Centrally managed repositories help a lot, here. Linux users tend not to download random software off of sketchy websites; it’s all installed and kept up to date via the package manager.
Yes, Linux malware and viruses exist, and we shouldn’t pretend otherwise. The usual reason for installing Linux virus scanners is because you’re hosting a file/email server, and you want to keep infected files away from Windows users, tho.
It’s even worse. The server can detect if you are piping it straight into a shell or just downloading the file. It can then send different scripts based on that.
Curl has a limited buffer and bash reads a line and then executes it, before reading the next line.
So first you need a command that takes time if executed. So a delay, downloading a big file, user input work. Next you fill up the buffer. Just your normal script. Maybe some comments etc.
Now the server can detect if after the first kB the stream stops.
Even package managers are vulnerable to many security problems - can they guarantee that apps are not infected either directly or indirectly (through a library)? There is also flathub.
Windows have also an option to verify apps through certificates which isn’t the case with Linux AFAIK. If you want to stay safe on Windows to some degree you can, but the real problem IMO is that Windows is hugely more used and run by less technical persons. 🤷♂️
Centrally managed repositories help a lot, here. Linux users tend not to download random software off of sketchy websites; it’s all installed and kept up to date via the package manager.
Yes, Linux malware and viruses exist, and we shouldn’t pretend otherwise. The usual reason for installing Linux virus scanners is because you’re hosting a file/email server, and you want to keep infected files away from Windows users, tho.
Linux does have some issues with social engineering since any file with the executable bit will run when clicked
Outside of that, you are right
Search for “sudo curl … | sh” and let me know how many hits you get.
Every time I see this a part of be dies inside. It is always a cursed install script that makes problematic changes to the system.
It’s even worse. The server can detect if you are piping it straight into a shell or just downloading the file. It can then send different scripts based on that.
How can it see that? If possible, isn’t that a flaw of curl? I don’t see a good reason for the sever to know what you’re doing with the file
Curl has a limited buffer and bash reads a line and then executes it, before reading the next line.
So first you need a command that takes time if executed. So a delay, downloading a big file, user input work. Next you fill up the buffer. Just your normal script. Maybe some comments etc.
Now the server can detect if after the first kB the stream stops.
Thats not random sketchy websites though.
I would say Linux users who install software from the web knows what sites to trust. The beginners use the app store.
No real Linux user fallacy.
Even package managers are vulnerable to many security problems - can they guarantee that apps are not infected either directly or indirectly (through a library)? There is also flathub. Windows have also an option to verify apps through certificates which isn’t the case with Linux AFAIK. If you want to stay safe on Windows to some degree you can, but the real problem IMO is that Windows is hugely more used and run by less technical persons. 🤷♂️
This isn’t true
Linux package managers typically use GPG which is a much better solution. It is simpler and doesn’t have the unnecessary complexity of certificates.
What security problems do you think package managers are vulnerable to? If the upstream repo is compromised all bets are off regardless of the system.
You are right, GPG signing is good as well. But in both cases you still have unsigned apps.
Yep. And in such case an antivirus software might come handy.