to be honest though you can do the same with most windows install files, MSI's .exe's are usually just a zip of all the dll's, cab's and exe's, even somtimes a few batch files and vbscripts. The average user won't look inside their installers, and may not know what they are looking at if they did. Even advanced users won't do open them all the time and then will they scour through some obscure perl/python/ruby code? Adding it to a repository scanner could be useful for the admins of repos to run as an extra layer though, it really comes back to same issue don't install software from somewhere you don't trust, which can be very difficult for windows users. But not so much for Linux users, stick to pretty much the standard repo's and most malicious software will get caught by the many eyes alone.
On Mon, Dec 14, 2009 at 9:20 PM, Christopher Lees <christopher_l...@iprimus.com.au> wrote: > On Mon, 2009-12-14 at 02:59 +0000, Paul wrote: > >> Just a quick follow-up from our previous discussions about viruses on >> Linux. This is why we still need to be careful: >> >> * >> http://digitizor.com/2009/12/10/ubuntu-malware-for-ddos-attack-found-in-screensaver/ >> * >> http://www.omgubuntu.co.uk/2009/12/malware-found-in-screensaver-for-ubuntu.html >> >> Backups and common sense are your most valuable allies! >> >> Paul > > Actually, the openness of Linux is also useful in detecting threats from > Debian packages. You can open Debian packages in File Roller / other > archive manager. Then you can see the preinst, postinst and prerm > scripts and you can have a look at where the package will put files. > > Then if it's all okay, you can install the package. > > I'm thinking of writing a program to help audit the control scripts and > where files get placed; you know, raising a warning if anything get put > into your init scripts or Upstart and raising a warning if "wget" or > "rm" get used inside the control scripts. > > Anyone else interested in this? > > Chris > > > -- > ubuntu-au mailing list > ubuntu-au@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-au > -- ubuntu-au mailing list ubuntu-au@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-au
