@fatboy well deserved.. also sad that these specimens exist among my kind. so senseless.

@normandc @fatboy that strangely satisfying moment when you don't seek utopia any specific where but are glad to find dystopia everywhere :)

@fatboy using windows defender as your only antivirus? well deserved.

@fatboy
Tbh most people don't read the source code of new Linux software and usually don't run anti-virus on Linux. Linux security really isn't better than windows at all, save for security through obscurity

@legend @fatboy not necessarily, there's just usually no need to run binaries from untrusted sources on Linux. In Windows world it's a norm, and I'm guilty of behaving that way too.

@marcinkaczorek @fatboy like i said, most people who compile software from source don't read the full source code -- I know I sure as hell don't -- there's no major distinction between installing software you haven't read the source code of, and installing software from binary

I think Windows may full well be safer than Linux because I have virus scanners on Windows and scan unknown binaries, does your Linux have antivirus installed?

@legend @fatboy sorry I think I wasn't clear. You don't need to read the source code if you trust the "source" as in the people who provide the binaries.

@legend @fatboy as long as you stick to sources from your distribution, there's no real need for additional checking. Antivirus is only really needed if you introduce stuff from outside - downloaded from a random site. Then it's wise to at least have a look at the source. But that is not necessary most of the time.

@legend @fatboy compared to Windows this distribution method is far more secure and antivirus is simply not needed.

@marcinkaczorek @fatboy using windows' antivirus to scan unknown binaries takes much less effort than reading the full source code of a non-trivial application, duh

@legend @fatboy Did You not read what I wrote? You don't need to do that. Why would you trust an antivirus then? Did You read it's source code?

@legend @fatboy Ill just add that binaries downloaded from repositories of a distribution are not "unknown" - they came from the distribution you trusted by installing it. Same with windows, you put your trust in microsoft if you decide to use it.

@marcinkaczorek @fatboy it's a pretty big assumption that people use an OS with a package library -- many of us don't

besides it's trivial to add malware to a package repo:
- malware in pip
https://www.darkreading.com/application-security/malware-in-pypi-code-shows-supply-chain-risks/d/d-id/1335310
- malware in NPM
https://www.csoonline.com/article/3214624/malicious-code-in-the-node-js-npm-registry-shakes-open-source-trust-model.html
- malware in Ubuntu SNAP store
https://www.linuxuprising.com/2018/05/malware-found-in-ubuntu-snap-store.html

I know you really want to push your ideology "linux doesn't get malware because it is very secure. window gets lots of malware because it is insecure" but it's fucking wrong and you're a retard because you are either knowingly pushing disinfo or unknowingly pushing disinfo (both are sins).

FYI even REAL Unix is less secure than MS Windows: https://www.itspmagazine.com/from-the-newsroom/sorry-its-a-myth-that-macs-are-more-secure-than-pcs (Mac OSX is a real UNIX)

@legend @fatboy "linux doesn't get malware because it is very secure" - now that's a nice straw man you built. That is not what I wrote.
As long as the user is not cautious, no OS, and no AV will save him from malware.
My argument is, that on most linux distributions, the repos are curated and checked for malware, so if you trust them , you don't need an AV. Random binaries from the internet are something else.

@legend @fatboy
To check those you would need to either check their source code, or disassemble and look for malicious stuff.
In the examples you provided: PIP and NPM are not really designed with security in mind. And given these are code repositories. If you are using them you are responsible to check the code.
Snap store is its own thing and I personally don't trust packages there if I don't trust the publisher.

@legend @fatboy
If I understand correctly. You put your whole trust in an Antivirus, and that to me seems unwise.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.