it or it was working in conjunction with other exploits that allowed unauthorised access to your system. The good news is that the chances of this is rare for the following reasons: 1) Generally, a completely different set of code instructions would need to be compiled for the program to run under linux 2) As the vast majority of people use Windows, crackers are less likely to write a trojan for Linux-based machines (although this could change in time) 3) The chances of getting the exact two vulnerabilities that the torjan/bug is written to exploit are pretty remote So all in all, viruses[0] and their ilk will come to linux as it becomes more and more popular, however there will alwys be the fact that Linux is inherently more secure than some of the alternatives out there to give you a warm, fuzzy feeling... :o) HTH, M. [0] and it is Viruses, not Virii as I had though for years! -- Matthew Macdonald-Wallace Group Co-Ordinator Thanet Linux User Group http://www.thanet.lug.org.uk/ [EMAIL PROTECTED] GPG KEY: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xFEA1BC16 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
