this post was submitted on 25 Apr 2025
36 points (84.6% liked)

Linux

10041 readers
41 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
[email protected]
36
With FOSS, what is to stop scammers from hiding malware or worse in their programs? (lemmy.world)
submitted 3 days ago by [email protected] to c/[email protected]
24 comments fedilink hide all child comments
 

Something I've wondered. One of those "too good to be true, it probably is" type things. With all the FOSS especially for linux, installing package after package because a web search said it would fix your problem, how is it Linux isn't full of malware and such?

Id like to understand better so I can explain to others who are afraid of FOSS for those reasons. My best response is that since it's open source, people can see what it's doing and would right away notice something malicious. I wouldn't, since I'm not that into code, but others would.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 62 points 2 days ago

They do try, but many vigilant members of the FOSS community do their best to find out what's being done and prevent it.

You can read this summary of the attempt to inject a malware payload into a widely used compression tool that is used when remotely accessing servers: https://www.theverge.com/2024/4/2/24119342/xz-utils-linux-backdoor-attempt

It was a close call with potentially dramatic consequences, where a bad actor took 2 years to progressively gain reputation and rights to a key FOSS project, and one performance obsessed engineer to find out what they did and undo everything.

The big difference between FOSS and closed source software is that FOSS gives the possibility to audit the code, whereas binary analysis / retro engineering is much harder.