headers
Anna Morris | 8 Feb 13:37
Gravatar

Banking Malware and free/open-source software

Hi, was watching this http://www.bbc.co.uk/iplayer/episode/b01c12nz/Click_04_02_2012/ (my dad sent it me )

I was wondering if anyone has any thoughts about this - specifically if, in the "man in the browser" area, the threat level in FreeSoftware is the same as in Proprietary?

I am aware that many FOSS users claim malware is less likely to a) be made for OS's like Debian and b) Will be less effective due to the design of these OS's if it is made - however these financial attacks seem to focus mostly on the browser - does this mean that firefox on windows and firefox on ubuntu are equally vulnerable?

Best

Anna

--
www.ethical-pets.co.uk - The pet shop thats all sorts of ethical!

_______________________________________________
Fsuk-manchester mailing list
Fsuk-manchester@...
https://lists.nongnu.org/mailman/listinfo/fsuk-manchester
Permalink | Reply |
headers
MJ Ray | 8 Feb 21:37
Favicon
Gravatar

Re: Banking Malware and free/open-source software

Anna Morris <say.hello.to.anna@...>
> I was wondering if anyone has any thoughts about this - specifically if, in
> the "man in the browser" area, the threat level in FreeSoftware is the same
> as in Proprietary?

OTTOMH, it'll depend what attack vector is used to put the man in the
browser.  If it's something like javascript silently installing some
add-on, then it's probably the same threat on both platforms.  If it's
a buffer overflow running native code (and I'd expect that's more
likely because then you can really screw with the browser from outside
its oversight), then the same attack won't work and if you use
anything other than the dominant Windows flavour, you win because it's
less likely.

However, as one protection layer which I feel nearly everyone should
have, I strongly recommend NoScript!

The lack of any similar feature - or even anything as good as the
built-in Iceweasel/ Firefox cookie and script settings - is one reason
I don't like Chromium yet and fear it replacing Iceweasel.

(That's a lot of mailing lists on the To and CC... will they all let me in?)

Hope that informs,
--

-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/
Permalink | Reply |

Gmane