On Mon, Jul 8, 2013 at 8:24 AM, Dale <rdalek1...@gmail.com> wrote: > Questions. Can a virus infect the OS when running on Linux through > java/javascript/flash? Or would the infection at the least be limited > to that user?
I think how they typically work, on any OS, is they exploit a bug in the browser (or a browser plug-in) to run code on your local machine, and then that code exploits the operating system in order to get root-level privileges. After it has that, the possibilities are endless... There's nothing special about Linux that would make that scenario play out any better than it does on Windows, but in reality the number of exploits found for Windows has been greater, and the number of Linux web browser users is far fewer, so it's pretty rare to see web pages that target Linux exploits (but I do read about them from time to time). I personally use Firefox with RequestPolicy, NoScript and Adblock Plus. That still won't protect me from a bug in Firefox itself. I suppose if I really wanted to be paranoid I would run it in a virtual machine (but, hey, those can be exploited, too). At some point, you have to just go with it and hope for the best. Either that or turn off the computer. :) > How is html5 going to affect this? Better or worse? HTML5 is already here and you're probably already using it. :) The biggest benefit to using "anything but Flash" is the idea that the code is not in Adobe's hands and that the community would identify and fix bugs sooner. But that's not guaranteed to be the case. A web browser is perhaps the most complicated piece of software most of us will ever run on our computers, and there's a lot of room for mistakes to happen in those millions of lines of code. Anything can happen.