
Spotlight \| Reviews \| Current Issue \| Academy \| Newsletter \| Subscribe \| Shop \|

Online

News

Features

Blogs

RSS Feeds

White Papers

Conference Videos

Departments

Resources

Current Issue

Special Editions

Spotlight

Reviews

Event Calendar

Admin Magazine

Subscribe now and save!

ADMIN - Explore the new world of system administration! Special introductory offer! Order by September 30th to save 10% off the regular subscription price! Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better:

network security
system management
troubleshooting
performance tuning
virtualization
cloud computing

on Windows, Linux, Solaris, and popular varieties of Unix.

http://www.admin-magazine.com/

linux-magazine.com » Online » News » Amarok to Better Guard Against Potential Malware

Amarok to Better Guard Against Potential Malware

Dec 16, 2009

To program an effective virus for Linux is fairly difficult. It's much easier to provide malware disguised as an add-on, however. The Amarok project now wants to protect against that.

Linux users are pretty easy going when it comes to Internet dangers, which can lead to trouble, as was recently revealed in an incident of malware disguised as a screensaver. It's easy to lean back and say, "well, it's your own fault that you downloaded a binary package without first looking at the source code." But the more Linux users there are, the higher the rate that programs are downloaded and installed without much forethought. Security tests may be available, but require a lot of work in view of the magnitude of uploads.

One of the first developers to address this problem is Mark Kretschmann, who recommended a solution for the KDE music player that other projects could also adopt. Even Amarok is an easy target for these attacks. The attacker needs just to disguise one as a "cool" add-on, which Kretschmann claims, for example, could completely wipe out your home directory.

He suggests, therefore, immediately using a version control system (VCS) for all scripts and add-ons. This might increase the entry barrier for prospective Amarok developers, but the detour through a VCS provides a better protection against what Kretschmann calls "crapware" scripts, because all programmers will then know that their code is being reviewed. The scripts in version control can then be downloaded via the Get Hot New Stuff (GHNS) framework in KDE, where additional security measures can be applied. Even if an author manages to inflict malware into the code, the suspect checking it in can still be traced.

Apart from guarding against malware, a mandatory VCS has the further benefit of removing "abandonware" (such as code that was forked and is no longer maintained) or giving it to someone else to maintain.

(Marcel Hilzinger)

Comments

Related Articles
Akademy 2008: Amarok’s Projects for the Summer of Code
Amarok 2 Makes Fresh Start for KDE4
Lean and Mean Bug Killer: Amarok 2.0.1
Amarok 2.1 Test Phase Begins
Amarok to Palm: "Forget Apple, Come to Us!"
Amarok supports storage on external data storage units

FREE Live Streaming Video from ApacheCon US 2009

Watch our free Video Archive from Apachecon US 2009. Archive provided by The Apache Foundation, COLLABNET, and Linux Pro Magazine

Drawing internationally renowned thought-leaders, contributors, and organizations in the Open Source community, ApacheCon offers insight into the culture and community that develops and shepherds industry-leading Open Source projects, including Apache HTTP Server – the world's most popular Web server software for more than 10 years.

Find out more