tonybradley, on 13 April 2012 - 02:28 PM, said:
LordInsidious, on 13 April 2012 - 02:04 PM, said:
Really the guy who just called disabling Java an 'innovative approach' to stopping OSX malware is calling others out on 'you're holding it wrong', really? What about OSX users who use Java, are they holding their mouse wrong? As for the rest of the content switching platforms because one got a virus and is therefore less secure is not an intelligent argument, but MS users have been telling that to Mac users for years.
I'm not following you. Users who use Java will continue to use Java. The proactive disabling of Java when not in use is not meant as a replacement for actually fixing Java. When vulnerabilities are discovered in Java, Oracle will have to address them, and Apple will have to incorporate the appropriate patch into its implementation as well. However, it is a core mantra of security best practices to uninstall or disable software that isn't being used, and the solution put forth by Apple takes care of the issue--at least for Java--to ensure that the potential attack exposure is as little as possible. Hopefully that will minimize the compromised machines and avoid this sort of attack in the future.
This is Dietrich T. Schmitz, your Linux Advocate.
I've been watching Mr. Bradley for some time. Frankly, he needs to educate himself to the issues.
Here's an article I will share which I wrote recently:
Please read it and then come back.
Now, the issue here isn't that Linux can't get infected. It can, as can any other operating system.
What distinguishes Linux from OSX and Windows?: Linux Security Modules (LSM)
Essentially, I have been having this 'debate' with the Windows Tech crowd over at ZDNet for quite some time. So, I am quite used to the flamers who try to marginalize what I write. Bring it, if you think you can.
Linux wasn't designed with LSM built in. In fact, it came along as a modest 'design-in' change to set up a kernel 'hook' to pass control to an external dynamically loadable kernel module which when bound to the kernel at boot time will 'police' the actions of any profiled 'Application' and, THIS IS IMPORTANT, the KERNEL.
You see, what is happening in the Windows World is that Windows, all the way back to Windows 2000 is still using a legacy WinNT kernel. There is no equivalent to LSM in Windows or OSX.
LSM, when resident, will take each granular action taken by the Application, or, if a call is sent to the kernel, and compare it to its 'profile' and if the action is not defined will 'deny' otherwise, the action gets an 'allow' and the process id can execute.
This notion of having a third-party DKMS act as the 'police' makes LSM fool-proof.
Ubuntu Linux comes with LSM AppArmor and a profile for your Firefox. When Firefox is 'sandboxed' by LSM, any undefined action, or 'unintended side-effect' which is being used as an exploit to esclate privilege to launch a kernel 'root' administrative rights is simply denied.
So, you can if running Ubuntu with LSM be comforted in the knowledge that Zero Days will have no effect and your Distro will update your system within hours or days with a security patch.
No scrambling on Zero-Day.
Linux with LSM: The safest operating system on the Planet.
I stake my reputation on it.
Thank you Mr. Bradley
Dietrich T. Schmitz
Linux Advocate, Human Being