Windows running Firefox more secure than linux running it?
GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Dabble, but latest used are Fedora 13 and Ubuntu 10.4.1
Posts: 425
Rep:
Windows running Firefox more secure than linux running it?
Bullet points from an article in this week's (3/27) Economist about browsers. What does linux do about memory location randomization during installs? Did the author get it wrong?
Here:
The default browser on all Macs has been Apple’s Safari—a nifty program that uses a rendering engine and tools for running Java scripts borrowed from a venerable Linux browser called Konqueror.
A Windows machine [invading a browser] is harder to crack than a Mac because of the way Microsoft randomises the memory locations of code inserted into processes. Even if they can get into the system, hackers then have trouble finding where their nefarious bit of code is lurking.
Apple is not big on randomisation, which is part of the reason why Macintosh computers are so vulnerable to online attack, whether running Safari or even Firefox.
Hackers agree the toughest nut to crack is Firefox running on Windows.
For the second year running, a team led by Charlie Miller of Independent Security Evaluators won a $10,000 prize at the CanSecWest security conference in Vancouver held between March 16th and 20th, with a “drive-by” attack on a MacBook Air. With judges watching every keystroke, it took him only seconds to break remotely into the fully patched Macintosh laptop running Safari and take control of it.
Another security researcher at the Vancouver meeting cracked both Safari and Firefox on a Mac as bonus while doing something seriously tricky. The researcher in question, known only by his first name, Nils, broke into a Sony Vaio laptop running Internet Explorer 8 on Vista’s heavily fortified replacement, Windows 7. For compromising all three browsers—Internet Explorer, Firefox and Safari—Nils walked away with $5,000 in prize money.
The only browser left standing was Google’s one-year-old Chrome. The consensus was that even the lightning-fast Chrome would have been toppled if Google made a habit of buying information about bugs—thereby giving researchers an incentive to develop exploits.
Google’s engineers broke with the traditional architecture adopted by all web browsers. Instead of using a monolithic structure that combines both the user and the web together in a single protected area, Chrome ingeniously separates the main part of the program, the browser kernel, from the various rendering processes that recreate web pages on a computer screen. The browser kernel, which interacts directly with the operating system, is therefore shielded from anything questionable lurking on the web.
Last edited by moxieman99; 03-28-2009 at 04:57 PM.
Reason: typo
Distribution: Dabble, but latest used are Fedora 13 and Ubuntu 10.4.1
Posts: 425
Original Poster
Rep:
Quote:
Originally Posted by unSpawn
Next time please post the articles URI plus your own opinion of things. Linux uses ASLR but not as strong as Linux patched with say PaX.
--------------
I have no opinion on it. I simply read the article, had a question about the implied statement about Windows and Firefox being more secure than linux and Firefox, and condensed some of the salient points (within the limits of the "fair use" doctrine -- being a lawyer, I know what they are) so that others could readily get the gist of the article and comment on it.
Less effort on the part of others to see what the problem is = greater likelihood of good response.
Since the Economist is an authority on hacking, perhaps some computer geek here can explain exactly how trickle-down economics works. From what I gather, Bernanke waves a magic wealth-creating wand over the freshly printed green paper. He then distributes it to his banker buddies and it trickles down in a supply-side and quasi-religious sort of way.
Distribution: Dabble, but latest used are Fedora 13 and Ubuntu 10.4.1
Posts: 425
Original Poster
Rep:
Quote:
Originally Posted by Crito
Since the Economist is an authority on hacking, perhaps some computer geek here can explain exactly how trickle-down economics works. From what I gather, Bernanke waves a magic wealth-creating wand over the freshly printed green paper. He then distributes it to his banker buddies and it trickles down in a supply-side and quasi-religious sort of way.
Someone once said that "the Lord works in mysterious ways," and our economic bailout mechanisms certainly are mysterious, so you are right about the "quasi-religious" sort of way.
The Economist, as you know, covers a wide range of interests, and usually gets things right (but not always). I was stunned by the remark that Firefox on Windows was the hardest to hack into. I mean, Windows? So I posted the bullet points and wanted to get analysis from people who actually know Linux.
Because the alternative would be the crazy belief that expanding the money supply dilutes the money in my pocket, stealing wealth from me and redistributing it to bankers who then give it to multinational monopolists who can't fail because they're "too big". But who would believe such a conspiracy theory? Only some tin foil hat wearing nut, I'm sure.
I'm just glad smarter people than me with MBAs from Harvard are taking care of the problem. We just need to have confidence in them and faith in the dollar. As long as everyone continues to worship at the church of free-market capitalism everything will be OK.
I posted the story myself (including the link) for last year's event in Linux Questions/News-- Yes, the Mac was cracked in no time at all, and Windows was busted on the last day. BUT nobody could get into the Linux box.
The Economist isn't even reliable for economic news.
Quote:
The crash has laid bare many unpleasant truths about the United States. One of the most alarming, says a former chief economist of the International Monetary Fund, is that the finance industry has effectively captured our government -- a state of affairs that more typically describes emerging markets, and is at the center of many emerging-market crises. If the IMF’s staff could speak freely about the U.S., it would tell us what it tells all countries in this situation: recovery will fail unless we break the financial oligarchy that is blocking essential reform. And if we are to prevent a true depression, we’re running out of time.
====================
I've read that too. But the Economist (Brit, so no wonder they're keeping us in the dark) has also warned that Wall Street was getting too big for its briches
I don't know of any news source that is always accurate all the time. However, that does not mean that a given periodical has never published anything accurate. One has to read an article and evaluate it, and the more one reads, the broader base they will have with which to evaluate information.
I, for one, doubt that Firefox is more secure on Windows than on anything else (especially Linux). I think it's fundamentally a permissions issue. Linux is a lot better about executing code at the user level than as root, if the user is logged in as a normal user, thus limiting the damage. Windows executes *all* code as admin unless you have created and logged into a restricted account, and even then permissions are not enforced as thoroughly as they could be.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.