Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Malware Found In The Ubuntu Snap Store

Here you can discuss every aspect of Debian. Note: not for support requests!
Message
Author
User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: Malware Found In The Ubuntu Snap Store

#21 Post by bw123 »

HuangLao wrote:
None1975 wrote:Snap packets and Ubuntu are not needed.
I disagree, with Ubuntu not being needed, it serves a purpose and fills a role...I do agree that Snap packages are not needed and I would include Flatpack and appimages as well.
yeah, well even a stray cat fills a role, are they really needed? I don't know... The one good thing about the snap idea is at least it runs in a semi-contained way in the user's home. I don't see why they would all have access to an active internet connection though?

Maybe if they set up some tighter controls, like a form when installed that says "this app accesses this, because of this, Allow (Y/N)?"

They really want to open up things on linux quite a bit I believe, because this will allow money to flow to developers. I'm not totally against it, but it's just not my thing.
resigned by AI ChatGPT

User avatar
HuangLao
Posts: 485
Joined: 2015-01-27 01:31
Been thanked: 1 time

Re: Malware Found In The Ubuntu Snap Store

#22 Post by HuangLao »

I think that's to assist the auto update of snaps. Another Windows feature.
Money pouring into Linux? That's been happening for 20+ years, especially the last 10-15 years. But, I agree most of these ideas that I consider unnecessary, are necessary for some corporate client somewhere...systemd as an example.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Malware Found In The Ubuntu Snap Store

#23 Post by Head_on_a_Stick »

The bitcoin miner only runs when the snap is running, it is inactive otherwise.

I'll just leave this here:

http://kmkeen.com/maintainers-matter/

Snaps, Flatpaks & Appimages are great for convenience but they take away control (and oversight).
deadbang

steve_v
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 1395
Joined: 2012-10-06 05:31
Location: /dev/chair
Has thanked: 78 times
Been thanked: 173 times

Re: Malware Found In The Ubuntu Snap Store

#24 Post by steve_v »

This ^. This is what makes the GNU/Linux ecosystem what it is, and it's pretty much the reason we have "distros" at all.

All the app stores I have ever used suck, because no maintainers and far too much junk.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

User avatar
Lysander
Posts: 643
Joined: 2017-02-23 10:07
Location: London
Been thanked: 1 time

Re: Malware Found In The Ubuntu Snap Store

#25 Post by Lysander »

Head_on_a_Stick wrote:
Snaps, Flatpaks & Appimages are great for convenience but they take away control (and oversight).
This is the core of it. The problem with things like a Snap package - like a Windows .exe file - is that a] it makes the user unaware of which other dependencies are being installed and updated and b] more importantly, it teaches them not to care in the interests of usability and a system that 'just works'. If *nix is about anything, it's about user control, system knowledge, and for each program to do one thing and to do it well - and those things aren't going to happen if people are installing packages with no idea of their contents or not even caring. It's the start of the system controlling the user, which is one of the very things that Linux tries so hard to get away from.
bw123 wrote:yeah, well even a stray cat fills a role, are they really needed? I don't know...
It's about the usefulness and effectiveness of that role. Ubuntu has got a lot of people into Linux, which is a great thing.

User avatar
None1975
df -h | participant
df -h | participant
Posts: 1387
Joined: 2015-11-29 18:23
Location: Russia, Kaliningrad
Has thanked: 45 times
Been thanked: 64 times

Re: Malware Found In The Ubuntu Snap Store

#26 Post by None1975 »

Lysander wrote:Can you qualify "not needed"?
Yes, of course. Why do I need a system that, after some "upgrades", is breaking everything? What needs a system that turns a computer into bricks (case with Ubuntu 17.10), which is a system that does not have a clear perspective? Who needs a system with an unclear security policy (case where the snap was included and many more unknown cases we are expecting to come into the daylight). I can continue and continue ...
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github

Bulkley
Posts: 6382
Joined: 2006-02-11 18:35
Has thanked: 2 times
Been thanked: 39 times

Re: Malware Found In The Ubuntu Snap Store

#27 Post by Bulkley »

What drew me to Debian, what keeps me with Debian is Apt. Not only is package management relatively easy, I know that when I install a package from the Debian repositories that said package will be clean. That's simply not true when taking software packages from random suppliers on the Internet.

n_hologram
Posts: 459
Joined: 2013-06-16 00:10

Re: Malware Found In The Ubuntu Snap Store

#28 Post by n_hologram »

Bulkley wrote:What drew me to Debian, what keeps me with Debian is Apt. Not only is package management relatively easy, I know that when I install a package from the Debian repositories that said package will be clean. That's simply not true when taking software packages from random suppliers on the Internet.
"B-but muh convenience"
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
the crunkbong project: scripts, operating system, the list goes on...

Wheelerof4te
Posts: 1454
Joined: 2015-08-30 20:14

Re: Malware Found In The Ubuntu Snap Store

#29 Post by Wheelerof4te »

Bulkley wrote:What drew me to Debian, what keeps me with Debian is Apt.
This.
Lysander wrote: If *nix is about anything, it's about user control, system knowledge, and for each program to do one thing and to do it well
And this.
It is fundamentally important for a Linux distribution to provide it's users with trusted software. That is what made Linux unique and different from the rest. Package management and good, clean repositories are the core of every distro. Now, both Canonical and Red Hat are trying to provide low key actors the opportunity to squeeze in their software into Linux ecosystem.

Canonical tried this before with PPAs, but those had two critical flaws:
a) eventually incompatible libs will break newer versions of software.
b) they weren't distro-agnostic.
You don't have to be an expert to understand what snaps and Flatpaks imply. Users get easy way to install previously unavailable software at the cost of not knowing (and not caring) about what exactly they get. Sources anyone? You really think they will let us see the sources after these new package managers become the norm? I don't think so.

"But, Wheeler, aren't you pro-flatpak?" Yes, I am, for now. I still think Flatpak has more chance of ethically distributing software than snaps. Reasons being that it's more transparent, has a cleaner repo, has multiple repos, sources are not hidden on some random page, etc.

KBD47
Posts: 87
Joined: 2011-09-04 09:07

Re: Malware Found In The Ubuntu Snap Store

#30 Post by KBD47 »

bw123 wrote:If you want linux to work like windows, it will work like windows.
This. If I wanted to use Windows I would use it. Keep Linux free of this junk.

Edit: regarding Ubuntu: when Ubuntu allows garbage like this onto new Linux users computers it ruins any argument for using Ubuntu. And hurts Linux altogether.

Wheelerof4te
Posts: 1454
Joined: 2015-08-30 20:14

Re: Malware Found In The Ubuntu Snap Store

#31 Post by Wheelerof4te »

Canonical's official reaction:
https://blog.ubuntu.com/2018/05/15/trus ... snap-store
The first question worth asking, in this case, is whether the publisher was in fact doing anything wrong, considering that mining cryptocurrency is not illegal or unethical by itself.
LOL?
who informed us that the goal was to monetise software published under licenses that allow it, unaware of the social or technical consequences.
Yeah, next time someone will be unaware that his snap stole your passwords and other "technical" data.
App Stores for iOS, Android and Windows follow some standard patterns for quality and security control – automated checkpoints that packages must go through before they are accepted, and manual reviews by a human when specific issues are flagged. The Snap Store implements both of these patterns.
Now, this is atrocious...this is outright lying.
That's it, Debian forever. Screw everyone else. From this point on, Debian's model is the gold standard in Linux land.

KBD47
Posts: 87
Joined: 2011-09-04 09:07

Re: Malware Found In The Ubuntu Snap Store

#32 Post by KBD47 »

Just when I think Shuttleworth and Ubuntu can't do anything more foolish....

User avatar
hrsetrdr
Posts: 181
Joined: 2007-03-17 15:14
Has thanked: 1 time

Re: Malware Found In The Ubuntu Snap Store

#33 Post by hrsetrdr »

fwiw a сryptocurrency miner requires the proprietary video drivers in order to run.

The "snap" store, strictly Ubuntu...?
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein).

User avatar
ticojohn
Posts: 1284
Joined: 2009-08-29 18:10
Location: Costa Rica
Has thanked: 21 times
Been thanked: 44 times

Re: Malware Found In The Ubuntu Snap Store

#34 Post by ticojohn »

hrsetrdr wrote:fwiw a сryptocurrency miner requires the proprietary video drivers in order to run.
Why would that be true? As best I can tell the cryptocurrency miners run a javascript in the web page. Why would that require any proprietary video drivers?
I am not irrational, I'm just quantum probabilistic.

n_hologram
Posts: 459
Joined: 2013-06-16 00:10

Re: Malware Found In The Ubuntu Snap Store

#35 Post by n_hologram »

ticojohn wrote:
hrsetrdr wrote:fwiw a сryptocurrency miner requires the proprietary video drivers in order to run.
Why would that be true? As best I can tell the cryptocurrency miners run a javascript in the web page. Why would that require any proprietary video drivers?
"Require" might be inaccurate for all cases, but offloading cryptominers onto GPU is relatively trivial
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
the crunkbong project: scripts, operating system, the list goes on...

User avatar
ticojohn
Posts: 1284
Joined: 2009-08-29 18:10
Location: Costa Rica
Has thanked: 21 times
Been thanked: 44 times

Re: Malware Found In The Ubuntu Snap Store

#36 Post by ticojohn »

n_hologram wrote: "Require" might be inaccurate for all cases, but offloading cryptominers onto GPU is relatively trivial
Granted that GPU's can be targets but I wouldn't think that it is because of proprietary video drivers. But then again I am but an egg.
I am not irrational, I'm just quantum probabilistic.

n_hologram
Posts: 459
Joined: 2013-06-16 00:10

Re: Malware Found In The Ubuntu Snap Store

#37 Post by n_hologram »

ticojohn wrote:Granted that GPU's can be targets but I wouldn't think that it is because of proprietary video drivers
To the original quote by hrsetdr, I can't confirm if what this user is saying is true or not, because they haven't shared links and I'm not really interested in looking it up. However, I know that some hardware requires proprietary drivers in order to work as expected (eg, nvidia vs nouveau). I imagine cryptocurrency miners work "as expected" with those proprietary drivers than without it. (Again, this is mere speculation.)

The other angle I would consider is the nature of closed-source in general. When I first started using Linux, the nvidia proprietary driver was condemned for its software flaws, many of which were exploited, documented, and shared with the company. The issue with closed-source is no one can verify the code. If there were a flaw with the nouveau driver, there's a much better chance of someone in the vast Linux community catching it and working to repair it. Intel just received a similar fault for their egregious microcode.
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
the crunkbong project: scripts, operating system, the list goes on...

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: Malware Found In The Ubuntu Snap Store

#38 Post by debiman »

Wheelerof4te wrote:Canonical's official reaction:
https://blog.ubuntu.com/2018/05/15/trus ... snap-store
The first question worth asking, in this case, is whether the publisher was in fact doing anything wrong, considering that mining cryptocurrency is not illegal or unethical by itself.
LOL?
who informed us that the goal was to monetise software published under licenses that allow it, unaware of the social or technical consequences.
Yeah, next time someone will be unaware that his snap stole your passwords and other "technical" data.
:mrgreen:
"I didn't know that monetising my life by snatching purses from old ladies' handbags was unethical or, gasp, illegal! Really! Sorry!!!"
for F*s sake...

KBD47
Posts: 87
Joined: 2011-09-04 09:07

Re: Malware Found In The Ubuntu Snap Store

#39 Post by KBD47 »

debiman wrote: :mrgreen:
"I didn't know that monetising my life by snatching purses from old ladies' handbags was unethical or, gasp, illegal! Really! Sorry!!!"
for F*s sake...

I'm not sure which is more concerning, the cryptomining snap, or Canonical's lackadaisical response to it.

pendrachken
Posts: 1394
Joined: 2007-03-04 21:10
Location: U.S.A. - WI.

Re: Malware Found In The Ubuntu Snap Store

#40 Post by pendrachken »


wailing and gnashing of teeth about "like Windows"



It's not like Windows. At all. An exe / MSI either installs to a folder on a disk, has no internal file structure that isn't part of a zip ( you can actually unzip an exe / MSI installer and look at the contents with any unzip command ) or is an actual binary file - exe only, MSI is only an installer.


It's like MacOS and the Application.app bundles in OS/X. it's a direct rippoff as a matter of fact. Hell the closest thing in Windows is portable apps, and those are just a zipped folder with statically compiled binaries and / or specific libraries being compiled against. The closest thing I can even say about portable apps VS. appimage / flatpack / snaps is portable apps don't have to be installed on a system to run... since they are portable.
fortune -o
Your love life will be... interesting.
:twisted: How did it know?

The U.S. uses the metric system too, we have tenths, hundredths and thousandths of inches :-P

Post Reply