Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ubuntu, does not 'Security Check' Snap packages.


  • Please log in to reply
44 replies to this topic

#1 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 12 May 2018 - 09:23 PM

What prompted this topic.....HERE

 

What are snap packages ?...HERE

 

from THIS article.....

 

Anyone can create and submit a snap package to the Ubuntu Snap Store/official Ubuntu Snap Store.

 

Submitted snaps do not go through a security check, similar to the apps submitted to the iOS App Store and Google Play Store.

 

With this incident, the Ubuntu Snap Store takes its place in the pantheon of app stores that have suffered malware infections, right next to the Chrome Web Store, the Google Play Store, the Apple App Store, and the Windows Store.

 

The initiator of the bitoin miner laden snap app's email address was "myfirstferrari@protonmail.com"........and had he succeeded, he may well be on his way to attaining that goal.

 

What the hell is the matter with you Ubuntu ??!!.../ Mark Richard Shuttleworth (born 18 September 1973) is a South African entrepreneur who is the founder and CEO of Canonical Ltd., the company behind the development of the Linux-based Ubuntu operating system

 

Have you "done a Bill Gates"...made your money and now dont give a stuff ????

 

 

Lift your game....otherwise the end result is laughably predictable.

 

 

 

 

 


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

BC AdBot (Login to Remove)

 


#2 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,874 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:07:47 PM

Posted 12 May 2018 - 09:59 PM

First they drop Unity now this, no wonder I use Arch



#3 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 802 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 AM

Posted 13 May 2018 - 12:46 AM

The whole idea of getting things from a central "store" is that it's more secure, because the packages on it have been checked.

 

If you're not going to perform the necessary security checks on the stuff hosted there, then you might as well get rid of the "store" system altogether, because all it really becomes then, is an easy centralised target for the malware purveyors to hijack and utilise.

 

At least if you're getting your software "all over the place" they have to work at finding which places to attack.



#4 The-Toolman

The-Toolman

  • Members
  • 1,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 13 May 2018 - 03:14 AM

If I read right snaps aren't installed unless a user installs the snap install app and only then can snaps be installed from the snap app store.

 

Is this correct? :scratchhead:

 

 

Update.

 

I can open terminal and enter snap list and it will show what snaps are installed.

 

Apparently some snaps are installed as default so it's good to check imo. :thumbup2:


Edited by The-Toolman, 13 May 2018 - 04:10 AM.

I'm grumpy because I can be not because I'm old.

 

The world is what you make of it, if it doesn't fit, you make alterations.

 

Under certain circumstances, profanity provides a relief denied even to prayer.  (Mark Twain)


#5 MadmanRB

MadmanRB

    Spoon!!!!


  • Members
  • 2,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No time for that when there is evil afoot!
  • Local time:05:47 AM

Posted 14 May 2018 - 08:05 AM

This is unfortunate as I am a big supporter of a more universal installer for linux in general.

One of the biggest issues facing linux is no one real universal package installer.

And there are so many drawbacks to .deb, .rpm and tar.gz

Mainly dependencies a bane to many new linux users

Then you have source code packages, sure yes a lot of people love source code packages but if you are new to linux you will wonder why linux doesnt just have a simple .exe type installer like windows does.

I do think both flatpack and snapper are a good thing as really we do need something to succeed both .deb and .rpm that is not some commandline/compile solution.
Again its not going to be perfect but efforts like this are a good thing even if some remain stubborn in using compiling to get by.
Me i am open to everything as long as I see where the benefits are, there will never be one universal package manager or package for linux but both flatpack and snapper are great efforts IMHO.
I tend to look at things different, as a former windows user I do think there are some drawbacks to linux and those drawbacks are just as true now as they were in 2004.
We do need something more than source code packages and dependencies and eliminate the need for so many package types.
I am not saying binary blobs are flawless, windows has had proven that but on the same token linux could get more traction if we had some widely used package.

Edited by MadmanRB, 14 May 2018 - 08:06 AM.

You know you want me baby!

Proud Linux user and dual booter.

Proud Vivaldi user.

 

ljxaqg-6.png


#6 iiSplitzii

iiSplitzii

  • Malware Study Hall Sophomore
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 15 May 2018 - 10:39 AM

I dont trust the store because since Linux is becoming slowly more mainstream bc of SteamOS and people building HTPC for using Kodi and using linux so people who dont want to use .deb .rpm or .tar.gz use the store of the given distro so that opens the door up to more people who'll exploit the system especially since people are making builds of Kodi that collect user information (Kodi does not) and if they want to be more malicious, they could monitor everything that the user is doing and use it for personal gain (like facebook) but if more people decide to switch to Linux, its up to the good members of the comunity to make user/noob friendly versions of linux that arent mint or ubuntu.



#7 MadmanRB

MadmanRB

    Spoon!!!!


  • Members
  • 2,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No time for that when there is evil afoot!
  • Local time:05:47 AM

Posted 15 May 2018 - 11:02 AM

No we just need more maintainers and a tougher look at what goes into the repos.

I mean yes this is a side effect of linux becoming more mainstream but at the same time i rather linux become more mainstream than say OSX... just not windows.


You know you want me baby!

Proud Linux user and dual booter.

Proud Vivaldi user.

 

ljxaqg-6.png


#8 iiSplitzii

iiSplitzii

  • Malware Study Hall Sophomore
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 15 May 2018 - 11:21 AM

Linux will never end up as windows, besides in popularity hopefully, but hopefully it becomes more secure and safe then any other operating system we can think of in the near future.



#9 MadmanRB

MadmanRB

    Spoon!!!!


  • Members
  • 2,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No time for that when there is evil afoot!
  • Local time:05:47 AM

Posted 15 May 2018 - 11:29 AM

Well actually i can see linux surpassing windows one day, may not a pure linux like Ubuntu or Arch but I can see a desktop version of android and ChromeOS being real contenders.

ChromeOS especially as its getting new features like android support and debian compatibility.


Edited by MadmanRB, 15 May 2018 - 11:30 AM.

You know you want me baby!

Proud Linux user and dual booter.

Proud Vivaldi user.

 

ljxaqg-6.png


#10 iiSplitzii

iiSplitzii

  • Malware Study Hall Sophomore
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 15 May 2018 - 12:27 PM

Yeah, as soon as I heard that chromeOS is actually becoming more mainstream in school etc etc, and Android x86 is becoming more popular and getting desktop versions, it'll be soon that people are going to get rid of tablets and computers and just use their phones as a computer (like what Razor and Samsung are doing) with a dock.



#11 MadmanRB

MadmanRB

    Spoon!!!!


  • Members
  • 2,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No time for that when there is evil afoot!
  • Local time:05:47 AM

Posted 15 May 2018 - 12:33 PM

Well the desktop computer is still not going anywhere, in fact despite this being the dark ages for pre built PC's there is a Renascence for DIY builds and non mainstream prebuilt PC's such as originPC.

But yes tablets are a dead end, we will see a resurgence of laptops here soon to be sure.


You know you want me baby!

Proud Linux user and dual booter.

Proud Vivaldi user.

 

ljxaqg-6.png


#12 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W

  • Topic Starter

  • Members
  • 5,809 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:47 PM

Posted 15 May 2018 - 09:32 PM

hopefully it becomes more secure and safe then any other operating system we can think of in the near future

 

No we just need more maintainers and a tougher look at what goes into the repos.

 

I dont trust the store because since Linux is becoming slowly more mainstream

 

Lets face a few hard facts......the above quotes from both Madman and iiSplitzii, are , as far as I can see, quite accurate/disturbing.

 

 

If the various repositories that we access in order to download a new program are not "clean"........then we fall into the same boat/mess as Windows.    (I include flatpack/snapper/flathub etc etc in "repositories")

 

Follow the thread/trail that has started here......(or in fact started some time ago)

 

Windows has programs available all over the place.......you literally have thousands of available places to download whatever you like.

 

Because of the popularity/extensive 'spread' of windows this has been seen to provide an opportunity to those wanting to make a fast buck......insert malware if they just wish to destroy what others have, scam..in order to take the downloader to another site to in some way extract $, ransomware to extract dollars and 'provide a service' by supplying a 'get my info back' key after the $ have changed hands (securely), and the list of money making ventures goes on and on. There appears to be no limit to the extent of the damage able to be done to the windows system and therefore windows users

 

There are those of us who are wary enough to educate ourselves in the safe practises which will keep us at arms length from the creeps who do this.

 

The vast majority of PC users have no clue....nor do the majority wish to have a clue. They need the pc to be there, available, ready, and capable of accessing what they want at a moments notice.  If it gets seriously fouled up they will either chuck the pc/laptop in the bin and buy another, or they may end up on another nefarious site and really get sucked in ....losing many, many dollars in the process....(and then they will chuck the pc and buy another). Or....they may end up at BC or similar, and their problems will disappear for a short time/long time depending on obvious factors.

 

The summary of the above waffle is : Windows......wide open for exploitation. Shows NO signs of that situation being altered for the good. Updates come from msft. Apps (programs etc) come from hundreds of thousands of different sources.

 

Linux/Ubuntu: Regarded as bulletproof. No malware, no anti virus needed, Just do whatever you like/browse to whatever you want to, click on whatever. All good

 

Updates come from  secure repository. Apps (programs) come from software manager (called different things in different distros, ,but essentially the same)..again...secure

 

Enter......flatpack/snaps and other similar 'stores' of apps for Linux/Ubuntu etc....apparently insecure......in other words malware can be attached/included with an app...(HERE)

 

All this at the same time as Linux etc is growing in popularity.

 

The outcome...?.....do I hear the word ...'Predictable'...?


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#13 MadmanRB

MadmanRB

    Spoon!!!!


  • Members
  • 2,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No time for that when there is evil afoot!
  • Local time:05:47 AM

Posted 15 May 2018 - 09:37 PM

The thing is we cant let doom and gloom become the standard either, learn the lessons from this and just try to do better.

I personally still wish to see get more widely used and more popular despite this.

Microsoft has had a stranglehold on the desktops, Apple computers are crap and overpriced.

Granted yes there will be more opportunity to create malware for linux, it was bound to happen one day though.

I still want to see linux enter the mainstream, to lea fear and paranoia rule is is to not let linux grow.


You know you want me baby!

Proud Linux user and dual booter.

Proud Vivaldi user.

 

ljxaqg-6.png


#14 The-Toolman

The-Toolman

  • Members
  • 1,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 16 May 2018 - 02:58 AM

Hopefully the Linux  Developers will be smart enough to keep Linux the way it is as it doesn't need to become Microsoft Windows.

 

Why everyone moves from Windows OS to Linux because they dislike Windows and then complains how Linux needs to be more Windows like. :scratchhead:

 

Linux doesn't need Snap packages as Deb packages and tar packages are fine along with command line.

 

That's one of the cool things about Linux is it is UN WINDOWS LIKE.

 

If you move to Linux then learn to use Linux and if you want Windows like OS go back to Windows.


I'm grumpy because I can be not because I'm old.

 

The world is what you make of it, if it doesn't fit, you make alterations.

 

Under certain circumstances, profanity provides a relief denied even to prayer.  (Mark Twain)


#15 MadmanRB

MadmanRB

    Spoon!!!!


  • Members
  • 2,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No time for that when there is evil afoot!
  • Local time:05:47 AM

Posted 16 May 2018 - 03:16 AM

The-Toolman... Wrong!

 

The whole "go back to windows" argument is utter crap, it is the fallback of the elitist linux purist and it doesnt work.

 

I myself am what you call a "casual user", despite my knowledge of linux and computers I am still in the end a casual user.

I am not a programmer, I rarely if any use the command line and really the only major thing I do is what the average user does: Browse the internet and occasionally play games.

I dont have a degree in IT, I dont have a background in Java or Python and no I dont accept Richard Stallman as the holy lord and savior.

I am a “end user” and I often think like a “end user”

I am not a programmer, I have no interest in it.

As for software compiling, yes i am able to do it but it can be very tedious that is all.

Some users like myself just want things to work, we dont care for compiling nor we really want to learn python or something like that.

Go ahead and tell a long time windows user who jumped on board with linux to go around compiling packages they may give you the big shrug and either go back to windows or buy a mac because of your elitist attitude.

I often think like the casual user as I am one, i dont use linux to compile code or learn python or java or whatever.

I use it as a alternative to windows, and its very good at that job.

Different people have different needs though and while i am smarter than the average windows user I still like distros where i dont have to get my hands dirty.

I leave that to the source code masochists.

But hey I guess for you if I cannot compile source code or program i guess I dont have a right to use linux then and need to go back to windows or buy a Mac, nope never.

I may use windows from time to time but I still prefer linux as Windows has more than its fair share of issues, and to hell with apple and their overpriced useless garbage.

But one can learn at ones own pace, I know I did.
I didnt wake up one day knowing what i do now about computers or OS’s i did that at my own pace.
I know for some only reading manuals and wikis are the only true way to learn the system.
And for others anyone who wants things easier just because its how it is on windows/mobile.
Now of course there will people who will never learn and thats fine, doesnt totally make them stupid just ignorant of how things work.
I am not saying the OS should babysit the end user but there is a good reason why windows and smartphones are popular among users.
Because windows iOS and android stay out of the way of the end user.
If a problem arise yes people will ask questions and people are bound to answer them.
But if we just slam the manual down on the table and scream “read this and dont bother me dumb ass!” then no one will be willing to learn.


Edited by MadmanRB, 16 May 2018 - 03:21 AM.

You know you want me baby!

Proud Linux user and dual booter.

Proud Vivaldi user.

 

ljxaqg-6.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users