Ubuntu blues

[Peter Damoc]

On Sat, 11 Dec 2004 09:01:19 +0100, Tollef Fog Heen <tfheen at canonical.com> wrote:
> | Also, as for this 'Linux is more difficult to exploit' stuff, I don't
> | really believe it to be honest. It doesn't really matter anyway since
> | the main problem is USER CONSNETED SPYWARE INSTALLS. Please tell me
> | how Linux is going to stop this? How can you stop someone installing
> | spyware.deb or whatever when they type their password and press OK -
> | answer? You can't.
>
> It's a lot easier to track down and remove for somebody who knows how
> UNIX works.  Yes, I agree that's not an answer to a beginner.  So, let
> me rather ask the question: why would you download a .deb from
> somewhere and install that rather than rely on your central
> repository?  You have loads and loads of free software which does not
> include spyware (since spyware, if it came with the software, would be
> removed by whoever packaged it).

Windows users don't have a central repository of trusted software... download.com actually adds spyware to some of the software it redistributes.
So.... a simple "this software does not come from a trusted source. It might contain malicious code. Are you sure you want to install it?" would solve some of the problems. As an alternative a "guardian"  could suggest installing the software first inside a virtual machine and audit at least its installation (make sure it does not install services for example). Education could also be implemented as part of the install dialogs ("Click here to learn more about untrusted software").

Users are curious, some will install stuff in spite of all warning but still... some might wise up.

-- 
Peter Damoc
jack of all trades, master of none
http://www.sigmacore.net/