Language Selection

English French German Italian Portuguese Spanish

The Malware Problem (and a solution)

Filed under
Linux
Software
Security

So, there have been some discussions about possible solutions for this issue. Some have proposed that we add a review process to all of this, so that anything that gets uploaded gets a security check from some KDE developers. That's a neat idea on paper. But only there. This couldn't possibly work out, for two reasons: 1) Manpower - We simply don't have enough of that. 2) Responsibility - Who wants to be responsible for letting Malware slip through your fingers? This can happen to anyone, and it would be pretty embarrassing. I certainly wouldn't want to be responsible for anything.

Back when we designed the scripting system for Amarok 2 (QtScript, in-process), Ian Monroe and I realized that there isn't really any way to make it secure on a technical level. Sandboxing, automatic malware detection, flying cars - all this works somehow in theory, but in reality it requires some Bruce Schneier to do it, which we don't have (there is only only one Schneier, I guess). So basically we realized that the system would be unsafe, and that we would have to live with it. Amarok is very vulnerable to Malware scripts, because scripts can access most of Amarok, and Qt, and whatnot. Any Joe Schmoe could hack up a two-liner script that deletes your $HOME. So we accepted that reality, and tried to think of some other methods for making it all safer. What we came up with is this:

Rest here




More in Tux Machines

Linux 4.1 Has Improvements For The Multi-Queue Block Layer

The latest good stuff for the Linux 4.1 kernel are the block core improvements, which mostly are focused on improving the multi-queue block layer (blk-mq). Read more

Watch Out Google, DARPA Just Open Sourced All This Swish 'Dark Web' Search Tech

Google appears to be an indomitable force. But, with today’s release from the US military’s research arm of its Memex search technologies and Europe’s competition investigation into the Mountain View giant, it might be a propitious time for tech-minded entrepreneurs to start building a Google killer. Read more

ExTiX 15.2 Is Based on Ubuntu 15.04 and Debian 8 Jessie, Features LXQt and KDE Editions

After announcing his new RaspArch distribution that helps users run the powerful Arch Linux distribution on a Raspberry Pi 2 Model B computer board, Arne Exton informed Softpedia about the immediate availability for download of the ExTiX 15.2 Linux operating system. Read more