[linux-elitists] Comprehensive list of Linux malware

Karsten M. Self kmself@ix.netcom.com
Sat Nov 20 15:36:13 PST 2004


on Sat, Nov 20, 2004 at 11:05:26AM -0500, Etienne Goyer (etienne.goyer@videotron.ca) wrote:
> Mike MacCana wrote:
> >- Executable files not used to package software
> >Legitamite software is supplied as a package file that  only needs to
> >be read by an existing, trusted executable installation app (ie,
> >up2date, apt-get).
> 
> Considering package install script can do pretty much anything, and
> are usually runned as root, this is a purely academic advantage.  The
> trust associated with signed package is a plus, but not a panacea
> either.

But it's a cultural one too:  GNU/Linux user's aren't used to receiving
a *.EXE file and running it to "install" something.  This bias is so
strong for me that I sniff around the bloody things when I get them on
legacy MS Windows.  We get package files, and run a program on it.  In
legacy MS Windows, you get an executable which then finds and installs
the software.  GNU/Linux in general doesn't have a tradition of
self-extracting distribution mechanisms, with the notable exception of a
shar archive (though you'll need decompression support locally here
anyway).


Anecdote in the "GNU/Linux software is too hard to install" saga.  I
recently had to get audio software up and running on a set of WinXP
boxes.  My SOP is to copy install disks to a fileserver, and run the
install from there, while remotely accessing the desktops via rdesktop
or tightvnc.

  - One program had a "setup.exe" program, but couldn't find its autorun
    program.

  - One program had no "setup.exe", but there was a "welcome.exe".  It
    couldn't find its autorun program.

  - Further investigation showed both programs needed to be run with a 
    program CD installed, and were suitable for a single installation
    only (this at a non-profit who'd received the software through a
    grant program).

  - A third program had a "setup.exe", was suitable for multiple
    installs, *and* got itself onto the systems in a matter of a few
    seconds.  That program?  Audacity (a free software audio editor).

In the battle of free (as in beer) vs. free (as in speech) software
installations, the free speech solution won.  Purchase price wasn't an
issue, ease of install, maintenance, and use was.  I won't mention Sony
or SonicFoundry by name.

The upshot message:  legacy MS Windows installation procedures are a
pretty incompatible mess.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   What doesn't kill you makes you stranger.
   - Karsten M. Self, misreading as usual, San Marcos Pass Rd., 1988
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20041120/1211e4bc/attachment.pgp 


More information about the linux-elitists mailing list