Hi, I have no idea about these things, but I was just reading an article about cyber-attacks on company secrets, here:http://www.bbc.com/news/business-37154314

Apparently, you open an innocuous seeming email, and bam, some program takes control of your computer! To install anything that can affect the system in Linux you would need to know the root password, right??

I just wondered if this kind of thing only affects Windows, or if it can also affect Linux computers? (not that I have any secrets to keep hidden)

If it needs local libraries yes. But if it runs alone in your home directory there is no need.

Malware and/or intrusions affect all disk operated systems. But generally these threats cannot easily run under Gnu/Linux/Unix.

1 members found this post helpful.

Can a program be downloaded in Linux as executable? Could it do things like send information without my knowledge or consent? Wouldn't it have to get sudo permission?

Yes there are some. In linux community some popular programs are offered in a pre-built binary; examples to these are Firefox and Seamonkey browsers; indeed almost all browsers are offered with following options: source (you will need build it yourself), configuration with sources (like slackBuilds) and binary form (e.g. firefox-bin). But don't think the way M$oft users think of binaries (*.exe) because it is far from that concept. There is no exe here; if ever a binary file lies in your system it wouldn't execute itself unless you own it or unless its permission allows you to.

In short an .exe file cannot run here.

Less likely, unless you are running as root, or you intentionally run it your self. \

Some known safety habits are ---

a) Do not download anything you do not understand;
b) Do not login to X and go out to the internet as *root* because by doing this you are acting like a poor M$Windows user who doesn't know he is running to the internet as root. Login rather as an ordinary user.
c) Any malicious java script can lie in your cache, visit these folders often and delete anything undesirable:
$USER/.cache
/var/tmp
/tmp
d) Do not install things you do not trust.
e) Do not run *wine*.

You alone has the sudo power.

Hope that helps. Good luck and enjoy.

m.m.

Another paranoid ...

http://www.whylinuxisbetter.net/item...ndex.php?lang=

http://www.whylinuxisbetter.net/item...ndex.php?lang=

phew, that was a fun read. pity it's 10 years old... i really hope wine developers have put some effort into that... any updates?

Thanks for the comments and links. Very interesting.

I'm wondering, if I run Windows 8.1 in Virtual Box, will that prevent malware?

I have to use Windows for my online bank, it will not work with anything else, I have to download the banking program from icbc.com.cn. That's the only thing I use Windows for, but Windows is excruciatingly slow to start and stop. I never timed it, but it seems to need about 5 to 10 minutes to get going or stop. I suppose it has a lot of crapware connecting to things I will never know about. My Ubuntu needs about a minute to start and about 5 seconds to shutdown. Luckily, I don't need to go to my online bank very often.

You would be wise to assume that security holes exist in Linux as well. Professional hackers have been successful at gaining access to almost every system.

Generally, phishing and other attacks are designed to attack Windows computers, because Windows is the majority of computers. The hunters hunt where the game is most plentiful; the shotgun is loaded for Windows, not for Linux.

For grins and giggles, I once clicked one of those "Your computer is infected with viruses" pop-ups on a website and watched the dialog claim to be scanning my C:\ drive. I was using Linux and I had no C:\ drive.

Those attacks could be easily be re-engineered to attack Linux computers. Because the Linux security model is inherently more secure than that of Windows (user does not have default administrative privileges), they would likely do less damage. Damage would probably be restricted to user's home directory, all other factors being equal.

Linux is inherently more secure, but that does not relieve user from the obligation to practice safe HEX.

Gladly I share to you my similar situation. I am pure blooded OSS user/votary/activist but how did I solve the situation where the bank and/or government make their services through M$ dominated methods? Of course I cannot give up my business nay my duties to the State. This I did.

a) I have to isolate my signals. Must be landline --definitely NO wi-fi in these transactions.

b) No way to run wine or virtual --it is dangerous to weaken Unix implementation under Gnu/Linux by running a M$ over it. So I bought a cheap machine solely for that purpose; the other location is by way of hosting a M$Win7 in a separate partition, dual booted.

c) I called the bank to try to implement solution when the client is running Firefox. They soon replied after two months that particular version of Firefox is qualified.

d) I run that machine only for that exclusive purpose.

e) I always monitor clean up the internet\temp folder.

I think that is the only way to be secured the least possible.

Hope that helps. Good luck and enjoy.

m.m.

malekmustaq & pedroski, why can't you just change your bank?

Drastic as this sounds I think I would do this if my bank decided to become part of Microsoft's marketing department. Well, first I would send them a communication (possibly physical letter) asking them nicely to explain how to use Linux to access things, if they didn't reply with such I would likely ask them to help me move my money to another bank not owned by Microsoft. I'd also send the correspondence to somebody like www.theregister.co.uk also in order to warn others that the bank was a Microsoft marketing outfit.

These people need to be stopped. So, if it's possible (and I know it's not always) then, yes, move banks.

Well, the other banks in China are no better, so changing banks would not be a step forward. Also I'm a poor man, so they probably would not notice if I left. ICBC is very big, I don't know that even MS could 'own' ICBC! I don't think that is the motivation for the use of Win.

I've often thought that, although MS complains about 'illegal copies' of Windows circulating here in China, I'm sure some people are quite happy to see Win on Govt. computers and Universities all over China. I know it is only the evil Chinese who hack other countries' computers, but if, just if, hypothetically, an American agency wanted to hack just one computer in China, wouldn't that make life easier for said agency?

That would be a shortcut solution ondoho. But as you see in capitalist countries camaraderie to bank manager and board members can override minor decisions if there are quiet workable solutions.

Thank you for your kindness.

m.m.