[conspire] computer security

paulz at ieee.org paulz at ieee.org
Mon Mar 8 09:58:05 PST 2021


 Part way through it says:
   we have to somehow convinced the user to download and install our awesome new game
Which translates to "installing random software".  In the Windoz world getting software online means going to all sorts of places.  Even "legitimate" websites play games, like have a box pre-checked to download some other thing, like McAfee, at the same time.
In Linux, virtually every thing most people need is available as a package from a standard repository for Debian, Ubuntu or other.  And using the package manager takes care of dependencies on other libraries so it is more likely that the newly downloaded program will run without manual fussing.  
Of course this is not totally cyber-proof. I recall a few years back that a major Linux repository was hacked.

    On Sunday, March 7, 2021, 12:11:50 PM PST, Rick Moen <rick at linuxmafia.com> wrote:  
 
 Quoting Ivan Sergio Borgonovo (mail at webthatworks.it):
> On 3/6/21 23:22, Rick Moen wrote:

> >The sort of unfocussed paranoia McAfee is quoted as voicing is the mark
> >of a rank amateur.  It's been my experience that the anti-virus /
> >computer security industry has more than its share of such people,
> >that it has a large bushwah quotient.
> 
> I recently stumbled into this:
> 
> https://www.offensive-security.com/metasploit-unleashed/binary-linux-trojan/
> 
> OH REALLY!
> If you start installing random software...

...especially with root-user authority...

> ...you risk to get a trojan.  And that proves that "client side
> attacks and trojans are not exclusive to the Windows world".
> 
> And I bet... that's why even if you're running Linux, you need our
> training.

They really didn't even _try_ very hard, on that one.

But, the depressing thing is, this kind of broken thinking is _routine_
in tech reporting about computer/network security and "malware".  (Of
course, that's largely because most tech reporting is cribbed from
industry press releases, and the press releases from
antimalware/security companies consist mostly of self-serving drivel.)


_______________________________________________
conspire mailing list
conspire at linuxmafia.com
http://linuxmafia.com/mailman/listinfo/conspire
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20210308/3cb4ec2b/attachment.html>


More information about the conspire mailing list