LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Linux malware: an incident and some solutions

Linux malware: an incident and some solutions

Posted Dec 24, 2009 19:11 UTC (Thu) by rickmoen (subscriber, #6943)
In reply to: Linux malware: an incident and some solutions by rickmoen
Parent article: Linux malware: an incident and some solutions

And, I forgot to mention: Firefox extensions. I note that the Mozilla Organization's https://addons.mozilla.org/ "portal" site contributes substantially to the problem of dangerous user attitudes, by having no entry about source code or licensing on any of the extension entries, but a large, prominent button marked "Download Now" on each. I've encountered Linux users who've been completely unaware that what they fetched via that site was proprietary software from nobody in particular, that they would not have trusted with their user-level security access if they'd been thinking more clearly.

I suggest we of the Linux community work harder to get out the message that, e.g., just because we recommend Adblock and NoScript, that doesn't mean we recommend downloading arbitrary extensions from any-old-where, and that, when we provide URLs to Adblock and NoScript's upstream Web sites, we don't mean you should get it from there: You should get maintained, audited packages from your distro maintainers, where available -- and assume code is dangerous unless you have reason to think it isn't.

Rick Moen
rick@linuxmafia.com

(Log in to post comments)

NoScript and Adblock

Posted Dec 25, 2009 3:10 UTC (Fri) by pflugstad (subscriber, #224) [Link]

I completely agree with you. But then you went and mentioned NoScript and AdBlock:

http://lwn.net/Articles/332093/

Intentional?

Pete

NoScript and Adblock

Posted Dec 26, 2009 7:48 UTC (Sat) by rickmoen (subscriber, #6943) [Link]

Pete wrote:

http://lwn.net/Articles/332093/

{shrug} The best solution to upstream antics is the one Jake Edge mentions, distro packages, which I always strongly, strongly encourage Linux newcomers to favour over going to upstream (absent rare reasons to the contrary). But NoScript / Adblock even with upstream antics are better than lacking them. Fortunately, both extensions are open source -- as many extensions advertised on https://addons.mozilla.org/ are not.

(My view, yours for a small royalty fee and waiver of reverse-engineering rights).

Rick Moen
rick@linuxmafia.com

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds