Re: [Fsuk-manchester] Banking Malware and free/open-source software

[MJ Ray]

Anna Morris <address@hidden>
> I was wondering if anyone has any thoughts about this - specifically if, in
> the "man in the browser" area, the threat level in FreeSoftware is the same
> as in Proprietary?

OTTOMH, it'll depend what attack vector is used to put the man in the
browser.  If it's something like javascript silently installing some
add-on, then it's probably the same threat on both platforms.  If it's
a buffer overflow running native code (and I'd expect that's more
likely because then you can really screw with the browser from outside
its oversight), then the same attack won't work and if you use
anything other than the dominant Windows flavour, you win because it's
less likely.

However, as one protection layer which I feel nearly everyone should
have, I strongly recommend NoScript!

The lack of any similar feature - or even anything as good as the
built-in Iceweasel/ Firefox cookie and script settings - is one reason
I don't like Chromium yet and fear it replacing Iceweasel.

(That's a lot of mailing lists on the To and CC... will they all let me in?)

Hope that informs,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/