Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430044
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:
2007-02-17
I don't know who was actually telling you that, but if they did they got the story wrong.
The method that distributions employ to provide a guaranteed malware-free set of packages involves not only inspection and testing of the source code as it is accepted into Linux distribution repositories, but it also involves GPG signing of packages and package managers on the user's computers to install packages.
None of the latter were involved in this UnrealIRCd incident. Being open source alone is not enough, and this incident highlights that fact very well indeed.
The only system with an impeccable record of delivery of malware-free software to end user's systems is open source software delivered via distribution repositories and package managers.
Edited 2010-06-15 02:59 UTC