Jump to content

OMG Trojan!


JillSwift
 Share

Recommended Posts

It seems a couple of files were uploaded to GNOME-Look that were very basic attempts to back-door Debian based linux boxen.

 

 

 

 

 

Stands as a little reminder that Linux isn't so safe you can just willy-nilly install stuff. (Not that any one here thought that, but object lessons are useful anyways.)

Edited by JillSwift
Link to comment
Share on other sites

Lucky I run an rpm-based distro then if it was only available as a .deb package.

Luckily? :huh:

Would you be likely to willy-nilly install a pre-compiled package if it was an rpm? I think not! :woot:

Link to comment
Share on other sites

This always been possible and has happened in the past already. The good thing is that it gets easily discovered.

 

I agree though installing packages from random sources is not a good idea without some precautions.

 

For example I have been making occasional packages for Mandriva for quite a while, each package has a dedicated web page on my web site with the source rpm and a link to a forum thread to discuss it, so if I was putting any trojans in my packages it would be pretty easy for someone to find out and report this here on the related thread and, if it gets verified and confirmed, completely ruin my reputation and the one of my web site.

 

So I normally trust packages from non-official sources if the maintainer has a history and a good reputation on related forums. Even with no history I might download the source rpm, look at the code and build the binary rpm from it myself.

 

All it needs is common sense and reasonable precautions.

Link to comment
Share on other sites

No :) but it seems it was only available in deb form, and so I can't install it :D

You could "alien" it. I mean, if you really wanted to be part of someone's ddos attack. :P

Link to comment
Share on other sites

This always been possible and has happened in the past already.

I knew this was possible, but I had no idea there was any concrete examples of it already.
Link to comment
Share on other sites

You could "alien" it. I mean, if you really wanted to be part of someone's ddos attack. :P

 

Nah, I think I'll give it a miss ;)

 

I did install some gdm themes today, and my computer is still working OK. They weren't rpm/deb though - so I hope they are good :lol2:

Link to comment
Share on other sites

It's a bit of a scary thought that we can open our pc to anyone by this method. It's something that is often overlooked int the promotion of linux, as we are often told how secure linux is.

 

I've generally stayed away from installing software not from the official repos. Even in windows I used to avoid adding software unless neccessary. It slows things down and has the potential to reduce the strength of security.

 

About the only non-official stuff I've installed was the updates to KDE from the KDE repos. Given how stable KDE is now (not one crash with 2010 yet!) I may not even go down the path of adding unofficial packages at.

Link to comment
Share on other sites

It's a bit of a scary thought that we can open our pc to anyone by this method. It's something that is often overlooked int the promotion of linux, as we are often told how secure linux is.

 

True but this problem exists with any OS and any computer or device connected to the Internet (do you trust your smartphone, which is full of private data, to not leak it?!) and with Windows the risk is much higher due to all the known security design flaws and the fact that it's targeted much more.

With Windows even loads of commercial software calls back 'home' transferring all sorts of info from your computer to them, without telling you about it first.

The inherent advantage of Linux is the availability of the source code, you can always check the source to see what the program is doing.

 

The only way to be 100% safe is have 2 separate computers, one for your private stuff (running only official distro packages) and one for experimenting, or at least keep things in separate virtual machines.

Edited by tux99
Link to comment
Share on other sites

The only way to be 100% safe is never connect to the Internet.

The only way to guarantee never having a computer virus is to never have a computer. :P

This works for other aspects of computing: The only way to guarantee never losing data is to never have any data in the first place.

;)

Edited by JillSwift
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...