Language Selection

English French German Italian Portuguese Spanish

The Malware Problem (and a solution)

Filed under
Linux
Software
Security

So, there have been some discussions about possible solutions for this issue. Some have proposed that we add a review process to all of this, so that anything that gets uploaded gets a security check from some KDE developers. That's a neat idea on paper. But only there. This couldn't possibly work out, for two reasons: 1) Manpower - We simply don't have enough of that. 2) Responsibility - Who wants to be responsible for letting Malware slip through your fingers? This can happen to anyone, and it would be pretty embarrassing. I certainly wouldn't want to be responsible for anything.

Back when we designed the scripting system for Amarok 2 (QtScript, in-process), Ian Monroe and I realized that there isn't really any way to make it secure on a technical level. Sandboxing, automatic malware detection, flying cars - all this works somehow in theory, but in reality it requires some Bruce Schneier to do it, which we don't have (there is only only one Schneier, I guess). So basically we realized that the system would be unsafe, and that we would have to live with it. Amarok is very vulnerable to Malware scripts, because scripts can access most of Amarok, and Qt, and whatnot. Any Joe Schmoe could hack up a two-liner script that deletes your $HOME. So we accepted that reality, and tried to think of some other methods for making it all safer. What we came up with is this:

Rest here




More in Tux Machines

Post/Node #111111

This is the 111111th node. It's a special number and a milestone for us. Will we have reached the 222222nd by 2030? Time will tell. Maybe Drupal won't even be around by then.

Ubuntu: Didier Roche's Interviews Series and Resurgence of Ubuntu Touch

  • Welcome To The (Ubuntu) Bionic Age: Behind communitheme: interviewing Aaron
    I’m Aaron Papin and I’m from Trinidad and Tobago. I work at an IT consultancy that specializes in open-source solutions for SMBs. I’m a technician, but I also work in designing and deploying websites and even on ads from time to time. It’s pretty freeform and fun. I knew of Linux for years, but I only dove in after a hard drive failure a couple years ago. Because why not at that point? It didn’t take me long to start using it mostly full time (games). Even though I’ve worked on my own themes in the past, I’m still pretty new to the Linux community. Hobby-wise, I really like TV, cooking, video games and keeping fit when I’m not on an “extended break”.
  • Purism and UBports officially collaborate to offer Ubuntu Touch on Librem 5
    Purism and UBports are partnering to offer Ubuntu Touch as a supported operating system on Purism’s Librem 5 smartphone. Being able to work with Purism and focus on the Librem 5 hardware platform ensures that the Ubuntu Touch mobile operating system developed by UBports will be well supported, tightly integrated, and that future compatibility will remain. When the Librem 5 is delivered to pre-order customers, it will become one of just a few smartphones that support the free and open source operating system.
  • Open Source Smartphone Librem 5 Will Officially Support Ubuntu Touch
    When Canonical decided to halt the development of Ubuntu Touch mobile operating system, it came as a surprise to many. However, due to the lack of interest of smartphone manufacturers and community, this tough decision was taken. Later, UBPorts decided to take up the Ubuntu Touch development work.
  • Purism Partners with UBports to Offer Ubuntu Touch on the Librem 5, Red Hat Storage One Launches and More
    Purism has partnered with UBports to offer Ubuntu Touch on its Librem 5 smartphone. By default, the smartphone runs Purism's PureOS, which supports GNOME and KDE Plasma mobile interfaces. UBports is ensuring Ubuntu Touch will run on the phones as well, so the Librem 5 can "now offer users three fully free and open mobile operating system options".

BSD: DragonFlyBSD's Latest and NetBSD 8.0 Release Candidate 1

Games Leftovers