Malware Found In The Ubuntu Snap Store

Here you can discuss every aspect of Debian. Note: not for support requests!

Re: Malware Found In The Ubuntu Snap Store

Postby Wheelerof4te » 2018-05-15 19:35

Canonical's official reaction:
https://blog.ubuntu.com/2018/05/15/trus ... snap-store
The first question worth asking, in this case, is whether the publisher was in fact doing anything wrong, considering that mining cryptocurrency is not illegal or unethical by itself.

LOL?
who informed us that the goal was to monetise software published under licenses that allow it, unaware of the social or technical consequences.

Yeah, next time someone will be unaware that his snap stole your passwords and other "technical" data.
App Stores for iOS, Android and Windows follow some standard patterns for quality and security control – automated checkpoints that packages must go through before they are accepted, and manual reviews by a human when specific issues are flagged. The Snap Store implements both of these patterns.

Now, this is atrocious...this is outright lying.
That's it, Debian forever. Screw everyone else. From this point on, Debian's model is the gold standard in Linux land.
User avatar
Wheelerof4te
 
Posts: 1134
Joined: 2015-08-30 20:14

Re: Malware Found In The Ubuntu Snap Store

Postby KBD47 » 2018-05-15 19:52

Just when I think Shuttleworth and Ubuntu can't do anything more foolish....
KBD47
 
Posts: 64
Joined: 2011-09-04 09:07

Re: Malware Found In The Ubuntu Snap Store

Postby hrsetrdr » 2018-05-16 03:27

fwiw a сryptocurrency miner requires the proprietary video drivers in order to run.

The "snap" store, strictly Ubuntu...?
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein).
User avatar
hrsetrdr
 
Posts: 174
Joined: 2007-03-17 15:14

Re: Malware Found In The Ubuntu Snap Store

Postby ticojohn » 2018-05-16 14:49

hrsetrdr wrote:fwiw a сryptocurrency miner requires the proprietary video drivers in order to run.

Why would that be true? As best I can tell the cryptocurrency miners run a javascript in the web page. Why would that require any proprietary video drivers?
I'm not irrational, I'm just quantum probabilistic.
User avatar
ticojohn
 
Posts: 801
Joined: 2009-08-29 18:10
Location: Costa Rica

Re: Malware Found In The Ubuntu Snap Store

Postby n_hologram » 2018-05-16 15:56

ticojohn wrote:
hrsetrdr wrote:fwiw a сryptocurrency miner requires the proprietary video drivers in order to run.

Why would that be true? As best I can tell the cryptocurrency miners run a javascript in the web page. Why would that require any proprietary video drivers?

"Require" might be inaccurate for all cases, but offloading cryptominers onto GPU is relatively trivial
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing

the crunkbong project: scripts, operating system, the list goes on...
n_hologram
 
Posts: 444
Joined: 2013-06-16 00:10

Re: Malware Found In The Ubuntu Snap Store

Postby ticojohn » 2018-05-16 18:22

n_hologram wrote:"Require" might be inaccurate for all cases, but offloading cryptominers onto GPU is relatively trivial

Granted that GPU's can be targets but I wouldn't think that it is because of proprietary video drivers. But then again I am but an egg.
I'm not irrational, I'm just quantum probabilistic.
User avatar
ticojohn
 
Posts: 801
Joined: 2009-08-29 18:10
Location: Costa Rica

Re: Malware Found In The Ubuntu Snap Store

Postby n_hologram » 2018-05-16 19:07

ticojohn wrote:Granted that GPU's can be targets but I wouldn't think that it is because of proprietary video drivers

To the original quote by hrsetdr, I can't confirm if what this user is saying is true or not, because they haven't shared links and I'm not really interested in looking it up. However, I know that some hardware requires proprietary drivers in order to work as expected (eg, nvidia vs nouveau). I imagine cryptocurrency miners work "as expected" with those proprietary drivers than without it. (Again, this is mere speculation.)

The other angle I would consider is the nature of closed-source in general. When I first started using Linux, the nvidia proprietary driver was condemned for its software flaws, many of which were exploited, documented, and shared with the company. The issue with closed-source is no one can verify the code. If there were a flaw with the nouveau driver, there's a much better chance of someone in the vast Linux community catching it and working to repair it. Intel just received a similar fault for their egregious microcode.
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing

the crunkbong project: scripts, operating system, the list goes on...
n_hologram
 
Posts: 444
Joined: 2013-06-16 00:10

Re: Malware Found In The Ubuntu Snap Store

Postby debiman » 2018-05-26 08:47

Wheelerof4te wrote:Canonical's official reaction:
https://blog.ubuntu.com/2018/05/15/trus ... snap-store
The first question worth asking, in this case, is whether the publisher was in fact doing anything wrong, considering that mining cryptocurrency is not illegal or unethical by itself.

LOL?
who informed us that the goal was to monetise software published under licenses that allow it, unaware of the social or technical consequences.

Yeah, next time someone will be unaware that his snap stole your passwords and other "technical" data.

:mrgreen:
"I didn't know that monetising my life by snatching purses from old ladies' handbags was unethical or, gasp, illegal! Really! Sorry!!!"
for F*s sake...
User avatar
debiman
 
Posts: 3064
Joined: 2013-03-12 07:18

Re: Malware Found In The Ubuntu Snap Store

Postby KBD47 » 2018-05-26 13:24

debiman wrote::mrgreen:
"I didn't know that monetising my life by snatching purses from old ladies' handbags was unethical or, gasp, illegal! Really! Sorry!!!"
for F*s sake...



I'm not sure which is more concerning, the cryptomining snap, or Canonical's lackadaisical response to it.
KBD47
 
Posts: 64
Joined: 2011-09-04 09:07

Re: Malware Found In The Ubuntu Snap Store

Postby pendrachken » 2018-06-20 04:04


wailing and gnashing of teeth about "like Windows"



It's not like Windows. At all. An exe / MSI either installs to a folder on a disk, has no internal file structure that isn't part of a zip ( you can actually unzip an exe / MSI installer and look at the contents with any unzip command ) or is an actual binary file - exe only, MSI is only an installer.


It's like MacOS and the Application.app bundles in OS/X. it's a direct rippoff as a matter of fact. Hell the closest thing in Windows is portable apps, and those are just a zipped folder with statically compiled binaries and / or specific libraries being compiled against. The closest thing I can even say about portable apps VS. appimage / flatpack / snaps is portable apps don't have to be installed on a system to run... since they are portable.
fortune -o
Your love life will be... interesting.
:twisted: How did it know?

The U.S. uses the metric system too, we have tenths, hundredths and thousandths of inches :-P
pendrachken
 
Posts: 1332
Joined: 2007-03-04 21:10
Location: U.S.A. - WI.

Previous

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 3 guests

fashionable