Interesting. According to the article, automated testing is in place to determine compatibility with Linux operating systems, but the software is not checked for suspicious code or anomalies.
This was found rather quickly, but it does leave some guesswork.
Be careful guys. Installing Linux isn’t enough anymore. As it gains popularity more and more attacks will be pushed through the Linux desktop.
It never was enough. This is also the reason I’ve never been a fan of things like the AUR. Arch relies so heavily on it but it’s essentially just a collection of random scripts that could do anything and their 'you should check the script’s warning aren’t enough no one checks them. Others have issues to but I pick on air because it feeds their community repo as well and your almost certain to rely on it at some point because of the lack of official pakcages.
True. Some people vehemently argue otherwise, though. There are a ton of communities where “just use Linux” is the cop out answer for securing a system. It used to be the same with OS X, until that big Adobe thing happened.
Yeah, also the case with more users too. Linux/Unix isn’t just geeks, tweaks, and mathematicians anymore. A certain level of trust in others making the software is going to afford those will ill intent to take advantage of it.
It was an interesting piece. The first thing that came recommended to me from OMG Ubuntu in a while. I had forgotten about them. I think they do a good job.
This is true.
At my work there’s this 50 something-year-old master technician who I talk with from time to time. Was upgrading his friends workstation to something more modern and with Windows 10 Enterprise. He asked me what I feel about it. And then he said he had heard of linux and I told him yeah its pretty great for the regular desktop experience. I said I run Solus, and he said he had heard of it. I then kinda went wide-eyed because now I’m thinking, “Holy shit even normies have head of it now”. What a time to be alive.
Ubuntu better handle this swiftly. However, I am curious as to what type of malware was it?
From what I can tell it seems it was never built with security checks in mind.
So essentially this should be on the feature checklist for the future.
But then again doing automated checks is not even remotely enough. Even basic malware can easily obfuscate code inside of innocent looking data while the open source code looks completely safe.
You would ultimately need extremely highly skilled humans to review all of the submitted packages.
Man, that’s awesome. Solus is the game changer for so many things 
Looks like a cryptominer made to look like a systemd process.
Very difficult to scale that method 