Avalon

I am trying to convince a friend to give Linux a try, and he asked if a computer running Linux is safer than one running Windows, if they are both using Firefox. Would both computers be vulnerable to the same Firefox security issues / exploits? I think he was mostly worried about keyloggers and the subsequent theft of credit card info.

I told him the Linux machine is safer because it's design doesn't just let programs execute the way Windows does ("drive-by installs"). Is this more or less correct? Despite what browser you are using, Linux is more secure because it tends to isolate various problems before they spread (provided you were silly enough to let such a program install to begin with)?

Thank you!

hazel

Linux is more secure because all the system files belong to root and you are not root unless you choose to be. In Windows you are root all the time - you just don't realise it. Obviously you shouldn't use a browser of any kind or unpack emails when you are logged into Linux as root.

__________________
"I'm just a little old lady; don't try to dazzle me with jargon!"

Thrillhouse

If you are talking about executable viruses which can be deployed on your system by clicking on a link to something then yes, Linux is probably more secure than Windows because those viruses are written to exploit vulnerabilities and poor security design in Windows.

However, if you are talking about security vulnerabilities specific to Firefox like memory corruption and privilege escalation, then those threats exist regardless of what platform you're running Firefox on. It's up to Firefox to fix those problems and it's up to you to stay updated with the most current releases.

The theft of credit card info is usually not the fault of your browser. Either you gave that information to an insecure service or an attacker extracted it via their own attack. E-bay had a problem with this not too long ago where attackers sent a phishing e-mail (one where the sender masquerades themselves as a trusted source, E-bay in this case) and asks you to confirm your account by entering your password or credit card number.

If you're vigilant when browsing the Internet and you use a pop-up blocker, I don't think you'll encounter too many problems. Just be sure you trust the source when anybody tries to link you to a site. If you'd like to keep up on the latest Mozilla vulnerabilities, you can bookmark this page.

i92guboj

If the personal info is given by your friend to a non-secure site which is vulnerable, or sent via email to someone else because they convinced him that they are from e-bay or his bank, then firefox nor linux can do a thing about it.

Viruses designed for windows will not run, however, javascript exploits and things like that that works on the client side will work the same if the client has support for it.

Overall, linux is more secure by default (not that windows can't be hardened), but it can't do nothing against social engineering. At least until we can upgrade our own brains with a robotic version which is inteligent enough not to go giving personal data around without putting any care at all on who you give your info to.

pnorten462

You might need to reinstall the router settings if that applies--the manual should tell you how to do this--also wireless connections are often riddled with security problems which should be avoided.