Re: Firefox users take note!

I used to use FF :-) Then moved to Chromium (Not Google Chrome) Now I use rekonq

Re: Firefox users take note!

A large part of my job is computer security - and if you look at someplace like the National Vulnerability Database - http://nvd.nist.gov you'll find that Firefox has at least as many vulnerabilities as Internet Explorer these days. Check it out -

In the last three years IE's had 260 listed vulnerabilities in NVD while Firefox has 643. It's easy enough to check for yourself - look here:

http://web.nvd.nist.gov/view/vuln/search

Just enter "Internet Explorer" or "Firefox" and punch the "Search last 3 years" button.

Re: Firefox users take note!

using that page there is one known vulnerablility for rekonq as well

on another not looks like opera has the most total isues @ 908, but they all seam to be fixed in v 10.63

thanks for the link

Re: Firefox users take note!

Hi
I was a "volunteer" at what used to be called "Computer Cops" and then "Castle Cops"....now defunct...

The volunteers just could not handle the workload and the couple(man and wife) who ran it just became EXHAUSTED trying to keep the site going with the MASSIVE denial of service attacks and nobody............

DONATED enough money!

But.... even back than....what.... 2005.... we were discussing WHEN, not if, Linux would be targeted and even though the first FF exploit had not yet appeared the general discussion was that the first "concerted" attempts would be through FF...

Speaking as someone who spent hours/days working with people who had malware/BADstuff on their computers from the standpoint of CC and the guy down the block who shows up with beer and his tower because he does NOT want his wife to know about the porn on it....

a) do not go to sites where your grandmother would not want you to go.
b) do not click an "attachment" unless you have a really good filter like Yahoo, or something on your machine to check it.
c) do not click a .exe file unless you PERSONALY know the sender....

NOW..................just how the bad guys will send a Linux item, as a .tar. or whatever....we do not know...

But.... the basic idea is ............... DO NOT TRUST anybody that you do not KNOW online!!!

just my experiences and there are probably people who would argue with my ideas because they are about two and a half years old now... sorry....

woodbehindthetimessmoke

Re: Firefox users take note!

Unless you have WINE installed, clicking on an EXE won't do anything in Linux. IF you have WINE installed the worse case mode is that your WINE installation will get hosed and you will have to reinstall it. IF the WINE virtual engine isn't running nothing will happen even if WINE is installed.

Linux Trojans or viruses cannot be run without being installed AS A FILE on the HD. While the occasional person might save a tar file, untar it, navigate to its directory and run the necessary commands to configure, compile and install the contents of a tar file, the VAST MAJORITY do not know how, or know enough NOT to try. So, downloaded tar and other files are a poor route to use if a bad guy wants to infect a LOT of Linux computers in a short amount of time. As I mentioned before, it took a group of professional hackers over 6 months to collect 730 or so Linux boxes in their bot farm. During the same period infected emails collected over 1.3 million windows zombies in the largest bot farm ever found last year.

Linux will never become as easy to infect as Windows because its security model is different. Unix has been around for over 40 years, and Linux for almost 20 of those years, yet you never hear of a major Unix/Linux infection, of the magnitude that commonly afflicts Windows.

FireFox, or any browser, is susceptible to infected java applets. IF the java applets do not have a valid digital signature or certificate and IF you approve of the bogus digital signature or certification when asked by FireFox, then NO amount of software coding can circumvent that infection vector.

Or, do not trust anybody online whom you do not know... Good advice.

Re: Firefox users take note!

Sorry GreyGeek you caught me out on that:

Unless you have WINE installed, clicking on an EXE won't do anything in Linux.

I should have written that and didn't, too much time on the couch.

thanks for the catch.

woodsmoke

Re: Firefox users take note!

But you can get a virus attachment even from people you do know personally if their email has been hacked and they don't know about it, yet...

Re: Firefox users take note!

I have windows using friends and have, on several occasions, received emails with virus attachments. You can click on them all you want. You can even save them to your HD. You can even click on them while they are setting on your HD. What you HAVE to do AFTER you save them to your HD is to modify their permissions by adding the execute permission (manually or using Dolphin). Then, if you click on them, it will only run IF they are valid shell scripts or ELF binaries. If they are EXE files it doesn't matter what their permissions are, they will never execute. When java jar files are clicked they open up in Ark.

In other words, you really have to work at it to get an email virus attachment to execute in Linux. That's why you rarely see a linux virus attached to an email. In fact, IIRC, it has been over eight years since I last saw a putative Linux virus email attachment. For a short period of time, a few years ago, KDE desktop files (*.desktop) could be emailed and they would run the executable they were designed for when clicked as an email attachment, but that susceptibility lasted only a week or so, and it never worked on the Mandriva DE that I was running at the time.