Liam, On 13/06/13 16:37, Liam Proven wrote: > On 13 June 2013 15:02, Tony Arnold <tony.arn...@manchester.ac.uk> wrote: >> OS X can be compromised. > > *All* operating systems can be compromised. > >> Doesn't really matter whether it's technically >> a virus or a trojan > > Yes it does. It matters very very much indeed. This too is a red herring.
You've cut short my sentence which went on to say the same things are at risk such as credentials, bank details etc., regardless of how the infection got there. > On Windows, merely looking at an email, or opening a saved email > attachment, is enough to get a machine 0wned. This cannot be prevented > any more; HTML rendering is embedded into the core of the OS. You > could completely remove IE from Windows 98 & this was demonstrated in > court, when MS was being prosecuted for illegal restraint of trade, to > show that MS' claim that IE was an integral part of Windows was a lie. > > MS got off scott-free. > > It is no longer the case. > > Viruses infect. You don't need to do anything, enter any passwords; a > machine, sitting on a network, not logged in, no user apps running, > can be infected by a suitably clever virus. A machine can be infected > by a virus just by being turned on with infected media in its drives, > or attached to its ports. There are many attack vectors. Infected media, file sharing etc. Just being connected to a network is less of a risk these days because MS eventually decided that having a firewall turned on by default is a good idea. > Trojans have to be installed by the user. They can't get in on their > own. You have to trick the user into saying yes, and in most cases, > into entering their password. Yes, but this is becoming more and more prevalent. Much of this is being driven by criminals, not script kiddies. The social engineering is getting to be quite clever (if you don't know what you are looking for) and many users are easily fooled. There is quite a family of bank stealing trojans around which are really worrying. This all tends to be targeted at Windows, but as the original OP said, if Linux starts to take a significant share of the world's computer usage, then the criminals will target Linux as well. And if the system itself is not vulnerable, they will target the weakest point which, unfortunately, is the human being sitting at the keyboard! And don't forget, some phishing scams are completely platform independent. An e-mail saying 'update your details or your account will be terminated' that then sends the user off to a dodgy web site that harvests credentials can work on any platform. I just worry that there is a danger that Linux and Mac OS users get complacent (and in my job I have had to inform Mac users that their machine is compromised and get the response that this is just not possible because I am using a Mac!) and they are 'safe' because they don't use Windows. That kind of complacency is misplaced, IMHO. Regards, Tony. -- Tony Arnold, Tel: +44 (0) 161 275 6093 Head of IT Security, Fax: +44 (0) 705 344 3082 University of Manchester, Mob: +44 (0) 773 330 0039 Manchester M13 9PL. Email: tony.arn...@manchester.ac.uk -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
