Originally posted by Krysto
View Post
Announcement
Collapse
No announcement yet.
Ubuntu Snap's Security Is Easily Circumvented Due To X11
Collapse
X
-
Even Google with all of their resources and Apple with all of theirs can't reliably keep malware out of their respective app stores. So as long as Canonical keeps trying to make Ubuntu Touch a real product, something like snap is an essential part of a strategy to limit the impact of malware in the Ubuntu Touch app-store-equivalent. It's not the only part of that security strategy, just a component.
While I'm at it, I think one of the probable use-cases for snaps hasn't been brought up yet: users who are slow to update their software. That's a serious problem, a real problem, and the sandboxing that snaps tries to do is an attempt to mitigate that risk. Say the user is running an older version of your photo-sharing application and persistently refuses the security update and the app gets owned. If you're lucky the sandbox stops the exploit that gave control of that un-patched application the ability to control other aspects of your device.
- Likes 1
Comment
-
Originally posted by Michael_S View PostI think one of the probable use-cases for snaps hasn't been brought up yet: users who are slow to update their software. That's a serious problem, a real problem, ....
I understand the PR point of view, but I think the main use-case for sandboxing is letting devs get away with NEW crap applications without endangering the user (too much), and, most importantly, making a closed-source-application-friendly package, which is crucial if they want Ubuntu to become exactly like windows. And they do.
Bulk of the opensource stuff will still get distributed with normal packages. Snap is awesome for crap like Steam or any other proprietary application that cannot be packaged the usual way nor adapted to use newer versions of the packages/library/toolkits as they evolve.Last edited by starshipeleven; 22 April 2016, 02:18 PM.
- Likes 1
Comment
-
Originally posted by starshipeleven View PostCome on, let's split "linux desktop" from "Android" just like we split "linux embedded". If the only thing the systems share is the kernel, while the whole fucking userspace is different, you can call them all the same, but it is a big fat stretch and you will get called out for that.
Comment
-
Originally posted by Passso View PostMy point (and generally admitted) was : "linux desktop has few malware mainly because of lack of market share"
Originally posted by Passso View Post"android has checkbox, allowing installation from anywhere" -> yes but the average user only go on Google store and as I wrote the API does not allow that much harmful things (unless your phone is rooted)
Comment
-
-
Originally posted by pal666 View Postwhat are you trying to say ? androd is windows? android is just linux distro with unusual set of packages out of thew box
So yeah, you can say it is technically linux as it is using linux kernel, but you cannot treat them as if they were the same just because they have the same kernel (like you did).
Hell, a router or a NAS has more in common with linux desktop than the average smartphone.Last edited by starshipeleven; 22 April 2016, 04:32 PM.
- Likes 1
Comment
-
Originally posted by Mike Frett View Post
They have Ransomware on Linux now?
A backup which is mounted can be killed by a bad script that reduces to rm -R * like a bad Steam script once did. One that is just physically attached can be killed by a short in the PSU or a power surge if AC power is in use. I've had both kinds of trouble: wrong custom wiring to a PSU that ate a 2TB drive, and a wrong-device secure erase while preparing a drive for another use that killed the whole fs on another 2TB drive. Back up your or lose them!
One more thing: anyone paying ransom to a ransomware scam is part of the problem and deserves to lose their data for good to defectively programmed ransomware, as has happened before. If I got hit, I would wipe every device that had been mounted, restoring only from backups predating the attack. I never allow all backups to be mounted at once, and anything too new to have reached backups from the flash drive would just have to be thrown away. Thus, if it really counts, I make the file, put a copy on the flash drive, then back up to yet another device and immediately remove it before ransomware or a power surge can come in.
Comment
Comment