Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

A Friendly Reminder To Be Careful About What You Install

  • Please log in to reply
1 reply to this topic

#1 Guest_hollowface_*


  • Guests

Posted 16 December 2016 - 04:53 PM


When picking a distro to use, you are trusting it. So ask yourself, "Why should I trust this distro?" For example, I trust Debian. Why? Because Debian has been around a long time, it is very well known, it is financed by donations, and it has a large number of developers involved in its creation. The same applies when installing software on your distro, "Why should I trust this program?", and bear in mind that most of us users are not capable of self-vetting a program's code for anything hinky.

When installing software, keep in mind that lesser known projects are often less vetted by the community, which means if there is malicous code in it, it may not have been discovered by anyone yet. You could even be patient zero. Anyone can make a friendly looking website, that doesn't mean their project is safe, neither does the term opensource. Even if an author is writing honest software, lesser known projects tend to get less usage, which means security holes and dangerous bugs are less likely to be discovered and fixed. On the flip-side it's also important to remember that while there can be safety in numbers, just because a project is popular, doesn't mean it's safe either. Odds are that the majority of users have never looked at the code. If their trust is misplaced, and your trust is based soley on theirs...

While not all distros do, many of the major Linux distros provide vast software repositories. This not only makes it easier to install software, but also provides a go-to location for software. If the repo has a vetting process, and you trust that process, you now have access to a massive quantity of software you can trust. For example, I generally trust the Ubuntu repositories. Why? Because the Ubuntu Security Team, employed by Canonical, audits many of the packages from the main and restricted repos, many packages included in Ubuntu's repositories are taken from Debian's repositories (Debian has its own testing Teams for packages), and both Ubuntu and Debian have massive user bases who actively use the repositories.

I'm not saying don't use lesser known projects, or that you should use popular ones. I'm not saying don't venture outside your distro's repos, or that you should use your distro's repos. Your distro may not even have repos. Personally I create and distribute several lesser known projects, none of which are available in any distro's official repos. Yet when I install software I tend to install well known projects from my distro's default repos (if it has any). Though sometimes not. What I am saying is, you are giving a certain amount of trust to anything you install, so be careful about what you install. The Linux community is a pretty safe place, but in order to keep it this way, users must stay vigilant.

BC AdBot (Login to Remove)



#2 wizardfromoz


  • Banned
  • 2,799 posts
  • Gender:Male

Posted 16 December 2016 - 05:54 PM

Worthy of being pinned, friend hollowface :thumbup2:


:wizardball: Wizard

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users