Jump to content

OMG Trojan!

JillSwift

By JillSwift
in Everything Linux

 Share

Recommended Posts

JillSwift casual

JillSwift

Posted
Posted (edited)

It seems a couple of files were uploaded to GNOME-Look that were very basic attempts to back-door Debian based linux boxen.

 

 

 

 

 

Stands as a little reminder that Linux isn't so safe you can just willy-nilly install stuff. (Not that any one here thought that, but object lessons are useful anyways.)

Edited by JillSwift
Link to comment
Share on other sites
JillSwift casual

JillSwift

Posted
  • Author
Posted

Lucky I run an rpm-based distro then if it was only available as a .deb package.

Luckily? :huh:

Would you be likely to willy-nilly install a pre-compiled package if it was an rpm? I think not! :woot:

Link to comment
Share on other sites
tux99 MUB Addict

tux99

Posted
Posted

This always been possible and has happened in the past already. The good thing is that it gets easily discovered.

 

I agree though installing packages from random sources is not a good idea without some precautions.

 

For example I have been making occasional packages for Mandriva for quite a while, each package has a dedicated web page on my web site with the source rpm and a link to a forum thread to discuss it, so if I was putting any trojans in my packages it would be pretty easy for someone to find out and report this here on the related thread and, if it gets verified and confirmed, completely ruin my reputation and the one of my web site.

 

So I normally trust packages from non-official sources if the maintainer has a history and a good reputation on related forums. Even with no history I might download the source rpm, look at the code and build the binary rpm from it myself.

 

All it needs is common sense and reasonable precautions.

Link to comment
Share on other sites
JillSwift casual

JillSwift

Posted
  • Author
Posted

No :) but it seems it was only available in deb form, and so I can't install it :D

You could "alien" it. I mean, if you really wanted to be part of someone's ddos attack. :P

Link to comment
Share on other sites
JillSwift casual

JillSwift

Posted
  • Author
Posted

This always been possible and has happened in the past already.

I knew this was possible, but I had no idea there was any concrete examples of it already.
Link to comment
Share on other sites
ianw1974 Platinum

ianw1974

Posted
Posted

You could "alien" it. I mean, if you really wanted to be part of someone's ddos attack. :P

 

Nah, I think I'll give it a miss ;)

 

I did install some gdm themes today, and my computer is still working OK. They weren't rpm/deb though - so I hope they are good :lol2:

Link to comment
Share on other sites
JillSwift casual

JillSwift

Posted
  • Author
Posted

Yeah, they've registered on the IRC channel... :huh: :unsure: ...er

I mean, Yeah, should be fine. :D

Link to comment
Share on other sites
xboxboy MUB Addict

xboxboy

Posted
Posted

It's a bit of a scary thought that we can open our pc to anyone by this method. It's something that is often overlooked int the promotion of linux, as we are often told how secure linux is.

 

I've generally stayed away from installing software not from the official repos. Even in windows I used to avoid adding software unless neccessary. It slows things down and has the potential to reduce the strength of security.

 

About the only non-official stuff I've installed was the updates to KDE from the KDE repos. Given how stable KDE is now (not one crash with 2010 yet!) I may not even go down the path of adding unofficial packages at.

Link to comment
Share on other sites
tux99 MUB Addict

tux99

Posted
Posted (edited)

It's a bit of a scary thought that we can open our pc to anyone by this method. It's something that is often overlooked int the promotion of linux, as we are often told how secure linux is.

 

True but this problem exists with any OS and any computer or device connected to the Internet (do you trust your smartphone, which is full of private data, to not leak it?!) and with Windows the risk is much higher due to all the known security design flaws and the fact that it's targeted much more.

With Windows even loads of commercial software calls back 'home' transferring all sorts of info from your computer to them, without telling you about it first.

The inherent advantage of Linux is the availability of the source code, you can always check the source to see what the program is doing.

 

The only way to be 100% safe is have 2 separate computers, one for your private stuff (running only official distro packages) and one for experimenting, or at least keep things in separate virtual machines.

Edited by tux99
Link to comment
Share on other sites
JillSwift casual

JillSwift

Posted
  • Author
Posted (edited)

The only way to be 100% safe is never connect to the Internet.

The only way to guarantee never having a computer virus is to never have a computer. :P

This works for other aspects of computing: The only way to guarantee never losing data is to never have any data in the first place.

;)

Edited by JillSwift
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...