Linked by Amjith Ramanujam on Sat 19th Jul 2008 19:01 UTC, submitted by cypress
Linux and UNIX-like operating systems in general are regarded as being more secure for the common user, in contrast with operating systems that have "Windows" as part of their name. Why is that? When entering a dispute on the subject with a Windows user, the most common argument he tries to feed me is that Windows is more widespread, and therefore, more vulnerable. Apart from amusing myths like "Linux is only for servers" or "does it have a word processor?", the issue of Linux desktop security is still seriously misunderstood.
Thread beginning with comment 323835
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[7]: Regardless of the reason
by tomcat on Tue 22nd Jul 2008 01:25
in reply to "RE[6]: Regardless of the reason"
Member since:2006-01-06
With ActiveX, however, *any* Windows application is likely to install ActiveX controls. They can be in any location, and they don't even have to do anything related to your web browser. If a component is packaged up as a COM object (very common on Windows), then IE can "use" it.
These are fairly irrelevant differences, though, because the basic idea is that someone can install native code which runs in both Firefox and IE. It really doesn't matter whether that code runs from the Firefox plugin directory or from some random place on the hard drive. Maybe it makes you "feel better" to think that the code is somehow sandboxed in the plug-in directory, but it can do just as much (and more) damage as any ActiveX control. I know that people find plug-ins/controls useful; however, the only really secure approach is to turn them off completely. Which will (understandably) break some usage scenarios. But those kinds of tradeoffs are the price for better security.
RE[7]: Regardless of the reason
by PlatformAgnostic on Tue 22nd Jul 2008 07:40
in reply to "RE[6]: Regardless of the reason"
Member since:2006-01-02
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2008-07-21
You are correct in that both ActiveX and Netscape-style plug-ins are native code that can have the same flaws.
But the main difference is the packaging and installation of that code:
With a plug-in, the installation is very obvious. A specially-formatted plug-in file needs to be put in a special location for the browser. And that process is generally done by a plug-in installer application.
With ActiveX, however, *any* Windows application is likely to install ActiveX controls. They can be in any location, and they don't even have to do anything related to your web browser. If a component is packaged up as a COM object (very common on Windows), then IE can "use" it.
http://www.kb.cert.org/vuls/id/680526
The installation of an ActiveX control can happen natively through the web browser, or through installing any application (internet-related or not). e.g. Winzip:
http://www.kb.cert.org/vuls/id/225217
The end result is that there are LOTS of systems that have LOTS of ActiveX controls that they may not even be aware of.