Re: Viruses

[jasta <jasta gotlinux org>]

Well, you make a good point about RPMs and such, however, what do you think
someone who wants to do harm is most likely to do, use a system that no average
idiot can use because it is too tough for them, or attack the average idiot
using the least secure OS for such things?  I think it's obvious that Windows
is easier to create viruses for, and has a much wider public who will be
infected (as of now anyway).  It just doesn't seem like it's going to happen.

PS, this is gnome-list@gnome.org, think about that next time...

On Tue, 06 Jul 1999, Alan Shutko wrote:
> 
> If anyone is stupid, it's you.  But maybe you just didn't reaa the
> post very well.  Here's the gist.
> 
> * Package installations nearly always have to be done as root.
> 
> * RPMs (and I think other packaging systems) can run scripts during
>   the installation.
> 
> * People rarely (if ever) look at the pre and post-install scripts of
>   RPMs.
> 
> * Malicious people could use those scripts to infect or attack a
>   system, since they're done automatically and usually, as root.
> 
> This is a very good point, and you really should have read it before
> giving a knee-jerk response.
> 
> Lauris, I am not sure either of your ideas would really help.  Signed
> packages won't do much good (since anyone could sign one).  It might
> make people a little bit more picky about who their packages came
> from, but then again, they might just see "this rpm is signed by
> random key, so it should be safe" and not worry about it.
> 
> -- 
> Alan Shutko <ats@acm.org> - Looking for a job in Long Island!
> Check http://rescomp.wustl.edu/~ats/ for a resume.
> I'll pretend to trust you if you'll pretend to trust me.
> 
> 
> -- 
>         FAQ: Frequently-Asked Questions at http://www.gnome.org/gnomefaq
>          To unsubscribe: mail gnome-list-request@gnome.org with 
>                        "unsubscribe" as the Subject.