Re: Anti-malware for my personal Debian workstation?
On Sun, 12 Apr 2020 11:37:24 +0300
Andrei POPESCU <andreimpopescu@gmail.com> wrote:
> On Du, 12 apr 20, 09:17:18, tomas@tuxteam.de wrote:
> > On Sun, Apr 12, 2020 at 09:52:50AM +0300, Andrei POPESCU wrote:
> >
> > [...]
> >
> > > There are sufficient tutorials advising to download random scripts and
> > > run with root privileges.
> >
> > My fave still is
> >
> > curl https://random.site.net/script | sudo bash
> >
> > And there are still people out there who even advocate it [1].
> >
> > I think I was three when my mom taught me not to stuff random scripts
> > ...uh stuff I found on the street into my mouth.
>
> Excelent analogy :)
>
> > Cheers
> > [1] https://gist.github.com/btm/6700524
>
> Thanks for that, I haven't thought of the potential for unintended
> damage mentioned in the comments (e.g. due to incomplete download,
> overriding already installed software, etc.).
Interesting discussion. I've looked quickly at the other side [1],
however, and there seem to be serious people and arguments in that
direction as well. Are they so obviously wrong? [The objection Andrei
notes here is specifically countered by the "curl | bash" defenders,
although even I can see that the counter is not as strong as the
objection.]
[1]
https://sandstorm.io/news/2015-09-24-is-curl-bash-insecure-pgp-verified-install
https://news.ycombinator.com/item?id=12766049
Celejar
Reply to: