Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Threat To GNOME and KDE

Posted by timothy on from the turducken dept.

commandlinegamer writes "foobar posted on his blog recently about 'How to write a Linux virus in 5 easy steps,' detailing potential malware infection risks in the .desktop file format used by GNOME and KDE. This is not a new threat, and it appears to still be a risk, as discussions in 2006 did not seem to come to any firm conclusion on how to deal with the problem." There's a followup on LWN.

13 of 348 comments (clear)

  1. Solution by Spazztastic · · Score: 5, Funny

    Use Linux... wait, shit. We need a new answer, guys.

    --
    Posts not to be taken literally. Almost everything is sarcasm.
    1. Re:Solution by jank1887 · · Score: 2, Funny

      TRS-80, here we come!

    2. Re:Solution by jonadab · · Score: 3, Funny

      > You get an attachment by mail, you just save it to look at it and
      > see what it is (a one-click, and expected-safe operation)

      You do *WHAT*?

      > but when it appears on the desktop background

      Wait, not only do you deliberately save random unidentified email attachments, you save them to the DESKTOP?

      Whatever is wrong with you, it's no little thing.

      > What should happen:

      What should happen, when you get an email attachment and you do not know what it is, is that you either ignore it, or if you have a certain morbid curiosity you maybe save it in /tmp and look at it in something that will treat it as random data (e.g., a hex editor) or use a file-magic utility to determine what kind of content it has in it.

      Under no circumstances should an unidentified email attachment ever get anywhere near your desktop. If you don't understand this, maybe you should let your network administrator run that attachment stripper on the MTA like he keeps threatening to do every time he has to rebuild your workstation.

      With that said, I do think .desktop files are an inherently bad idea, although they're pretty irrelevant to me since I don't even have nautilus in my session. It's a resource hog, and I never use it. I haven't had any desire to use a graphical file manager since I discovered tab completion sometime in the nineties. This does mean my background is a plain color instead of a pretty picture, but since I generally have a lot of windows open I never *see* much of the background anyway. Instead of icons on the desktop, I keep launchers on the left-side panel, and in drawers.

      --
      Cut that out, or I will ship you to Norilsk in a box.
  2. Wow, please mod this to -1 by Dripdry · · Score: 3, Funny

    Sorry, wrong thread, too many tabs.

    --
    -
  3. Great news by AlHunt · · Score: 5, Funny

    So we have a long-known, unaddressed vulnerability and easily accessible instructions on writing a Linux virus.

    Does this mean Linux is finally "ready for the desktop"?

    --
    1 in 4 Maine children in struggle with hunger.
    1. Re:Great news by Anonymous Coward · · Score: 5, Funny

      No, it means malware is finally ready for the .desktop

    2. Re:Great news by Saint+Stephen · · Score: 2, Funny

      You really shouldn't call your dad a "test case."

  4. OpenBSD by jgtg32a · · Score: 3, Funny

    Linux noobs you should be using OpenBSD from a shell.

  5. Re:Protect your self with encryption by Anonymous Coward · · Score: 1, Funny

    I guess my hopes of starting a new meme have been dashed...alas

    Forced meme is forrrrced.

  6. Re:Protect your self with encryption by blue+trane · · Score: 2, Funny

    Nah, you don't speak for me.

  7. Re:You are wrong by javilon · · Score: 3, Funny

    Lets face it, after 30 years I have started to realise that no amount of suggestion is ever going to result in girls actually giving any of the sexual favors they seem to promise when they ask you to fix their laptop.

    It seems to me that while they are a bit slow with technology you, on the other hand, are a bit slow at making the (lack of) connection between "fixing laptop" and "getting laid" when social interaction is the issue.

    --


    When his defense asked, "Which computer has Jon Johansen trespassed upon?" the answer was: "His own."
  8. Re:Did you even RTFA? by styryx · · Score: 5, Funny

    You are right and I am wrong.

    W...w...wh....what the fuck just happened?! Am I on the internet still?

  9. Re:They won't listen by Thinboy00 · · Score: 2, Funny

    Well... file a God-bug. That should fix it!

    --
    $ make available