Is Mac or Linux in my future? My virus story...

[Jaggy]

I have a feeling he may be referring to Firefox requiring plugins to stop it infecting the system in the first place, not MS.... but I may be wrong.......

[steeb]

Hiya Jaggy,

I do not think that you are wrong at all.

Interesting that Firefox, the 2nd most popular browser with MS may have caused this but the question still remained:

Do you guys think that Mac and/or Linux are really more secure?

No. Not personally a Mac.

Linux. Gave up with that years ago, I am too stupid to use it, but it does look prettier every time I see it!

steeb

[Antmannz]

Chrome does do sandboxing, but only of each separate tab. Therefore if one tab crashes, it won't take the others with it. To my knowledge it does not sandbox the browser against the OS.

One other option I forgot to mention is to browse using a virtual PC. This is similar to sandboxing, but is generally a little more techy to set up: you create a virtual PC, install Windows (or you OS of choice) onto it and take a snapshot. When you wish to browse, open the snapshot and browse away. You can then ditch the virtual instance when you're finished, knowing that you have a clean snapshot to start with again for your next session.

As for which other OS I would choose? Along with steeb, I would not choose a Mac. If your system gets hosed, you pretty much only have Apple to rely on; and in the past they have proven themselves slow to respond to this kind of activity. Malware activity around the Mac has started to increase lately, and I imagine that it will only get worse.

This leaves Linux; and whether or not you can persevere with all the little quirks that it has. The bonus to Linux is that there are several different varieties that you can try (Ubuntu, Mint, Fedora, Happy Puppy, etc), and most come as a live cd/usb that you can try before installing on your system. Have a look here for a variety of common distributions. The biggest downside I found in the past is that hardware driver support can be quite iffy.

[steeb]

And I was off to bed

But couldn't agree more with what Antmannz just said and I meant to say.

DRIVERS!

Frustrating sometimes with an MS system.

But with Linux, you almost have to be a programmer!

Virtual PC yes, but you are still running inside a Linux Kernel.

Best money ever invested if you go the MS route is something like Acronis where you can test before committing. Anyway think I lost the plot there, too tired!

cheers all

steeb

[cncb]

I have a feeling he may be referring to Firefox requiring plugins to stop it infecting the system in the first place, not MS.... but I may be wrong.......

Yes, I was referring to Firefox.

[cncb]

This leaves Linux; and whether or not you can persevere with all the little quirks that it has. The bonus to Linux is that there are several different varieties that you can try (Ubuntu, Mint, Fedora, Happy Puppy, etc), and most come as a live cd/usb that you can try before installing on your system. Have a look here for a variety of common distributions. The biggest downside I found in the past is that hardware driver support can be quite iffy.

I just tried Ubuntu the other day (LiveCD) and was very impressed. It is much better than when I tried it a few years ago. All my hardware worked but the software (for Photos and Music) doesn't quite have all the features I need...

[bgowland]

Yes, I was referring to Firefox.

Ah OK I misunderstood but a lot of my comments still hold true in the sense that it isn't necessarily a browser developer's business to build and maintain security systems.

Even if they chose to, it would ideally still be done in a 'plugin' fashion (you wouldn't want to have to update the whole browser several times a day for updates to AV and anti-malware definitions)....and at that point, once there's a plugin model available why not open it up to 3rd parties who specialise in this area and possibly do it better?

This subject in general reminds me of a comment a friend of mine posted on facebook last week. He's a Mac user but was commenting on the 3 fingered alien salute (ctrl-alt-delete) needed to get to a password prompt to unlock a Windows machine instead of just having a username/password dialog as he does on his Mac. Having been a pre-release tester for Win NT v3.1 back in 1992 I explained...

The ctrl-alt-delete sequence on Windows dates back to the original Win NT v3.1 and was part of compliance with DoD C2 level security.

The problem with providing just a box with username/password by default is that anyone could write a password sniffer by faking a login box which looks exactly the same.

The ctrl-alt-delete key sequence is trapped by the system and cannot be bypassed. Part of training of new users of Win NT was to emphasise that even if they see a window with a 'password' box on it they should ALWAYS press ctrl-alt-delete anyway.

His sharp response was...

Thus securing the front door with military grade security so the user's system can be compromised more easily by the user by browsing the web or launching an attachment

Very true - the weakest link is inevitably us as end-users and the ultimate responsibility for securing our systems comes down to us. Having options for different AV and anti-malware may make the issue a whole lot more complex but at least there are options.

Cheers,
Brian

[martint123]

I guess something like firefox running sandboxed, inside a virtual machine, booting from a CD with a ram disk would be the safest at present.

When I was an admin at college we used this http://www.faronics.com/enterprise/deep-freeze/ and it kept a few hundred free to use PC's up and running for a few years (a previous version of course).

[cncb]

Ah OK I misunderstood but a lot of my comments still hold true in the sense that it isn't necessarily a browser developer's business to build and maintain security systems.

Even if they chose to, it would ideally still be done in a 'plugin' fashion (you wouldn't want to have to update the whole browser several times a day for updates to AV and anti-malware definitions)....and at that point, once there's a plugin model available why not open it up to 3rd parties who specialise in this area and possibly do it better?

I agree but I was mainly talking about the add-ons/extensions that increase security. For example, why doesn't Firefox have the 'NoScript' functionality built-in (user selectively chooses to allow scripting for each website) instead of relying on a third-party to provide this functionality in an add-on. For all I know, since it comes from a third party the add-on itself could be insecure or contain "malware"...

[cncb]

Based on my reading it looks like OSX Lion has several new security features including "Application Sandboxing" used specifically for the Safari browser. OSX is starting to look pretty good...