Language Selection

English French German Italian Portuguese Spanish

The Malware Problem (and a solution)

Filed under
Linux
Software
Security

So, there have been some discussions about possible solutions for this issue. Some have proposed that we add a review process to all of this, so that anything that gets uploaded gets a security check from some KDE developers. That's a neat idea on paper. But only there. This couldn't possibly work out, for two reasons: 1) Manpower - We simply don't have enough of that. 2) Responsibility - Who wants to be responsible for letting Malware slip through your fingers? This can happen to anyone, and it would be pretty embarrassing. I certainly wouldn't want to be responsible for anything.

Back when we designed the scripting system for Amarok 2 (QtScript, in-process), Ian Monroe and I realized that there isn't really any way to make it secure on a technical level. Sandboxing, automatic malware detection, flying cars - all this works somehow in theory, but in reality it requires some Bruce Schneier to do it, which we don't have (there is only only one Schneier, I guess). So basically we realized that the system would be unsafe, and that we would have to live with it. Amarok is very vulnerable to Malware scripts, because scripts can access most of Amarok, and Qt, and whatnot. Any Joe Schmoe could hack up a two-liner script that deletes your $HOME. So we accepted that reality, and tried to think of some other methods for making it all safer. What we came up with is this:

Rest here




More in Tux Machines

Linux Graphics

Sean Michael Kerner on the Linux Foundation's Projects

  • MirageOS Unikernel Effort Moves Forward
    Linux Foundation backed Xen Project helps to advance the state of the MirageOS unikernel operating system with a new release that now supports the KVM hypervisor. The open-source MirageOS unikernel project reached a major milestone on Feb. 23, with the launch of MirageOS 3.0. The basic idea behind a unikernel is that it is a highly-optimized and purpose-built operating system that can help to enable efficient operation and delivery of applications. The MirageOS 1.0 release debuted back in December 2013 as an effort led by the Linux Foundation's Xen hypervisor virtualization project. With the new MirageOS 3.0 release, the unikernel is now expanding beyond the confines of the Xen hypervisor and now also supports the KVM and Bhyve hypervisors as well.
  • Linux Foundation Forms New Open Network Automation Project
    Today the Linux Foundation consolidated the ECOMP and OPEN-O project to form the new Open Network Automation Project (ONAP). ECOMP perhaps has had the shortest life-span of any Linux Foundation project, lasting barely a month. ECOMP only becamean official Linux Foundation project a few short weeks ago, after being donated by AT&T. The Enhanced Control, Orchestration, Management and Policy (ECOMP) is an effort that AT&T has been building for several years to help enable its network transformation for virtualization. OPEN-O on the other hand was announced a year ago, as the Open Orchestrator effort.

Red Hat on Programming

  • Top 3 machine learning libraries for Python
    You don't have to be a data scientist to be fascinated by the world of machine learning, but a few travel guides might help you navigate the vast universe that also includes big data, artificial intelligence, and deep learning, along with a large dose of statistics and analytics. ("Deep learning" and "machine learning" are often used interchangeably, so for a quick terminology primer that might help you understand the difference, read Nvidia's blog post, What's the Difference Between Artificial Intelligence, Machine Learning, and Deep Learning?) In this article, I'll look at three of the most popular machine learning libraries for Python.
  • Which is the best programming language for beginners?
    What is the best language for a budding programmer to get their start with? There are probably as many opinions about which language is best for beginners as there are languages to choose from. And the options change all of the time. When we asked this question two years ago, Python came out on top as the clear winner. But is it still the best choice today?

Games for GNU/Linux