[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Anti-malware for my personal Debian workstation?

On Sun, 12 Apr 2020 11:37:24 +0300
Andrei POPESCU <andreimpopescu@gmail.com> wrote:

> On Du, 12 apr 20, 09:17:18, tomas@tuxteam.de wrote:
> > On Sun, Apr 12, 2020 at 09:52:50AM +0300, Andrei POPESCU wrote:
> > 
> > [...]
> > 
> > > There are sufficient tutorials advising to download random scripts and 
> > > run with root privileges.
> > 
> > My fave still is
> > 
> >   curl https://random.site.net/script | sudo bash
> > 
> > And there are still people out there who even advocate it [1].
> > 
> > I think I was three when my mom taught me not to stuff random scripts
> > ...uh stuff I found on the street into my mouth.
> 
> Excelent analogy :)
>  
> > Cheers
> > [1] https://gist.github.com/btm/6700524
> 
> Thanks for that, I haven't thought of the potential for unintended 
> damage mentioned in the comments (e.g. due to incomplete download, 
> overriding already installed software, etc.).

Interesting discussion. I've looked quickly at the other side [1],
however, and there seem to be serious people and arguments in that
direction as well. Are they so obviously wrong? [The objection Andrei
notes here is specifically countered by the "curl | bash" defenders,
although even I can see that the counter is not as strong as the
objection.]

[1]
https://sandstorm.io/news/2015-09-24-is-curl-bash-insecure-pgp-verified-install
https://news.ycombinator.com/item?id=12766049

Celejar
Reply to: