Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430057
To read all comments associated with this story, please click here.
Comment by ssa2204
by ssa2204 on Tue 15th Jun 2010 06:19 UTC
ssa2204
Member since:
2006-04-22

It was apparent that this was going to happen because it's happened in the past, but the press is taking advantage of this insecurity in a Linux app to harp on and on...


So, does the OP even bother to read the articles he links? So, "on and on" really refers to one article, which states an obvious fact:

Does all this mean that Linux users are as subject to malware as Windows users? No; there's clearly far more malware targeting Windows than Linux. But it does mean that Linux users who believe they can't be infected by malware are simply wrong.


Nice way to fail their OP. No, the internet is not aflame with this news. Only one trying to stir up controversy is surprise; OSNews.

Reply Score: 1

RE: Comment by ssa2204 - problem
by lemur2 on Tue 15th Jun 2010 06:28 in reply to "Comment by ssa2204"
lemur2 Member since:
2007-02-17

But it does mean that Linux users who believe they can't be infected by malware are simply wrong.


This is very oblique, and more than a bit misleading.

For example ... Linux users who believe they can't be infected by malware because they use package managers to install their signed open source software still have no incident on record, after all these years, to contradict that belief.

Anything unsigned and closed, or indeed anything simply unsigned and binary, that is downloaded and installed without checking (to any system at all) could potentially contain a malware payload. Windows users, of all people, should be aware of this.

Edited 2010-06-15 06:30 UTC

Reply Parent Score: 2

steogede2 Member since:
2007-08-17

"But it does mean that Linux users who believe they can't be infected by malware are simply wrong.


... Linux users who believe they can't be infected by malware because they use package managers to install their signed open source software still have no incident on record, after all these years, to contradict that belief.
"

I think "can't" is a bit too strong a word, I think "extremely unlikely to" is a better phrase. "can't" is too black and white.

"can't" implies that unless it happens, then it cannot and therefore will not happen. This in-turn implies that once it has happened, it can and therefore will happen.

If you were to say that it is extremely unlikely (never in x years), and then it happens, you can still say that it is extremely unlikely (once in x years).

Reply Parent Score: 2

Most of it is Hype, but not from OSNews
by Lennie on Tue 15th Jun 2010 07:41 in reply to "Comment by ssa2204"
Lennie Member since:
2007-09-22

I've seen many sources, for example:

http://www.zdnet.com/blog/bott/linux-infection-proves-windows-malwa...

As r_a_trip already mentioned:

"The incident has nothing to do with Operating System or development methodology (open or closed).

The take away is that sloppy software projects, with a non-existent security process will sooner or later get compromised and serve their customers poisoned goods. Could happen anywhere, irrespective of platform or chosen software licensing."

And that's the only useful response.

But it seems the Gentoo folks were being stupid too:

http://www.gentoo.org/security/en/glsa/glsa-201006-21.xml

Atleast ALL distributions are now warned and thank god it was only the UnrealIRCd.

When you are creating packages for distributions, you should get the source from the source, not some mirror as in the case of Gentoo. You should check md5-keys at the source.

When it's a smaller package I wouldn't be surprised many package maintainers also take a look at the patch between the versions. So you know exactly what changed between versions.

Edited 2010-06-15 07:56 UTC

Reply Parent Score: 2

Lennie Member since:
2007-09-22

I would like to add, it's not a perfect system, their are humans involved, they make mistakes.

But at the end of the day, you are putting software together from different sources. They should probably be contained as much as possible, also from each other.

And maybe you automate this a bit more and I hope we can improve on it. But eventually it will originate from a human being. A programmer. The Linux-kernel programmers use git to keep track of the origin of every single line of code that goes in to the kernel and every line is reviewed.

If we verify everything along the way into the distributions and the tools check the packages and files at (regularly and) at installation time, then that is probably the best thing we can do.

Reply Parent Score: 2