Deb Installer for Dapper.
Evan Dandrea
xevand at gmail.com
Sun Oct 23 20:49:10 CDT 2005
On 10/23/05, Jerry Haltom <wasabi at larvalstage.net> wrote:
>
> The only reason OS X doesn't have the spyware problem of Windows is
> because there isn't any spyware written for it.
>
> Nothing more.
>
> Same with us. Eventually, if Linux continues to gain ground, we'll have
> spyware too. Not a big deal.
We don't have a problem with spyware, not because we're not as popular as
Windows, but because the security model currently in place prevents spyware
from easily getting installed on an Ubuntu system. Software can only be
installed graphically through Synaptic or gnome-app-install, both of which
use apt which itself only lets approved software (stuff in the repository)
get installed. Other than that you can do a ./configure; make; sudo make
install or dpkg -i, both of which require the console, preventing most users
from downloading any old piece of software off the web and installing it. In
addition to that, as others have already mentioned, you need to enter your
password before installing anything beyond your home directory, though I
don't think this buys us much. I wouldn't underestimate the average user's
willingness to keep giving what you ask of them until they get the expected
result of installed software.
Now, even if malicious software somehow got into the repository, maybe
someone compromised mdz's machine and uploaded a package bundled with a
rootkit, that software could easily be removed and a new version could be
uploaded to the repository to protect users who haven't updated yet from
falling to the same scam. However, if we let everyone on the Internet post
software in a .deb and we willingly install it after a few prompts, and it
turns out to be spyware, we'll, there's really no way of shutting that
website down and getting rid of the spyware.
I think it is a big deal. This is an area where we're able to be miles ahead
of the proprietary software world. We can guarantee much better security and
protection from the kind of nonsense that Windows users currently face by
keeping the package system close to the way it's currently configured.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20051023/dac37910/attachment-0001.htm
More information about the ubuntu-devel
mailing list