Something I’ve wondered. One of those “too good to be true, it probably is” type things. With all the FOSS especially for linux, installing package after package because a web search said it would fix your problem, how is it Linux isn’t full of malware and such?
Id like to understand better so I can explain to others who are afraid of FOSS for those reasons. My best response is that since it’s open source, people can see what it’s doing and would right away notice something malicious. I wouldn’t, since I’m not that into code, but others would.
Well if you use a Linux distribution, you generally get your software from some central package repository. That’s driven by maintainers who look at the software, the updates… They patch the software, make sure it runs smoothly on your system and is tied into other things… They’ll also have a look at security vulnerabilities and security in general.
Other than that, there isn’t much really “stopping” people from writing malware. We have tons of it. Fake VLC versions, copycats on the iPhone appstore… MS Windows is full of advertisements and features that send data “home”. They introduce features which border on being malware all the time… We have trojans, viruses etc. It’s all out there.
Generally, it’s a good idea to think before executing random code from the internet. Is it from a trustworthy source? Are other people using a piece of software and they’d have noticed if it deleted all files?
Usually, we have more good people than bad. And people need some motivation. It’s unlikely someone invests 10 years of their life to develop a shiny and polished office suite, just so they can run some malware somewhere. There are easier ways to accomplish that. So it generally doesn’t happen that way. It’s theoretically possible, though.
And in the old way is: Windows, Android etc are way more popular. If someone wants to do something malicious, they likely don’t target the 1-2% using a different operating system. They are going to write malware for a more popular operating system. And on the server, where Linux dominates the market, admins execute less random code. They’ll know they want MariaDB and where to get it. So it’s harder to do an attack this way.
And if I imagine being the attacker… What would be a reason to include malware in a FOSS project? Just to wreck havock and mess with people? That sounds like a 16 yo with too much time on their hands. But we have very few of those in the free software community. So that’s a bit unlikely… If someone wants a botnet, there might be easier ways to do it. And for a targeted attack, you wouldn’t hide your malware in a random project… So I generally don’t see many reasons for someone to combine malware with useful FOSS software.
:() :;:
Oh, that was fun! I didn’t know Linux had that Easter Egg in the terminal!
Fun fact, a properly configured system shouldn’t be impacted by this