![]() ![]() One example of this type of issue would be Heartbleed from OpenSSL, or the much-more-recent Dirty CoW. While these things aren't technically considered "viruses" by definition, certain exploits hidden or never revealed in the code could allow a malicious attacker to place a virus on or pwn your system. Vulnerabilities do exist in open source, peer-reviewed, and maintained code. However, an attack of this caliber would require an extreme amount of effort and the ability to Man-In-The-Middle many sites, including GPG key distribution servers and the official repos. If a network is compromised higher up (by, say, your ISP), it is possible to get a virus from official software sources. A hacker would be hard-pressed to take down one of the official Ubuntu software sources, but third-party software sources (see above) may be compromised a lot easier. However, official software repositories are very carefully watched and security for these repositories is pretty tight. deb files to potentially carry malicious payloads. In theory, a software repository may be hacked by a malicious party, causing downloaded. However, it would take an intentional action of the machine's admin to add one of these infected sources, making it rather hard for one to add itself. These third-party APT sources are not necessarily trusted, and may carry viruses. One of the features of APT is the ability for admins to add Personal Package Archives (PPAs) or other software sources to the APT cache. However, it doesn't mean it isn't possible: Apt on a default Ubuntu system will be very unlikely to get viruses. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |