Liam, On 13/06/13 17:20, Liam Proven wrote: > On 13 June 2013 17:04, Tony Arnold <tony.arn...@manchester.ac.uk> wrote: >> Liam, >> >> On 13/06/13 16:37, Liam Proven wrote: >>> On 13 June 2013 15:02, Tony Arnold <tony.arn...@manchester.ac.uk> wrote: >>>> OS X can be compromised. >>> >>> *All* operating systems can be compromised. >>> >>>> Doesn't really matter whether it's technically >>>> a virus or a trojan >>> >>> Yes it does. It matters very very much indeed. This too is a red herring. >> >> You've cut short my sentence which went on to say the same things are at >> risk such as credentials, bank details etc., regardless of how the >> infection got there. > > As I said, *all* computers are vulnerable to social engineering of the > user. Ergo, this is completely irrelevant to any discussion of the > relative vulnerability of Mac, Windows and Linux. If you can con > someone via a clever website or a phone call, then you can do so via > other websites -- the OS they're running doesn't matter.
It depends! If the intent of the social engineering is to get a Trojan loaded on to the user's machine, then the Trojan has to operate on the relevant O/S. If it's to steal credentials then no, it doesn't matter. How the trojan operates may then depend on the vulnerability of the underlying system and whether it can gain root access etc. Many trojans seem to set up hooks on system API calls and thus intercept normal system calls to do nasty things. That needs high privileges. Linux may be safer in this respect. >> There are many attack vectors. Infected media, file sharing etc. Just >> being connected to a network is less of a risk these days because MS >> eventually decided that having a firewall turned on by default is a good >> idea. > > True. Windows is /much/ better than it was. However, this requires > immense, constant vigilance by MS. So as soon as a version is no > longer supported, its users really /must/ upgrade, ASAP. One of the reasons I don't like Windows is the need to apply sticking plasters, such as anti-virus, anti-spyware, firewalls etc., over the base operating system. >> Yes, but this is becoming more and more prevalent. Much of this is being >> driven by criminals, not script kiddies. The social engineering is >> getting to be quite clever (if you don't know what you are looking for) >> and many users are easily fooled. There is quite a family of bank >> stealing trojans around which are really worrying. > > Absolutely. > > http://theonion.github.io/blog/2013/05/08/how-the-syrian-electronic-army-hacked-the-onion/ Seen similar modes of attack locally. >> This all tends to be targeted at Windows, but as the original OP said, >> if Linux starts to take a significant share of the world's computer >> usage, then the criminals will target Linux as well. And if the system >> itself is not vulnerable, they will target the weakest point which, >> unfortunately, is the human being sitting at the keyboard! > > Seriously, I think targeting individual OSes is a dying trend, just as > desktop computers are declining. It will be via corporate email > systems and so on, like the Onion one there. The OS doesn't matter. Criminals will go for the low hanging fruit. So whatever direction the industry is going for the hackers will seek out the easiest and most lucrative vulnerabilities be that in the system or the human. >> I just worry that there is a danger that Linux and Mac OS users get >> complacent (and in my job I have had to inform Mac users that their >> machine is compromised and get the response that this is just not >> possible because I am using a Mac!) and they are 'safe' because they >> don't use Windows. That kind of complacency is misplaced, IMHO. > > A fair point, you're absolutely right. I think we are both saying similar things but may be from slight different angles! Regards, Tony. -- Tony Arnold, Tel: +44 (0) 161 275 6093 Head of IT Security, Fax: +44 (0) 705 344 3082 University of Manchester, Mob: +44 (0) 773 330 0039 Manchester M13 9PL. Email: tony.arn...@manchester.ac.uk -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
