Malware found in Ubuntu Store Snap app

Message
Author
User avatar
Redacted
Posts: 294
Joined: Sat Apr 29, 2017 6:53 am

Re: Malware found in Ubuntu Store Snap app

#11 Post by Redacted »

KBD wrote: Thu May 17, 2018 2:13 pm
Do flatpacks auto-update like snaps?
Yes, they do. Although I had read that they can be stopped in autostart settings
(at least when using Mint Cinnamon).

User avatar
KBD
Posts: 959
Joined: Sun Jul 03, 2011 7:52 pm

Re: Malware found in Ubuntu Store Snap app

#12 Post by KBD »

Redacted wrote: Thu May 17, 2018 2:54 pm Yes, they do. Although I had read that they can be stopped in autostart settings
(at least when using Mint Cinnamon).
Thanks for letting me know. I would not touch flatpacks or snaps unless my computer would not run without them :(

Don't like the sound of this at all for Ubuntu snap packages:
"Snap packages are automatically updated. And installed Snap packages normally checks for updates four times a day and then installs it automatically."
https://itsfoss.com/use-snap-packages-ubuntu-16-04/
What could go wrong? :frown:
Last edited by KBD on Thu May 17, 2018 3:08 pm, edited 1 time in total.

User avatar
Adrian
Developer
Posts: 8250
Joined: Wed Jul 12, 2006 1:42 am

Re: Malware found in Ubuntu Store Snap app

#13 Post by Adrian »

I don't think it's a snap technology issue, it's a issue of vetting, same thing could have happened if they allowed unvetted .debs uploaded to the repo.

User avatar
KBD
Posts: 959
Joined: Sun Jul 03, 2011 7:52 pm

Re: Malware found in Ubuntu Store Snap app

#14 Post by KBD »

Adrian wrote: Thu May 17, 2018 3:03 pm I don't think it's a snap technology issue, it's a issue of vetting, same thing could have happened if they allowed unvetted .debs uploaded to the repo.
Agreed. Problem is these packages are not getting vetted. Indeed, I think that's the idea, leaving it up to others outside of officials repository packagers.
This article does a good job explaining why official repository packagers are so important:
http://kmkeen.com/maintainers-matter/
The technology sounds OK until you see what the results are. I don't think the recent malware in Ubuntu snap will be the end of it.

mbooyzen
Posts: 24
Joined: Thu May 10, 2018 12:34 am

Re: Malware found in Ubuntu Store Snap app

#15 Post by mbooyzen »

True their are probably dogee debs (and rpms) out there but for them getting into the repos would work them out quickly. As far as I know snaps gets an update and reaches the end user whithin a few hours, so by the time anyone realizes it contains malware it has 100's if not thousands infected. I'm all for combining Deb's and rpms into a single installer and even the sandbox idea that would make dependences alot easier, but updating in this way will never work.
MX 21.3 KDE
Intel i5 8400, 16GB ram, Nvidia GTX-1050.

mbooyzen
Posts: 24
Joined: Thu May 10, 2018 12:34 am

Re: Malware found in Ubuntu Store Snap app

#16 Post by mbooyzen »

KBD wrote: Thu May 17, 2018 1:51 pm Didn't know that about Ubuntu MATE and I used to use that one. I think Canonical would love to only use snaps as it would save them from having to package and maintain very much. And I'm sure it seemed a great idea at first, but in practice it is going to damage the image of Linux as secure, safe, and reliable. What really angered me is the Ubuntu blog/response played it down as no big deal that malware was placed in a snap package. I don't think Ubuntu has been really interested in anything but servers since they dropped the phone/convergence idea.
Here was the fight about snaps on mate forum
https://ubuntu-mate.community/t/using-s ... mate/16485
Alot of other changes from Ubuntu's side that's faught from the community that goes by.
From Linux community this will reflect bad on canonical but yes, it will reflect badly to the whole project.
For me I'm glad to have moved to MX when I did.
MX 21.3 KDE
Intel i5 8400, 16GB ram, Nvidia GTX-1050.

User avatar
KBD
Posts: 959
Joined: Sun Jul 03, 2011 7:52 pm

Re: Malware found in Ubuntu Store Snap app

#17 Post by KBD »

mbooyzen wrote: Thu May 17, 2018 3:57 pm Here was the fight about snaps on mate forum
https://ubuntu-mate.community/t/using-s ... mate/16485
Alot of other changes from Ubuntu's side that's faught from the community that goes by.
From Linux community this will reflect bad on canonical but yes, it will reflect badly to the whole project.
For me I'm glad to have moved to MX when I did.
Putting aside the security concern, which is big, I don't like anything on my Linux computers automatically updating. I like to run updates when I'm ready and have control over my system. It looks like Ubuntu wants to be like Windows. And my experience with Windows tells me auto-updates are a bad idea. And installing software outside of a maintained repository is asking for trouble. I have a feeling these snap packages are going to shoved onto Linux users like them or not. I hope Debian can stay free of all that.

User avatar
asqwerth
Developer
Posts: 7213
Joined: Sun May 27, 2007 5:37 am

Re: Malware found in Ubuntu Store Snap app

#18 Post by asqwerth »

No auto update. You have to run a command in terminal (since we don't have a gui package installer integrated with flatpak) to update if you choose to.
Desktop: Intel i5-4460, 16GB RAM, Intel integrated graphics
Clevo N130WU-based Ultrabook: Intel i7-8550U (Kaby Lake R), 16GB RAM, Intel integrated graphics (UEFI)
ASUS X42D laptop: AMD Phenom II, 6GB RAM, Mobility Radeon HD 5400

User avatar
Redacted
Posts: 294
Joined: Sat Apr 29, 2017 6:53 am

Re: Malware found in Ubuntu Store Snap app

#19 Post by Redacted »

asqwerth wrote: Thu May 17, 2018 9:18 pm No auto update. You have to run a command in terminal (since we don't have a gui package installer integrated with flatpak) to update if you choose to.
Well that sounds like a sensible approach.
I don't like the thought of things updating "behind my back".

User avatar
KBD
Posts: 959
Joined: Sun Jul 03, 2011 7:52 pm

Re: Malware found in Ubuntu Store Snap app

#20 Post by KBD »

asqwerth wrote: Thu May 17, 2018 9:18 pm No auto update. You have to run a command in terminal (since we don't have a gui package installer integrated with flatpak) to update if you choose to.
Thanks for the clarification.

Post Reply

Return to “General”