Amarok to Better Guard Against Potential Malware
To program an effective virus for Linux is fairly difficult. It's much easier to provide malware disguised as an add-on, however. The Amarok project now wants to protect against that.
Linux users are pretty easy going when it comes to Internet dangers, which can lead to trouble, as was recently revealed in an incident of malware disguised as a screensaver. It's easy to lean back and say, "well, it's your own fault that you downloaded a binary package without first looking at the source code." But the more Linux users there are, the higher the rate that programs are downloaded and installed without much forethought. Security tests may be available, but require a lot of work in view of the magnitude of uploads.
One of the first developers to address this problem is Mark Kretschmann, who recommended a solution for the KDE music player that other projects could also adopt. Even Amarok is an easy target for these attacks. The attacker needs just to disguise one as a "cool" add-on, which Kretschmann claims, for example, could completely wipe out your home directory.
He suggests, therefore, immediately using a version control system (VCS) for all scripts and add-ons. This might increase the entry barrier for prospective Amarok developers, but the detour through a VCS provides a better protection against what Kretschmann calls "crapware" scripts, because all programmers will then know that their code is being reviewed. The scripts in version control can then be downloaded via the Get Hot New Stuff (GHNS) framework in KDE, where additional security measures can be applied. Even if an author manages to inflict malware into the code, the suspect checking it in can still be traced.
Apart from guarding against malware, a mandatory VCS has the further benefit of removing "abandonware" (such as code that was forked and is no longer maintained) or giving it to someone else to maintain.
Issue 261/2022
Buy this issue as a PDF
News
-
KaOS 2022.06 Now Available With KDE Plasma 5.25
The newest iteration of KaOS Linux not only adds the latest KDE Plasma desktop but sets LibreOffice as the default.
-
Manjaro 21.3.0 Is Now Available
Manjaro “Ruah” has been released and includes the latest Calamares installer, GNOME 42, and much more.
-
SpiralLinux is a New Linux Distribution Focused on Simplicity
A new Linux distribution, from the creator of GeckoLinux, is a Debian-based operating system with a focus on simplicity and ease of use.
-
HP Dev One Linux Laptop is Now Available for Pre-Order
The System76/HP collaboration Dev One laptop, geared toward developers, is now available for pre-order.
-
NixOS 22.5 Is Now Available
The latest release of NixOS with a much-improved package manager and a user-friendly graphical installer.
-
System76 Teams up with HP to Create the Dev One Laptop
HP and System76 have come together to develop a new laptop, powered by Pop!_OS and aimed toward developers.
-
Titan Linux is a New KDE Linux Based on Debian Stable
Titan Linux is a new Debian-based Linux distribution that features the KDE Plasma desktop with a focus on usability and performance.
-
Danielle Foré Has an Update for elementary OS 7
Now that Ubuntu 22.04 has been released, the team behind elementary OS is preparing for the upcoming 7.0 release.
-
Linux New Media Launches Open Source JobHub
New job website focuses on connecting technical and non-technical professionals with organizations in open source.
-
Ubuntu Cinnamon 22.04 Now Available
Ubuntu Cinnamon 22.04 has been released with all the additions from upstream as well as other features and improvements.