Paul Hartman wrote: > On Mon, Jul 8, 2013 at 8:24 AM, Dale <rdalek1...@gmail.com> wrote: >> Questions. Can a virus infect the OS when running on Linux through >> java/javascript/flash? Or would the infection at the least be limited >> to that user? > I think how they typically work, on any OS, is they exploit a bug in > the browser (or a browser plug-in) to run code on your local machine, > and then that code exploits the operating system in order to get > root-level privileges. After it has that, the possibilities are > endless... > > There's nothing special about Linux that would make that scenario play > out any better than it does on Windows, but in reality the number of > exploits found for Windows has been greater, and the number of Linux > web browser users is far fewer, so it's pretty rare to see web pages > that target Linux exploits (but I do read about them from time to > time). > > I personally use Firefox with RequestPolicy, NoScript and Adblock > Plus. That still won't protect me from a bug in Firefox itself. I > suppose if I really wanted to be paranoid I would run it in a virtual > machine (but, hey, those can be exploited, too). At some point, you > have to just go with it and hope for the best. Either that or turn off > the computer. :) >
That's my thinking to but also see my reply to Walter. I use Linux for several reasons and security is one of them. Linux is more security oriented and faster with fixes be it a browser or some other package. Gentoo works with upstream to get serious issues fixed pretty fast. >> How is html5 going to affect this? Better or worse? > HTML5 is already here and you're probably already using it. :) The > biggest benefit to using "anything but Flash" is the idea that the > code is not in Adobe's hands and that the community would identify and > fix bugs sooner. But that's not guaranteed to be the case. > > A web browser is perhaps the most complicated piece of software most > of us will ever run on our computers, and there's a lot of room for > mistakes to happen in those millions of lines of code. Anything can > happen. > > . > I have opted in for html5 on youtube. I think I also have a plugin that enables html5 as well when available. I have one for https as well. Given this NSA mess, may help a little anyway. O_O Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words!
