Re: OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva <ssilva@xxxxxxxxxxxx> wrote:
> on 4-17-2009 9:33 AM Lanny Marcus spake the following:
>> On Fri, Apr 17, 2009 at 11:25 AM, William L. Maltby
>> <CentOS4Bill@xxxxxxxxxxxx> wrote:
>>> On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote:
>>>> On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters <mpeters-ee4meeAH724@xxxxxxxxxxxxxxxx> wrote:
>>>> <snip>
>>>>> My experience is that when browsing on any OS and you come across an
>>>>> error message stating that your computer is infected and you need to
>>>>> install such and such software, the web site I was visiting has an XSS
>>>>> exploit that was taken advantage of to try and get you to manually
>>>>> install a piece of malware.
>>>>>
>>>>> Install the FireFox extension "noscript" and be very careful about what
>>>>> domains you authorize scripting from.
>>
>> I now have NoScript installed.
>>
>> <snip>
>>> You might want to also check your preferences. FF has settings about
>>> warning about fraud sites etc. You also can affect the things that
>>> javascripts can do and suppress pop-ups. I've encountered those things
>>> that you mentioned and gotten no ill-effects since I just leave the site
>>> immediately.
>>
>> Bill: I will double check the Firefox configuration settings, since I
>> upgraded from CentOS 5.2 to 5.3, last Friday night. I need to be able
>> to visit that web site, so if anything bad is coming from it (without
>> the knowledge of the webmaster) I will hopefully avoid it, with the
>> NoScript Firefox extension which I just installed. Lanny
>
> Noscript will give you an idea of just how many sites run a script of some
> kind. You will see a large part of sites just look different when the scripts
> don't run, and some don't function at all. Not that it is a bad thing, it will
> just make you think a lot.
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
>

Remember the NeXT step days (for me, mid 90's) when a single
executable binary file contained both intel and PowerPC/Motorola code.
 When clicked, it would execute the intel code on the intel platform
and the PowerPC/Motorola code on the PowerPC/Motorola platform.  I
think it would be cool to have Portable App executables that run under
both Linux and Windows because life would be easier, but the security
problem would be too much of a downside -- a single binary that roots
both Linux and Windows.

It is easy to write an executable binary for Linux that ends in .exe -
so that is don't think that is any protection at all.

Clicking "Cancel" on these dialogs or X could still launch the
executable - safest thing to do would be to kill firefox.

Further recommend NoScript and SiteAdvisor simultaneously.  Recommend
against wine and even more so against the Internet Explorer
whatchamacallit for Firefox including on wine.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux