You are not logged in.

#1 2013-02-14 14:29:20

fpilee
Member
From: Windows 7
Registered: 2011-10-06
Posts: 104
Website

Linux or the browser can be infected by pages?

Some pages on internet show the warning about malicious software, my question is:
can be my computer with linux be infected with this? Maybe they can install a extension/addon without my concent in firefox or chrome, but in konqueror i should be safe rigth?

Last edited by fpilee (2013-02-14 14:36:28)

Offline

#2 2013-02-14 14:40:33

x33a
Forum Moderator
Registered: 2009-08-15
Posts: 3,346
Website

Re: Linux or the browser can be infected by pages?

No. If your browser can run javascript and other stuff such as flash, java etc, then any browser can get infected.

Offline

#3 2013-02-14 15:03:50

fpilee
Member
From: Windows 7
Registered: 2011-10-06
Posts: 104
Website

Re: Linux or the browser can be infected by pages?

with the firefox extension no script i will be safe?

Offline

#4 2013-02-14 15:20:42

HungGarTiger
Member
From: nz/auckland/
Registered: 2012-06-27
Posts: 186

Re: Linux or the browser can be infected by pages?

I think mostly, although it is a pain going through sites and turning scripts on and off for a while - also everytime you visit a new page you will have to do this.
The alternative it looking at AppArmour, that will keep individual applications contained. So even if your browser is infected with something then it wont be able to do anything.


"No sympathy for the devil. If you buy the ticket, take the ride."
- Hunter S. Thompson

Offline

#5 2013-02-14 15:32:18

Awebb
Member
Registered: 2010-05-06
Posts: 4,319

Re: Linux or the browser can be infected by pages?

If your browser can access your files in $HOME, then any breach of the browser sandbox can do harm to your personal data. Critical security holes could cause your browser to gain permissions beyond your the user account it uses to run. If you want to reduce risks, do not use third party plugins, like Java, Flash or PDF readers. Block scripts if you do not trust your javascript engine. Read more about SELinux and/or AppArmor and have a look at sandfox, to learn how to isolate single applications.

Offline

#6 2013-02-14 16:40:37

chris_l
Member
Registered: 2010-12-01
Posts: 387

Re: Linux or the browser can be infected by pages?

Browse websites using the elinks browser without javascript.

Or even in a more paranoid safe way: use curl and the html2text package to browse. Here is this thread browsed that way:

curl 'https://bbs.archlinux.org/viewtopic.php?id=158110'| html2text | less

wink


"open source is about choice"
No.
Open source is about opening the source code complying with this conditions, period. The ability to choose among several packages is just a nice side effect.

Offline

#7 2013-02-14 16:42:25

Ramses de Norre
Member
From: Leuven - Belgium
Registered: 2007-03-27
Posts: 1,289

Re: Linux or the browser can be infected by pages?

And even then, you can still be vulnerable to XSS and CSRF types of attacks, which are vulnerabilities in the websites you visit. You put your trust for a large part into the people who made the websites you visit.

Offline

#8 2013-02-14 16:49:29

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 948

Re: Linux or the browser can be infected by pages?

fpilee wrote:

Some pages on internet show the warning about malicious software, my question is:
can be my computer with linux be infected with this? Maybe they can install a extension/addon without my concent in firefox or chrome, but in konqueror i should be safe rigth?

Simply put: Linux is _no_more_secure_ than Windows/Mac.

For instance, I once had my browser settings modified (= access to $HOME) by some website on a WebOS (linux-based OS from HP) device. On the other hand, I have several perfectly clean Win7 machines with IE9...

There is no addon which would protect you completely. Your best bet is to run an up-to-date kernel and browser, constrain javascript, avoid anything from Adobe, and make sure that your account is not privileged. For a complete isolation, just run the web browser from a virtual machine.

Last edited by Leonid.I (2013-02-14 16:51:35)


Arch Linux is more than just GNU/Linux -- it's an adventure

Offline

#9 2013-02-14 18:12:49

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 12,955

Re: Linux or the browser can be infected by pages?

Build a browsing environment inside a VM.  When you want to browse, clone that environment and use it to browse to your heart's content.  When you are done, delete the clone.  Next time you want to browse, start with a clean environment again. 

And, yes.  It is theoretically possible to break out of a VM, but it extremely unlikely you will encounter that.

Edit:  Sorry, I stopped reading the previous post before I reached the last line sad

Last edited by ewaller (2013-02-14 18:13:44)


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Like you, I have no idea what you are doing, but I am pretty sure it is wrong...Jasonwryan
----
How to Ask Questions the Smart Way

Offline

#10 2013-02-15 01:18:28

nomorewindows
Member
Registered: 2010-04-03
Posts: 3,004

Re: Linux or the browser can be infected by pages?

My favorite was always taking a knoppix CD, booting from it, and browsing the internet.


I may have to CONSOLE you about your usage of ridiculously easy graphical interfaces...
Look ma, no mouse.

Offline

#11 2013-02-17 12:51:27

hunterthomson
Member
Registered: 2008-06-22
Posts: 794
Website

Re: Linux or the browser can be infected by pages?

Meh, you get use to NoScript. If a website can not run code on your computer then you can not be infected. You will still be vulnerable to attack from websites you have white listed if those white listed websites get owned. NoScript still cuts down the attack surface from anything to a very limited number of domains.

Leonid.I wrote:

Simply put: Linux is _no_more_secure_ than Windows/Mac.

I could not disagree more.

End of the day, Linux is Open Source, Windows and Mac OS are not. For all anyone outside of Microsoft and Apple know Windows and Mac OS could very well be shipping with backdoors. It is fact that Microsoft and Apple even more ship with known vulnerabilities. Apple will not even tell you about them.

Is Linux invulnerable? No.

However, unlike closed source operating systems, with Linux you have endless ability to secure your system. The only limitation is your imagination and inelegance. You can even go as far as the grsecurity & PaX guys did and turn Linux into the most secure major OS. Not even OpenBSD has all the memory protections PaX on Linux has. OpenBSD just puts all their effort into preventing security bugs from ever shipping in the first place.

Last edited by hunterthomson (2013-02-18 01:35:46)


OpenBSD-current Thinkpad X230, i7-3520M, 16GB CL9 Kingston, Samsung 830 256GB
Contributor: linux-grsec

Offline

Board footer

Powered by FluxBB