These pre-packaged apps remind me a lot of Windows apps that anyone can make and ruin the security of an OS:
https://www.bleepingcomputer.com/news/l ... nap-store/
Malware found in Ubuntu Store Snap app
- uncle mark
- Posts: 793
- Joined: Sat Nov 11, 2006 10:42 pm
Re: Malware found in Ubuntu Store Snap app
The good news:KBD wrote: ↑Sat May 12, 2018 9:59 pm These pre-packaged apps remind me a lot of Windows apps that anyone can make and ruin the security of an OS:
https://www.bleepingcomputer.com/news/l ... nap-store/
The open source nature of the code led to it's discovery.An attentive Ubuntu user has spotted today a cryptocurrency miner hidden in the source code of an Ubuntu snap package hosted on the official Ubuntu Snap Store.
The bad news is that the proliferation of fully packaged "Apps" and PPAs means this is going to be more common as time goes on.
Custom build Asus/AMD/nVidia circa 2011 -- MX 19.2 KDE
Acer Aspire 5250 -- MX 21 KDE
Toshiba Satellite C55 -- MX 18.3 Xfce
Assorted Junk -- assorted Linuxes
Acer Aspire 5250 -- MX 21 KDE
Toshiba Satellite C55 -- MX 18.3 Xfce
Assorted Junk -- assorted Linuxes
Re: Malware found in Ubuntu Store Snap app
I agree. Much more common unless someone is constantly policing it, and even Apple and MS and Google can't manage that with their stores having much greater resources than Ubuntu.uncle mark wrote: ↑Sat May 12, 2018 10:16 pm
The open source nature of the code led to it's discovery.
The bad news is that the proliferation of fully packaged "Apps" and PPAs means this is going to be more common as time goes on.
Re: Malware found in Ubuntu Store Snap app
More about this:
https://www.theregister.co.uk/2018/05/1 ... ning_apps/
Don't think I would trust snaps from Ubuntu after this :(
https://www.theregister.co.uk/2018/05/1 ... ning_apps/
Don't think I would trust snaps from Ubuntu after this :(
Re: Malware found in Ubuntu Store Snap app
a reddit discussion containing 450+ posts on the subject
https://old.reddit.com/r/linux/comments ... ntu_snaps/
https://old.reddit.com/r/linux/comments ... ntu_snaps/
Re: Malware found in Ubuntu Store Snap app
It is starting to sink in how stupid these snap packs are. If we want Linux to have an app store as "dependable and safe" as Google's app store this is the way to go. I hope wiser minds prevail. Shuttleworth really is a nitwit:
"With snappy Ubuntu, Owncloud can publish exactly what they want you to use as a snappy package, and can update that for you directly, in a safe transactional manner with full support for rolling back. I think upstream developers are going to love being in complete control of their app on snappy Ubuntu Core." --Shuttleworth
http://kmkeen.com/maintainers-matter/
Yes, and every bit as safe as a mobile app store with no serious oversight. I will stick with the apt package maintainers and official repositories thanks.
"With snappy Ubuntu, Owncloud can publish exactly what they want you to use as a snappy package, and can update that for you directly, in a safe transactional manner with full support for rolling back. I think upstream developers are going to love being in complete control of their app on snappy Ubuntu Core." --Shuttleworth
http://kmkeen.com/maintainers-matter/
Yes, and every bit as safe as a mobile app store with no serious oversight. I will stick with the apt package maintainers and official repositories thanks.
Re: Malware found in Ubuntu Store Snap app
I only venture into flatpaks and appimages where necessary, ie, the program I want cannot be backported to MX and the present version in Debian/MX (if any) just doesn't cut it for some reason. And it should be from the developers themselves.
So I have flatpak Lollypop and VLC3* in MX15/16, but in MX17 I use the ones in the MX repos because the packaging team were able to build them.
* yes, I know appimage might be available but I just wanted to test flatpak in MX15/16. I use appimage for the latest Krita.
So I have flatpak Lollypop and VLC3* in MX15/16, but in MX17 I use the ones in the MX repos because the packaging team were able to build them.
* yes, I know appimage might be available but I just wanted to test flatpak in MX15/16. I use appimage for the latest Krita.
Desktop: Intel i5-4460, 16GB RAM, Intel integrated graphics
Clevo N130WU-based Ultrabook: Intel i7-8550U (Kaby Lake R), 16GB RAM, Intel integrated graphics (UEFI)
ASUS X42D laptop: AMD Phenom II, 6GB RAM, Mobility Radeon HD 5400
Clevo N130WU-based Ultrabook: Intel i7-8550U (Kaby Lake R), 16GB RAM, Intel integrated graphics (UEFI)
ASUS X42D laptop: AMD Phenom II, 6GB RAM, Mobility Radeon HD 5400
Re: Malware found in Ubuntu Store Snap app
My POV, Snaps is one of the reasons I left Ubuntu and now running MX. I used Ubuntu mate for a few years and even systemd was ok for what I do. After reading up on snaps I at first thought it was a great idea but should be up to the end user to use, then seeing that Ubuntu mate had some snaps installed by default I started looking for another distro that sticks to what works until the next thing is ready. According to me snaps should be used with caution, although I like the sandbox idea. The noob user should not use snaps yet until everyone else use them. After I saw this on some news site I confirmed my theory. Many X mswin users use Ubuntu that don't take/need to take time to learn Linux but instead just use writer/spreadsheet programs, email, and a printer. These users unknowingly would have left this unseen for a long time.
MX 21.3 KDE
Intel i5 8400, 16GB ram, Nvidia GTX-1050.
Intel i5 8400, 16GB ram, Nvidia GTX-1050.
Re: Malware found in Ubuntu Store Snap app
Didn't know that about Ubuntu MATE and I used to use that one. I think Canonical would love to only use snaps as it would save them from having to package and maintain very much. And I'm sure it seemed a great idea at first, but in practice it is going to damage the image of Linux as secure, safe, and reliable. What really angered me is the Ubuntu blog/response played it down as no big deal that malware was placed in a snap package. I don't think Ubuntu has been really interested in anything but servers since they dropped the phone/convergence idea.mbooyzen wrote: ↑Thu May 17, 2018 4:12 am My POV, Snaps is one of the reasons I left Ubuntu and now running MX. I used Ubuntu mate for a few years and even systemd was ok for what I do. After reading up on snaps I at first thought it was a great idea but should be up to the end user to use, then seeing that Ubuntu mate had some snaps installed by default I started looking for another distro that sticks to what works until the next thing is ready. According to me snaps should be used with caution, although I like the sandbox idea. The noob user should not use snaps yet until everyone else use them. After I saw this on some news site I confirmed my theory. Many X mswin users use Ubuntu that don't take/need to take time to learn Linux but instead just use writer/spreadsheet programs, email, and a printer. These users unknowingly would have left this unseen for a long time.
Re: Malware found in Ubuntu Store Snap app
Do flatpacks auto-update like snaps? About the only package of this sort that I would trust would be from a highly trusted source like Firefox, but since it's in the system already I would need to. Debian is quite excellent for everything I need anymore packages wise.asqwerth wrote: ↑Thu May 17, 2018 1:27 am I only venture into flatpaks and appimages where necessary, ie, the program I want cannot be backported to MX and the present version in Debian/MX (if any) just doesn't cut it for some reason. And it should be from the developers themselves.
So I have flatpak Lollypop and VLC3* in MX15/16, but in MX17 I use the ones in the MX repos because the packaging team were able to build them.
* yes, I know appimage might be available but I just wanted to test flatpak in MX15/16. I use appimage for the latest Krita.