Yesterday, I installed Skype for Linux in Ubuntu. It was very easy. I just had to download a .deb package file and double-click it. I was prompted my password (my account is in sudoers file) and voilà. Some people might say this is okay, but I think this is WRONG!
If I were asked for my favorite Linux feature, it would be, of course, repositories. Repositories conform a trust relationship. When you install Ubuntu, you deposit your faith in Canonical repositories. The offer a catalog of available applications and you install whatever you like. Being Open Source let them assure you, they are not installing malware in your PC.
However, GNU/Linux is based in «user’s freedom». So you, as a user, can install anything you find useful or proper. There are a some ways to install software under Linux; one of the is .deb software packages (in debian-based distros). Installing a .deb downloaded from the Internet is as easy as 123. That is what makes me so scared.
These days, you can find one of the netbooks with Linux pre-installed. Although Linux market share is still irrelevant compared with Windows, Linux is growing in the desktop. Could you imagine what is going to happen once lots of Windows average-Joe-like users move into Linux? They probably will try to download and install the software they know: Adobe Reader, Skype, … all of that closed source and they will download it from wherever place on the Internet. Average Joe doesn’t care about software freedom or security: they install whatever the find out there.
So what can we do? Nothing. Nothing is going to stop them from turning their computers into spam-bots. Once Linux becomes mainstream, there will exists every kind of malware ready to install and it will be installed. Ubuntu’s biggest threat is users!
—
Did you like this post? Click here to subscribe our RSS feed.
Rafa Vargas 
Unfortunately, that’s not something Ubuntu can help. It has very extensive repositories, but it’d be possible to package every single conceivable application in trusted repositories.
The solution can only be educating users about deciding what non-repository software is trustworthy or not.
And, of course, having them look first in the repositories for software before trolling the net for third-party stuff.
Unfortunately, I agree with someone I remember reading from the Internet, something like «You should never depend on training and education of the user, because the user will do whatever they darn well please, will not read documentation, and avoid any training that prevents them from doing what they want.»
> Ubuntu’s biggest threat is users!
How about we do not let users start using Ubuntu?
Oh man… As you know yourself, Rafa, worst unexpected error can happen by module which is located between chair and keyboard. You can’t change it, you can’t influence it. Just look at windows and all malware that is preading there. Application exploits are high, but it is higher issue using social engineering on users. Some of them can’t learn, because they are overstrained by computer usage, other just simply don’t want to learn further because they think they know how to use computer.
And saying users are our problem, is equal to RIAA/MPAA that every user is a pirate and they have to be controlled.
For your info. I use windows at home and i do visit «non standard» websites, but still i never managed to get infected/zombied :) It is question how users work with a tool called computer.
Alecs
Mediabuntu repo has Skype.
The app examples you’ve given are available in the medibuntu repositories. The solution is to go down the Mozilla route and promote trusted external repositories as addons – currently it is left to the user’s googling abilities to discover whether the apps they want are provided from a repository, and you make it sound like you failed that test yourself.
Siu, is correct. Just in the debian based distros there are some 30k+ program suites. A treasure trove of resource. The YUM based ones are the same. Been using Debian or Ubuntu for 6 years and it is rare that I need to ‘head for the wilds’ to find a program.
Second observation that is for the average Joe User, the mainline distros probably already have what they want — installed. Most users want 3 things — email, web browser and office suite. Well most of the distros provide Thunderbird, Firefox, and Open Office. Adobe Reader even has FOSS based replacements in the repository.
I hazard therefore that the average user is safer. Having little need to go on the wild side they load up the distribution, set up the accounts and keep the system updated. Malware never passes the lips of the machine as it was all serviced by the provider.
Like you, I prefer to use only repositories for installing software on Ubuntu. Skype is in the popular and reliable Medibuntu repo (medibuntu.org). It’s also packaged and hosted in a repo by Skype itself: http://download.skype.com/linux/repos/debian (for Debian and Ubuntu).
Well, of course you can’t count on user education, but you can try your best to make it happen.
If people want to do stupid things with their computers, you can’t prevent them from doing stupid things.
I wonder why you have singled out Ubuntu. Clicking on a DEB in any Debian distro can do the same thing. It will launch a programme associated with DEB, Gdebi or Kpackage whatever. I don’t use RPM distros, but suspect that the same thing will happen which you open an RPM.
However, there is nothing to stop anyone from using the command line to do the same thing, which means your whole argument comes down to picking on the GUI which is dumb, IMO.
What do you propose? Should we prevent people from downloading DEBs or people from posting them to the Net? Both are absurd.
This «problem» is not as scary as someone who is trying to make something out of nothing and singling out Ubuntu in your title. You cannot protect people from their own stupidity. To try to do so is a waste of time as stupidity knows no bounds.
@linuxcanuck I propose that installing something downloaded outside of the repositories should not be so straightforward.