Matthew Macdonald-Wallace wrote: > Alan, > > Quoting alan c <[EMAIL PROTECTED]>: > >> With Ubuntu in mind I would be grateful for more information >> about the possible vulnerability - or not - of the sort of >> malware (trojan) which is likely to be used in the sort of >> current, and on a new scale, attack via infected websites as >> described in the Guardian: >> >> http://www.guardian.co.uk/international/story/0,,2106855,00.html >> >> My initial reaction is of course that linux doe snot install >> anything without a password, but then I remembered that in my >> user activities I was able to install a firefox extension without >> a password (I think), and in principle I can install into my >> user area with no password generally. >> >> So could a trojan be installed easily from an infected website >> without my knowledge? > > The answer is that at some point, there will be a vulnerability in > Firefox or any other open-source web browser that allows for this > kind of content to download itself onto your computer. > > This could be a keylogger which then emails logfiles to an irc-chat > room somewhere for _your user_, however it would not be able to > run as root unless you let it or it was working in conjunction with > other exploits that allowed unauthorised access to your system. > > The good news is that the chances of this is rare for the following > reasons: > > 1) Generally, a completely different set of code instructions would > need to be compiled for the program to run under linux 2) As the > vast majority of people use Windows, crackers are less likely to > write a trojan for Linux-based machines (although this could change > in time) 3) The chances of getting the exact two vulnerabilities > that the torjan/bug is written to exploit are pretty remote > > So all in all, viruses[0] and their ilk will come to linux as it > becomes more and more popular, however there will alwys be the fact > that Linux is inherently more secure than some of the alternatives > out there to give you a warm, fuzzy feeling... :o) > > HTH, > > M. [0] and it is Viruses, not Virii as I had though for years!
Thanks, much appreciated. Would there be a procedure to use browser/s with a different 'user' password, with much lower privileges than the normal user, so that when browsing the 'user-low' being used is not allowed to download anything knowingly or not (without password)? Accepted that the the user-low is still using a browser which may have weaknesses. -- alan cocks Kubuntu user#10391 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
