Re: [gentoo-user] Horribly off-topic linux distro question...
On Fri, 2008-02-08 at 20:47 -0600, Dan Farrell wrote: On Thu, 07 Feb 2008 14:04:27 + Steve [EMAIL PROTECTED] wrote: In the context of online banking, where Windows of some flavour is the desktop OS, I see a substantial risk arising through spyware and/or viruses. I suspect that a neat way to mitigate this would be to run an OS from a CD which offers nothing more fancy than a basic web-browser. Is there anything like this already available? Isn't mozilla (not firefox, that is) ) made for this kind of thing? I thought it was the hardened, corporate-ready branch of the browser. Incidentally, i think the best solution to spyware/adware worries is to not run windows. I have yet to find a substantiated claim of any malware (real malware, not theoretical, lab-contained stuff) for linux. What you mean is Netscape Navigator (basically the Mozilla suite aka Seahorse). I don't know whether there are any differences to good old Mozilla other than branding, regular security fixes and customer service. Malware for Linux? What about those macro viruses for Open Office? Every cross platform software such as Mozilla derivatives, java based stuff like Azureus and so on is a possible target. signature.asc Description: This is a digitally signed message part
Re: [gentoo-user] Horribly off-topic linux distro question...
Florian Philipp wrote: SNIP Malware for Linux? What about those macro viruses for Open Office? Every cross platform software such as Mozilla derivatives, java based stuff like Azureus and so on is a possible target. But can they infect a Linux box the way they do a M$ box? I don't use Windoze here but since I only use Linux I would like to know just how secure it is. I manage my bank account and credit card account from my Linux box. I also have java and OOo installed. Thanks Dale :-) :-) -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Horribly off-topic linux distro question...
On Saturday 09 February 2008, Dale wrote: But can they infect a Linux box the way they do a M$ box? I don't use Windoze here but since I only use Linux I would like to know just how secure it is. I manage my bank account and credit card account from my Linux box. I also have java and OOo installed. It's a bit of a loaded question, but here goes anyway: It's extremely hard to quantify just secure or insecure a machine and/or OS is. Some try and count number of bugs found - well, total number of bugs per 1000 lines of code seems to mostly fall in a standard range regardless of programmer or team (!) Strange but true - I've read studies that show it. So Firefox gets about as many bugs as IE by and large, as does Office and OpenOffice.org. That much you can measure. What is much harder to measure is how severe those bugs are. On a Windows machine, an account with admin rights that gets compromised can be pretty severe. On a Linux machine less so, as long as the machine has sane permissions. But in either case, all your user data, photos and music can still be trashed. To most users that's more catastrophic than being pwned. What is undeniable is that zombie networks consist almost exclusively of Windows machines, not Linux ones. Once the bad guys turn their attention to Linux (which will happen it's just a matter of time) I'm sure you will see an increase in this stat. I can't give figures, and I've never seen someone else who can either. It's my opinion that right now phishing and good old-fashioned spy tricks are more of a risk than Linux spyware, so you should pay attention to pros who know Linux well and follow their advice. For instance it's a good idea and a good convenience to allow cookies for b.g.o. to log you in immediately. You should not be doing this with your on-line banking site -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Horribly off-topic linux distro question...
On Sat, 09 Feb 2008 04:10:56 -0600 Dale [EMAIL PROTECTED] wrote: Florian Philipp wrote: SNIP Malware for Linux? What about those macro viruses for Open Office? Every cross platform software such as Mozilla derivatives, java based stuff like Azureus and so on is a possible target. But can they infect a Linux box the way they do a M$ box? I don't use Windoze here but since I only use Linux I would like to know just how secure it is. I manage my bank account and credit card account from my Linux box. I also have java and OOo installed. openoffice macro virus: http://www.securityfocus.com/brief/218 (proof of concept) http://www.zdnet.com.au/news/security/soa/OpenOffice-macro-worm-exposes-bad-bunny/0,130061744,339277689,00.htm and finally, http://www.linux.com/feature/54824 (quoted:) Lynch is perhaps overstating the case, but the general agreement is that the Kaspersky Lab claim is an exaggeration. At best, it serves as a warning against trusting files from unknown sources. Clearly, it is neither new nor cause for anything more than standard caution. ==--- It could be debated whether a macro of this kind is really a virus - the question is, would openoffice have let it mess with the filesystem? as for firefox, I have yet to find any security concerns targeting recent releases. I definitely _don't_ trust java apps in general, but think the best course of action is to run the very most recent version. Thanks, gentoo. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Horribly off-topic linux distro question...
On Thu, 07 Feb 2008 14:04:27 + Steve [EMAIL PROTECTED] wrote: In the context of online banking, where Windows of some flavour is the desktop OS, I see a substantial risk arising through spyware and/or viruses. I suspect that a neat way to mitigate this would be to run an OS from a CD which offers nothing more fancy than a basic web-browser. Is there anything like this already available? Isn't mozilla (not firefox, that is) ) made for this kind of thing? I thought it was the hardened, corporate-ready branch of the browser. Incidentally, i think the best solution to spyware/adware worries is to not run windows. I have yet to find a substantiated claim of any malware (real malware, not theoretical, lab-contained stuff) for linux. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Horribly off-topic linux distro question...
On Feb 7, 2008 9:04 AM, Steve [EMAIL PROTECTED] wrote: In the context of online banking, where Windows of some flavour is the desktop OS, I see a substantial risk arising through spyware and/or viruses. I suspect that a neat way to mitigate this would be to run an OS from a CD which offers nothing more fancy than a basic web-browser. Is there anything like this already available? -- gentoo-user@lists.gentoo.org mailing list Try Knoppix, it will have everything you need to do you online banking. -- gentoo-user@lists.gentoo.org mailing list
