Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Permalink for comment 430090
To read all comments associated with this story, please click here.
RE: Zealot
by lemur2 on Tue 15th Jun 2010 10:53 UTC in reply to "Zealot"
lemur2
Member since:
2007-02-17

When it happens on Linux, everybody says "hey, it's a new security hole found, linux is more secure now.


Rubbish.

Distributing unsigned binary packages is a security hole that has been known about forever. This security hole is the entire reason package managers were designed written in the first place, over a decade ago.

Linux has been demonstrably more secure for the whole of that decade, but only for software distribution that utilises package managers. Like all trojans, this particular trojan relied on not being delivered via any package manager system.

Windows has no equivalent distribution system (although Windows Update does get part-way there, but that system applies only to Microsoft software). Consequently the security hole in Windows, wherein users routinely download and install unsigned binary packages, is absolutely enormous.

Edited 2010-06-15 10:55 UTC

Reply Parent Score: 3