how to avoid malware in ubuntu linux?

steam@programming.dev · 9 hours ago

how to avoid malware in ubuntu linux?

KssioAug@lemmy.dbzer0.com · edit-2 8 hours ago

Mostly avoid downloading and running packages from sources you don’t trust. And if you’re going to run something you don’t fully trust, try to run it sandboxed (like firejail or a vm, for example). Linux is generally safer than Windows because a lot of malware are created to exploit Windows weakness… also, if you use Flatpak (sepecially verified ones) or your distro package manager, you will hardly get infected.

ugo@feddit.it · 6 hours ago

Did ubuntu fix the issue where if a package with the same name exists in both the actual repository and in the snap store, it will silently install the one from the snap store?

I remember an attack where someone uploaded a package to the snap store with the same name as a different repo package, and people were downloading the “malicious” (it wasn’t actually malicious, just a proof of the attack vector) package instead.

If they haven’t fixed that yet, then yeah can’t trust the package manager either, on ubuntu specifically.

Goodeye8@piefed.social · 4 hours ago

Last time I checked (which was somewhere within the last 3 years) not only will the snap version get installed but if you force a non-snap version of the software and do an update it will replace the non-snap version with the snap version. It’s the kind of idiotic shit I’d expect from Microsoft.

KssioAug@lemmy.dbzer0.com · edit-2 5 hours ago

I don’t know if Ubuntu has fixed it, because trying to enforce their Snap store was intentional. But I can’t say for sure because there have been years that I don’t use it.

But yeah, for anyone using it, I’d recommend to just remove Snap entirely, since it’s totally unnecessary and goes against pretty much every Linux core concept.

Or just use something like Kubuntu or Linux Mint, that have Ubuntu under hood but are more community driven instead of relying on Canonical.