Linux security
Daniel Carrera
daniel.carrera at zmsl.com
Sat Apr 29 11:07:54 UTC 2006
Toby Kelsey wrote:
> Currently it's important, but if Ubuntu becomes a base for 3rd-party software,
> this distinction will erode. If there was a mechanism for 3rd-party software to
> get a Ubuntu "stamp of approval" (checked for during the install) which means it
> has been audited for sensible behaviour that would help, but this would have to
> be paid for and there would need to be a trustworthy auditing group.
There is already a certification for third-party software in Ubuntu.
It's paid for, like you said. This system could be extended to add a GPG
signature to the package or some such. Aren't .deb packages already
signed in some way?
>>Perhaps. Though the user might wonder why Firefox is suddenly asking him
>>for a password. (this is an example of an attack made more difficult by
>>Ubuntu's design).
>
> Actually I was thinking more of modifying the menu item for Synaptic to start a
> trojan wrapper program. How often do you check what your Synaptic menu item
> actually runs?
Ok. Good point.
On the other hand, how often do you run Synaptic? Yes, you'll get
infected eventually, but hear me out. The fact that you use Synaptic
infrequently means that the speed at which the virus spreads will be
very slow. For a virus to be "successful" on a large scale, it needs to
replicate faster than it can get stamped out. Reducing the replication
rate makes Linux less hospitable to viruses.
Cheers,
Daniel.
--
/\/`) http://opendocumentfellowship.org
/\/_/
/\/_/ ...and starting today, all passwords must contain
\/_/ letters, numbers, doodles, sign language and
/ squirrel noises.
More information about the ubuntu-users
mailing list