Hi, was watching this http://www.bbc.co.uk/iplayer/episode/b01c12nz/Click_04_02_2012/ (my dad sent it me )
I was wondering if anyone has any thoughts about this - specifically if, in the "man in the browser" area, the threat level in FreeSoftware is the same as in Proprietary?
I am aware that many FOSS users claim malware is less likely to a) be made for OS's like Debian and b) Will be less effective due to the design of these OS's if it is made - however these financial attacks seem to focus mostly on the browser - does this mean that firefox on windows and firefox on ubuntu are equally vulnerable?
Best
Anna
Anna Morris say.hello.to.anna@googlemail.com
I was wondering if anyone has any thoughts about this - specifically if, in the "man in the browser" area, the threat level in FreeSoftware is the same as in Proprietary?
OTTOMH, it'll depend what attack vector is used to put the man in the browser. If it's something like javascript silently installing some add-on, then it's probably the same threat on both platforms. If it's a buffer overflow running native code (and I'd expect that's more likely because then you can really screw with the browser from outside its oversight), then the same attack won't work and if you use anything other than the dominant Windows flavour, you win because it's less likely.
However, as one protection layer which I feel nearly everyone should have, I strongly recommend NoScript!
The lack of any similar feature - or even anything as good as the built-in Iceweasel/ Firefox cookie and script settings - is one reason I don't like Chromium yet and fear it replacing Iceweasel.
(That's a lot of mailing lists on the To and CC... will they all let me in?)
Hope that informs,