You cannot just read the pre and post install instructions. If there is a compiled binary how are you going to know what it does ?
It isn't that simple. If it was simple to know if a piece of software was dangerous antivirus companies would have a hard time :P 2009/12/14 Morgan Storey <m...@morganstorey.com>: > to be honest though you can do the same with most windows install > files, MSI's .exe's are usually just a zip of all the dll's, cab's and > exe's, even somtimes a few batch files and vbscripts. The average user > won't look inside their installers, and may not know what they are > looking at if they did. Even advanced users won't do open them all the > time and then will they scour through some obscure perl/python/ruby > code? Adding it to a repository scanner could be useful for the admins > of repos to run as an extra layer though, it really comes back to same > issue don't install software from somewhere you don't trust, which can > be very difficult for windows users. But not so much for Linux users, > stick to pretty much the standard repo's and most malicious software > will get caught by the many eyes alone. > > > On Mon, Dec 14, 2009 at 9:20 PM, Christopher Lees > <christopher_l...@iprimus.com.au> wrote: >> On Mon, 2009-12-14 at 02:59 +0000, Paul wrote: >> >>> Just a quick follow-up from our previous discussions about viruses on >>> Linux. This is why we still need to be careful: >>> >>> * >>> http://digitizor.com/2009/12/10/ubuntu-malware-for-ddos-attack-found-in-screensaver/ >>> * >>> http://www.omgubuntu.co.uk/2009/12/malware-found-in-screensaver-for-ubuntu.html >>> >>> Backups and common sense are your most valuable allies! >>> >>> Paul >> >> Actually, the openness of Linux is also useful in detecting threats from >> Debian packages. You can open Debian packages in File Roller / other >> archive manager. Then you can see the preinst, postinst and prerm >> scripts and you can have a look at where the package will put files. >> >> Then if it's all okay, you can install the package. >> >> I'm thinking of writing a program to help audit the control scripts and >> where files get placed; you know, raising a warning if anything get put >> into your init scripts or Upstart and raising a warning if "wget" or >> "rm" get used inside the control scripts. >> >> Anyone else interested in this? >> >> Chris >> >> >> -- >> ubuntu-au mailing list >> ubuntu-au@lists.ubuntu.com >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-au >> > > -- > ubuntu-au mailing list > ubuntu-au@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-au > -- ubuntu-au mailing list ubuntu-au@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-au
