# from Mike Cherba
# on Wednesday 28 September 2011 11:37:
> Please reassure your wife that your linux machine will be safe.
> The article I've linked is a good intro level explanation of the
> reasons behind relative virus vulnerability between windows, linux,
> and OsX. It's a few years old, but the core still holds.
>
>http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/
While a linux machine is typically safer due to separations such as e.g.
not running the web browser in the kernel and not reading your e-mail
as root, any computer can have vulnerabilities.
Remember that whatever you execute can do anything your user can do
(including sudo.) Security holes tend to come from convenience
features and unexpected consequences in complicated software.
If you are using `mv` and other command-line tools to move windows files
around, it is very unlikely that you will get anything on your linux
machine. On the other hand, using a file manager means you are running
more complicated code and you begin to have more exposure where the
program's convenience features could be exploited, such as automatic
image preview causing a buffer overflow when given a bad image header.
Similarly, word processors and web browsers will try to do things with
a file which wouldn't happen with e.g. `head` or a text editor like vim
(though even vim will set syntax options based on modelines, which is
the sort of thing where a potential vulnerability could creep into the
code.)
I don't know of a case where using nautilus on linux to look at files
from an infected windows machine would hose your home directory, but
you should understand risk and exposure if you are concerned about
security.
--Eric
--
"Beware of bugs in the above code; I have only proved it correct, not
tried it."
--Donald Knuth
---------------------------------------------------
http://scratchcomputing.com
---------------------------------------------------
_______________________________________________
PLUG mailing list
[email protected]
http://lists.pdxlinux.org/mailman/listinfo/plug
