Malware in the AUR
Welcome, Guest.

Author Topic: Malware in the AUR  (Read 47 times)

Offline Siva

  • Staff Member
  • ********
  • Posts: 19
  • Country: 00
  • "We're all mad here"
Malware in the AUR
« on: July 12, 2018, 04:28:00 AM »
Three programs were tampered wuth by someone named xeactor.
You are not allowed to view links. Register or Login

Offline CwF

  • Full Member
  • ****
  • Posts: 208
  • Country: us
Re: Malware in the AUR
« Reply #1 on: July 12, 2018, 03:44:26 PM »
I continue to be put off by the "Linux is inherently safer" proponents.
Hogwash.
Nearly all issues start with a user click. Linux's are simply not a target. Like a hunter taking out a squirrel with a high powered rifle, not going to happen. When that squirrel morphs into an elk, it's entire history of safety means nothing.
And who's looking for a better pdf reader?

Offline Kalthrix

  • Staff Member
  • ********
  • Posts: 957
  • Country: us
Re: Re: Malware in the AUR
« Reply #2 on: July 12, 2018, 07:56:56 PM »
You are not allowed to view links. Register or Login
I continue to be put off by the "Linux is inherently safer" proponents.
Hogwash.
Nearly all issues start with a user click. Linux's are simply not a target. Like a hunter taking out a squirrel with a high powered rifle, not going to happen. When that squirrel morphs into an elk, it's entire history of safety means nothing.
And who's looking for a better pdf reader?

Honestly, the only use I have found for the older "acroread (Adobe Reader 9)" package is to display fillable PDF documents that actively refuse to display on any other PDF editor/viewer. You'll see this a lot with state, court, and federal documents. Some businesses working in realty and financial will use the same. It's irritating to say in the least. Not sure if the intent was to reach that incredibly small crowd that still use the package, to test waters to gauge reaction time from the community considering it is a rarely used package, or if the intent was to target those that prefer to use commercial software vs the open source alternatives (although old) due to familiarity.

I'll never understand people that do this. If it is just to spite others or what their actual motivation is? Why not either improve the package or make one that is better? Adobe obviously has no interest in maintaining it or we would have seen Reader or Acrobat DC brought to Linux already.
You are not allowed to view links. Register or Login

Offline fraterchaos

  • Mandelbrot Metal Mayhem!
  • Staff Member
  • ********
  • Posts: 688
  • Country: us
  • Never underestimate the power of human stupidity
    • Skype
Re: Re: Malware in the AUR
« Reply #3 on: July 12, 2018, 10:25:59 PM »
You are not allowed to view links. Register or Login
I continue to be put off by the "Linux is inherently safer" proponents.
Hogwash.
Nearly all issues start with a user click. Linux's are simply not a target. Like a hunter taking out a squirrel with a high powered rifle, not going to happen. When that squirrel morphs into an elk, it's entire history of safety means nothing.
And who's looking for a better pdf reader?

the one way in which linux can be safer is that being open source, it means a lot more people are going over the code that is added... so it's more likely that malware will be caught sooner. And when it's caught it is nearly always addressed more quickly than you could expect MS or Apple to do it. They only have a profit motive.

Not saying it's perfect, open source also enables more people to be able to add suspicious code from the start... but it still has a better chance of getting caught more quickly, I think.
Science, like Nature, must also be tamed... with a view towards it's preservation. -- Rush

Offline CwF

  • Full Member
  • ****
  • Posts: 208
  • Country: us
Re: Re: Re: Malware in the AUR
« Reply #4 on: July 13, 2018, 02:59:10 PM »
You are not allowed to view links. Register or Login
... but it still has a better chance of getting caught more quickly, I think.
I think that's generally right. That's why I'm happy with apt-get stable debian, perhaps the safest around. Once we start after the most current, or allow 'user content' or ppa's, or encourage something idiotic like flatpacks, trust ends. Even compiling from source is suspect, like you actually reviewed the code. I did say a user click. Look how stuff is getting into android. Once 'stable' is extended into 'want' we let our guard down.

I'm aware of the propriety pdf stuff. It's sad the government is so stupid in it's conflicts of interest. I'm still amazed some states went through the silverlight phase. It just proves most aren't paying attention..

Since the potential audience (target) was tiny in this case I suspect a grey hat demonstration.