JillSwift Posted December 10, 2009 Report Share Posted December 10, 2009 (edited) It seems a couple of files were uploaded to GNOME-Look that were very basic attempts to back-door Debian based linux boxen. http://ubuntuforums.org/showthread.php?t=1349678 http://ubuntuforums.org/showthread.php?t=1349801 http://www.omgubuntu.co.uk/2009/12/malware-found-in-screensaver-for-ubuntu.html http://www.omgubuntu.co.uk/2009/12/yet-more-malware-found-on-gnome-look.html Stands as a little reminder that Linux isn't so safe you can just willy-nilly install stuff. (Not that any one here thought that, but object lessons are useful anyways.) Edited December 10, 2009 by JillSwift Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted December 10, 2009 Report Share Posted December 10, 2009 Lucky I run an rpm-based distro then if it was only available as a .deb package. Quote Link to comment Share on other sites More sharing options...
JillSwift Posted December 10, 2009 Author Report Share Posted December 10, 2009 Lucky I run an rpm-based distro then if it was only available as a .deb package. Luckily? :huh: Would you be likely to willy-nilly install a pre-compiled package if it was an rpm? I think not! Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted December 10, 2009 Report Share Posted December 10, 2009 No :) but it seems it was only available in deb form, and so I can't install it :D Quote Link to comment Share on other sites More sharing options...
tux99 Posted December 10, 2009 Report Share Posted December 10, 2009 This always been possible and has happened in the past already. The good thing is that it gets easily discovered. I agree though installing packages from random sources is not a good idea without some precautions. For example I have been making occasional packages for Mandriva for quite a while, each package has a dedicated web page on my web site with the source rpm and a link to a forum thread to discuss it, so if I was putting any trojans in my packages it would be pretty easy for someone to find out and report this here on the related thread and, if it gets verified and confirmed, completely ruin my reputation and the one of my web site. So I normally trust packages from non-official sources if the maintainer has a history and a good reputation on related forums. Even with no history I might download the source rpm, look at the code and build the binary rpm from it myself. All it needs is common sense and reasonable precautions. Quote Link to comment Share on other sites More sharing options...
JillSwift Posted December 10, 2009 Author Report Share Posted December 10, 2009 No :) but it seems it was only available in deb form, and so I can't install it :D You could "alien" it. I mean, if you really wanted to be part of someone's ddos attack. :P Quote Link to comment Share on other sites More sharing options...
JillSwift Posted December 10, 2009 Author Report Share Posted December 10, 2009 This always been possible and has happened in the past already.I knew this was possible, but I had no idea there was any concrete examples of it already. Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted December 10, 2009 Report Share Posted December 10, 2009 You could "alien" it. I mean, if you really wanted to be part of someone's ddos attack. :P Nah, I think I'll give it a miss ;) I did install some gdm themes today, and my computer is still working OK. They weren't rpm/deb though - so I hope they are good Quote Link to comment Share on other sites More sharing options...
JillSwift Posted December 10, 2009 Author Report Share Posted December 10, 2009 Yeah, they've registered on the IRC channel... :huh: :unsure: ...er I mean, Yeah, should be fine. :D Quote Link to comment Share on other sites More sharing options...
xboxboy Posted December 13, 2009 Report Share Posted December 13, 2009 It's a bit of a scary thought that we can open our pc to anyone by this method. It's something that is often overlooked int the promotion of linux, as we are often told how secure linux is. I've generally stayed away from installing software not from the official repos. Even in windows I used to avoid adding software unless neccessary. It slows things down and has the potential to reduce the strength of security. About the only non-official stuff I've installed was the updates to KDE from the KDE repos. Given how stable KDE is now (not one crash with 2010 yet!) I may not even go down the path of adding unofficial packages at. Quote Link to comment Share on other sites More sharing options...
tux99 Posted December 13, 2009 Report Share Posted December 13, 2009 (edited) It's a bit of a scary thought that we can open our pc to anyone by this method. It's something that is often overlooked int the promotion of linux, as we are often told how secure linux is. True but this problem exists with any OS and any computer or device connected to the Internet (do you trust your smartphone, which is full of private data, to not leak it?!) and with Windows the risk is much higher due to all the known security design flaws and the fact that it's targeted much more. With Windows even loads of commercial software calls back 'home' transferring all sorts of info from your computer to them, without telling you about it first. The inherent advantage of Linux is the availability of the source code, you can always check the source to see what the program is doing. The only way to be 100% safe is have 2 separate computers, one for your private stuff (running only official distro packages) and one for experimenting, or at least keep things in separate virtual machines. Edited December 13, 2009 by tux99 Quote Link to comment Share on other sites More sharing options...
SilverSurfer60 Posted December 14, 2009 Report Share Posted December 14, 2009 The only way to be 100% safe is never connect to the Internet. Quote Link to comment Share on other sites More sharing options...
JillSwift Posted December 14, 2009 Author Report Share Posted December 14, 2009 (edited) The only way to be 100% safe is never connect to the Internet. The only way to guarantee never having a computer virus is to never have a computer. :P This works for other aspects of computing: The only way to guarantee never losing data is to never have any data in the first place. ;) Edited December 14, 2009 by JillSwift Quote Link to comment Share on other sites More sharing options...
SilverSurfer60 Posted December 14, 2009 Report Share Posted December 14, 2009 There'll be no fun left then Quote Link to comment Share on other sites More sharing options...
JillSwift Posted December 14, 2009 Author Report Share Posted December 14, 2009 'zactly. :D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.