Linked by Thom Holwerda on Wed 16th Dec 2009 21:38 UTC, submitted by whorider
Privacy, Security, Encryption This news is already a week old, but it only got submitted to us today, and I didn't notice it all. As it turns out, two malicious software packages had been uploaded to, masquerading as valid .deb packages (a GNOME screensaver and theme, respectively).
Permalink for comment 399999
To read all comments associated with this story, please click here.
RE: Bottom Line
by lemur2 on Wed 16th Dec 2009 22:30 UTC in reply to "Bottom Line"
Member since:

On any operating system, when you install 3rd-party applications, you can be compromised. On Windows, all those helpful little utilities, games, etc. you install - any of them has the potential to hose your system. Same goes for Linux, Mac, BSD, etc. That is why I like the packaging systems in Linux and BSD. I've never been hosed, I have thousands of applications available, and all of my applications stay up-to-date. Very rarely will I install a 3rd-party application. I just did for Chrome Beta for Linux. I trusted Google enough to trust their package. For me, that is the only exception. I would say this is probably the main security weakness in Windows. You have to install 3rd-party applications to get much useful done. You have to be very careful. It not just do you trust the company, but also have they been unknowingly compromised (by a virus at their company), or is there a backdoor built in for the government. It's very hard to tell.

Precisely. Spot on.

Package managers and associated repositories for Linux systems are a means of delivery of applications to users systems that has an impeccable record. AFAIK there has never been a recorded instance of an end user's system getting malware via the package manager/repository system.

OTOH, downloading applications and utilities from websites is one of the primary means of delivery of trojans to end user's systems, regardless of the OS.

If anything, this incident just underlines the points: that one simply cannot trust downloading from websites, no matter how seemingly reputable; and that one should always use the package manager, and ONLY the package manager, to install applications and utilities for Linux systems.

Fortunately, just about everything one would want for a Linux system is installable via its package manager and repository.

In contrast, downloading binary blobs from websites and putting them on one's system is a way of life for Windows users. Mac users are possibly part way between these two extremes.

Edited 2009-12-16 22:31 UTC

Reply Parent Score: 4