LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 03-28-2009, 04:56 PM   #1
moxieman99
Member
 
Registered: Feb 2004
Distribution: Dabble, but latest used are Fedora 13 and Ubuntu 10.4.1
Posts: 413

Rep: Reputation: 82
Windows running Firefox more secure than linux running it?


Bullet points from an article in this week's (3/27) Economist about browsers. What does linux do about memory location randomization during installs? Did the author get it wrong?

Here:

The default browser on all Macs has been Apple’s Safari—a nifty program that uses a rendering engine and tools for running Java scripts borrowed from a venerable Linux browser called Konqueror.

A Windows machine [invading a browser] is harder to crack than a Mac because of the way Microsoft randomises the memory locations of code inserted into processes. Even if they can get into the system, hackers then have trouble finding where their nefarious bit of code is lurking.

Apple is not big on randomisation, which is part of the reason why Macintosh computers are so vulnerable to online attack, whether running Safari or even Firefox.

Hackers agree the toughest nut to crack is Firefox running on Windows.

For the second year running, a team led by Charlie Miller of Independent Security Evaluators won a $10,000 prize at the CanSecWest security conference in Vancouver held between March 16th and 20th, with a “drive-by” attack on a MacBook Air. With judges watching every keystroke, it took him only seconds to break remotely into the fully patched Macintosh laptop running Safari and take control of it.

Another security researcher at the Vancouver meeting cracked both Safari and Firefox on a Mac as bonus while doing something seriously tricky. The researcher in question, known only by his first name, Nils, broke into a Sony Vaio laptop running Internet Explorer 8 on Vista’s heavily fortified replacement, Windows 7. For compromising all three browsers—Internet Explorer, Firefox and Safari—Nils walked away with $5,000 in prize money.

The only browser left standing was Google’s one-year-old Chrome. The consensus was that even the lightning-fast Chrome would have been toppled if Google made a habit of buying information about bugs—thereby giving researchers an incentive to develop exploits.

Google’s engineers broke with the traditional architecture adopted by all web browsers. Instead of using a monolithic structure that combines both the user and the web together in a single protected area, Chrome ingeniously separates the main part of the program, the browser kernel, from the various rendering processes that recreate web pages on a computer screen. The browser kernel, which interacts directly with the operating system, is therefore shielded from anything questionable lurking on the web.

Last edited by moxieman99; 03-28-2009 at 04:57 PM. Reason: typo
 
Old 03-28-2009, 07:31 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,492
Blog Entries: 54

Rep: Reputation: 2906Reputation: 2906Reputation: 2906Reputation: 2906Reputation: 2906Reputation: 2906Reputation: 2906Reputation: 2906Reputation: 2906Reputation: 2906Reputation: 2906
Next time please post the articles URI plus your own opinion of things. Linux uses ASLR but not as strong as Linux patched with say PaX.
 
Old 03-28-2009, 07:57 PM   #3
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
Quote:
Hackers agree the toughest nut to crack is Firefox running on Windows.
Anytime someone claims "everyone agrees" about anything, you know they're full of !@#$%.

DEP (Data Execution Prevention) wasn't introduced into the Windows product family until XP SP2, by the way, and many people still don't use it.
 
Old 03-28-2009, 08:13 PM   #4
moxieman99
Member
 
Registered: Feb 2004
Distribution: Dabble, but latest used are Fedora 13 and Ubuntu 10.4.1
Posts: 413

Original Poster
Rep: Reputation: 82
Quote:
Originally Posted by unSpawn View Post
Next time please post the articles URI plus your own opinion of things. Linux uses ASLR but not as strong as Linux patched with say PaX.
--------------
I have no opinion on it. I simply read the article, had a question about the implied statement about Windows and Firefox being more secure than linux and Firefox, and condensed some of the salient points (within the limits of the "fair use" doctrine -- being a lawyer, I know what they are) so that others could readily get the gist of the article and comment on it.

Less effort on the part of others to see what the problem is = greater likelihood of good response.

Thanks for the note about ASLR and PaX.
 
Old 03-28-2009, 08:50 PM   #5
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
Since the Economist is an authority on hacking, perhaps some computer geek here can explain exactly how trickle-down economics works. From what I gather, Bernanke waves a magic wealth-creating wand over the freshly printed green paper. He then distributes it to his banker buddies and it trickles down in a supply-side and quasi-religious sort of way.
 
Old 03-28-2009, 09:13 PM   #6
moxieman99
Member
 
Registered: Feb 2004
Distribution: Dabble, but latest used are Fedora 13 and Ubuntu 10.4.1
Posts: 413

Original Poster
Rep: Reputation: 82
Quote:
Originally Posted by Crito View Post
Since the Economist is an authority on hacking, perhaps some computer geek here can explain exactly how trickle-down economics works. From what I gather, Bernanke waves a magic wealth-creating wand over the freshly printed green paper. He then distributes it to his banker buddies and it trickles down in a supply-side and quasi-religious sort of way.
Someone once said that "the Lord works in mysterious ways," and our economic bailout mechanisms certainly are mysterious, so you are right about the "quasi-religious" sort of way.

The Economist, as you know, covers a wide range of interests, and usually gets things right (but not always). I was stunned by the remark that Firefox on Windows was the hardest to hack into. I mean, Windows? So I posted the bullet points and wanted to get analysis from people who actually know Linux.
 
Old 03-28-2009, 09:14 PM   #7
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
Because the alternative would be the crazy belief that expanding the money supply dilutes the money in my pocket, stealing wealth from me and redistributing it to bankers who then give it to multinational monopolists who can't fail because they're "too big". But who would believe such a conspiracy theory? Only some tin foil hat wearing nut, I'm sure.

I'm just glad smarter people than me with MBAs from Harvard are taking care of the problem. We just need to have confidence in them and faith in the dollar. As long as everyone continues to worship at the church of free-market capitalism everything will be OK.
 
Old 03-28-2009, 09:43 PM   #8
DragonSlayer48DX
Registered User
 
Registered: Dec 2006
Posts: 1,454
Blog Entries: 1

Rep: Reputation: 74
I posted the story myself (including the link) for last year's event in Linux Questions/News-- Yes, the Mac was cracked in no time at all, and Windows was busted on the last day. BUT nobody could get into the Linux box.
 
Old 03-29-2009, 03:55 AM   #9
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Quick, let's all switch to Window$ and run FF because a BS article says it's more secure.
 
Old 03-29-2009, 06:07 AM   #10
DragonSlayer48DX
Registered User
 
Registered: Dec 2006
Posts: 1,454
Blog Entries: 1

Rep: Reputation: 74
Quote:
Originally Posted by H_TeXMeX_H View Post
Quick, let's all switch to Window$ and run FF because a BS article says it's more secure.
ROFL

Thanks, H- I needed that.
 
Old 03-29-2009, 06:37 PM   #11
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
The Economist isn't even reliable for economic news.

Quote:
The crash has laid bare many unpleasant truths about the United States. One of the most alarming, says a former chief economist of the International Monetary Fund, is that the finance industry has effectively captured our government -- a state of affairs that more typically describes emerging markets, and is at the center of many emerging-market crises. If the IMF’s staff could speak freely about the U.S., it would tell us what it tells all countries in this situation: recovery will fail unless we break the financial oligarchy that is blocking essential reform. And if we are to prevent a true depression, we’re running out of time.
The Quiet Coup: http://www.theatlantic.com/doc/200905/imf-advice
 
Old 03-29-2009, 08:02 PM   #12
moxieman99
Member
 
Registered: Feb 2004
Distribution: Dabble, but latest used are Fedora 13 and Ubuntu 10.4.1
Posts: 413

Original Poster
Rep: Reputation: 82
Quote:
Originally Posted by Crito View Post
The Economist isn't even reliable for economic news.



The Quiet Coup: http://www.theatlantic.com/doc/200905/imf-advice
====================
I've read that too. But the Economist (Brit, so no wonder they're keeping us in the dark) has also warned that Wall Street was getting too big for its briches
 
Old 04-03-2009, 08:36 PM   #13
FlGator81
Member
 
Registered: Nov 2008
Location: Baltimore
Distribution: Ubuntu
Posts: 65

Rep: Reputation: 21
I don't know of any news source that is always accurate all the time. However, that does not mean that a given periodical has never published anything accurate. One has to read an article and evaluate it, and the more one reads, the broader base they will have with which to evaluate information.

I, for one, doubt that Firefox is more secure on Windows than on anything else (especially Linux). I think it's fundamentally a permissions issue. Linux is a lot better about executing code at the user level than as root, if the user is logged in as a normal user, thus limiting the damage. Windows executes *all* code as admin unless you have created and logged into a restricted account, and even then permissions are not enforced as thoroughly as they could be.
 
Old 04-04-2009, 12:23 AM   #14
masonm
Senior Member
 
Registered: Mar 2003
Location: Following the white rabbit
Distribution: Slackware64 13.37 Android 4.0
Posts: 2,248

Rep: Reputation: 46
Yep, FF on Windows is far more secure, that's why all of the Windows firewall and AV folks are going out of business.
 
Old 04-04-2009, 10:12 AM   #15
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
Windows makes me feel like a mushroom: kept in the dark and fed s**t

But Bill Gates is too big to lose now. Anything that hurts Microsoft is bad for the economy, not just here in the USA either, but the entire globe.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How secure is windows XP running as a virtualBox guest on a Slackware 12.2 host garyg007 Slackware 6 03-30-2009 11:15 AM
Running Windows Server 2003 under qemu in a secure Linux sandbox neilcpp Linux - Software 1 02-16-2009 12:10 AM
Problems installing and running Frostwire on Acer One running Linpus Linux ricky1981 Linux - Newbie 1 12-19-2008 08:24 AM
Secure while running Damn Small Linux from within XP?? Adamski960 Linux - Security 4 08-02-2008 02:51 PM


All times are GMT -5. The time now is 02:17 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration