Language Selection

English French German Italian Portuguese Spanish

The Malware Problem (and a solution)

Filed under
Linux
Software
Security

So, there have been some discussions about possible solutions for this issue. Some have proposed that we add a review process to all of this, so that anything that gets uploaded gets a security check from some KDE developers. That's a neat idea on paper. But only there. This couldn't possibly work out, for two reasons: 1) Manpower - We simply don't have enough of that. 2) Responsibility - Who wants to be responsible for letting Malware slip through your fingers? This can happen to anyone, and it would be pretty embarrassing. I certainly wouldn't want to be responsible for anything.

Back when we designed the scripting system for Amarok 2 (QtScript, in-process), Ian Monroe and I realized that there isn't really any way to make it secure on a technical level. Sandboxing, automatic malware detection, flying cars - all this works somehow in theory, but in reality it requires some Bruce Schneier to do it, which we don't have (there is only only one Schneier, I guess). So basically we realized that the system would be unsafe, and that we would have to live with it. Amarok is very vulnerable to Malware scripts, because scripts can access most of Amarok, and Qt, and whatnot. Any Joe Schmoe could hack up a two-liner script that deletes your $HOME. So we accepted that reality, and tried to think of some other methods for making it all safer. What we came up with is this:

Rest here




More in Tux Machines

Today in Techrights

Still running 32 bit Ubuntu?

I’m considering a proposal to have 16.04 LTS be the last release of Ubuntu with 32 bit images to run on 32 bit only machines (on x86 aka Intel/AMD only – this has no bearing on ARM). You would still be able to run 32 bit applications on 64 bit Ubuntu. Read more

NVIDIA GeForce GTX 970 Offers Great Linux Performance

Since last month's Linux review of the GeForce GTX 980 as NVIDIA's newest high-end GPU powered by their Maxwell architecture, many Phoronix readers have been requesting Ubuntu Linux tests of the GTX 970 too. I've now got my hands on an EVGA GeForce GTX 970 and am putting it through its paces today. Read more

GTK+ Gains Experimental Overlay Scrollbars

The overlay scrollbar work that was committed on Monday is about improving the scrolling experience for those using GTK+ applications from touch screens. This prototype widget allows for showing a scroll position indicator on touch screens while hiding the scrollbar -- it sounds similar to Ubuntu's GTK2/GTK3 overlay scrollbar support for Unity. Read more