Looks scary, right? Wrong. Because the solution is as simple as changing the default policy. Make it so that the default behavior is to notify only. On every system update the user should be told: "Go start the updater via the system menu. By the way, if you EVER see an "updater" you didn't start yourself, you are being pwned." Make sure that the system menu is strictly read-only, and even the dimmest user will be safe.
This will make it more difficult to trick the user, but not impossible. As long as the system menu is running with the user's privileges, it can be modified to launch a different program. And even if you find a way to prevent the user from messing with it - e.g., run it as a different user - the user won't be able to make any legitimate changes, either.
It's even easier for command-line tools: add a line to
Finally, here's a way to create an almost undetectable malware. Add the line "LD_PRELOAD=~/.malware.so" to
- Removes the LD_PRELOAD variable from the environment, so it's undetectable.
- Modifies "exec..." functions so they add LD_PRELOAD back (and also replace "su", "sudo", etc. with a different program).
- Modifies "open" and "read" functions so the line in
- Modifies "opendir" and "readdir" to make ~/.malware.so invisible to the user.
(This would work for any application - not just command-line ones.)
"NVIDIA 3D Vision technology is the perfect platform for showcasing just how cool the Cooliris application really is," says Ujesh Desai, vice president of GeForce GPU business at NVIDIA. "Their flexible and dynamic interface when combined with NVIDIA 3D Vision technology creates a powerful experience that enables the user to consume rich media in a new and stimulating way."
The primary problem is that eclipse is not being actively maintained upstream in Debian. It is in some ways rather hard to package which has to be actively maintained much like firefox, and nobody has stepped up to take it over. If nothing changes, I would not be surprised to see eclipse eventually dropped in Debian and by extension in Ubuntu.
And yet, people keep arguing that centralized repositories are the way to go, and there's no need for projects like autopackage. Do we expect Eclipse developers to maintain a Debian package for it? As well as packages for RedHat, Suse, and all the other distros while they're at it?
A Firefox extension can modify the browser in almost regard.
And not just the browser. You can write a binary add-on that will execute arbitrary code. It's no different from running a regular executable.
Firefox add-ons aren't any more secure than ActiveX on IE.
Funny, I thought that all Mozilla (Firefox/Thunderbird/Sunbird/etc) add-ons are already, in effect, open source.
You can write binary add-ons, too. You just need to use Mozilla's API, and put the shared library into the "components" directory of the XPI.
But then, of course, you have to deal with different OS'es, architectures, and so on.
Base 8 is just like base 10, if you are missing two fingers. -- Tom Lehrer