Software updater snuck in a package that is unwanted

Bret Busby bret.busby at gmail.com
Tue Oct 17 06:55:37 UTC 2017 

On 17/10/2017, C de-Avillez <hggdh2 at ubuntu.com> wrote:
> On Tue, 17 Oct 2017 06:51:01 +0800
> Bret Busby <bret.busby at gmail.com> wrote:
>
>> Apparently, this trojan horse has the effect that, to remove it, so as
>> to revert to manually performing upgrades (which is as it should be),
>> I have to wreck the system, by removing the desktop system and the
>> operating system core.
>
> Wait. This is a serious assertion: that a security update is a trojan.
>
> So, first of all, what is the package? what is your Ubuntu version?
> Which repositories are active, and from where?
>

The Ubuntu version is
"
$ uname -a
Aspire-V3-772-UbuntuMATE 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12
14:59:54 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
"

It is v16.04.x (that appears to be not included in the response to the
uname-a command).

I had explicitly named and described the package

"
Synaptic shows it (I think) as unattended-upgrades", with the
description "automatic installation of security upgrades".
"

> Finally, what made you conclude it is a trojan, or any other type of
> malware?
>

1. It is classed as a "Ubuntu base" update.

2. It would do things to my system, that are unwanted and malicious,
including but not limited to, the disruption of my use of the computer
system, such as disrupting my work when it wants to install upgrades,
like MS Windows does, that prevents my wife (wh is an MS Windows user
and software developer) from using her computers, for hours at a time,
when they go into automated system update disruption.
That it is like having cancer with secondaries in the brain, or, like
deliberate infection with AIDS, is that, in trying to remove it
(Synaptic -> Mark for removal), the message comes up

"
The following changes are required in order to proceed.
To be removed
ubuntu-mate-core
ubuntu-mate-desktop
"

If it was not like having cancer with secondaries in the brain; if it
was not like being deliberately infected with AIDS; if it was not a
trojan, it would be able to be safely excised without affecting any
other package.

As it is, it has eliminated Ubuntu as being, for me, a trusted and
recommended operating system, and, lowers the status of Ubuntu Linux,
to the same status, for usability and trustworthiness, as MS Windows.

The package should never have been included in the software updater as
it is, as part of the "Ubuntu base", in the Ubuntu Software Updater,
but, for anyone who wants it, they should have needed to seek it out,
and install it as an optional add-on, using something like the Ubuntu
Software Centre.

So, to me, the inclusion of that package, the nature of the package,
and, what is required to remove that package, make that package a
deliberate act of sabotage.

-- 

Bret Busby
Armadale
West Australia

..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................

More information about the ubuntu-users mailing list