[TriLUG] spyware
Andrew Perrin
clists at perrin.socsci.unc.edu
Fri Apr 16 16:44:04 EDT 2004
I think the principle is essentially that of the panopticon (perhaps in
reverse): the possibility that an observer could discover untoward
behavior without first being observed creates a disincentive for engaging
in the untoward behavior in the first place. So I trust the package
maintainer because s/he knows that someone else could discover malicious
behavior with little cost and no prior observation.
ap
----------------------------------------------------------------------
Andrew J Perrin - http://www.unc.edu/~aperrin
Assistant Professor of Sociology, U of North Carolina, Chapel Hill
clists at perrin.socsci.unc.edu * andrew_perrin (at) unc.edu
On Fri, 16 Apr 2004, Mike M wrote:
> I just read an article about spyware. I googled "linux spyware" and
> that people think Linux is immune. That got me to thinking about the
> chain of trust I subscribe to in using Debian. For example, I use
> mutt. What if the upstream developer installed spyware? Do I
> trust the Debian package maintainer to review the code and alert the
> community to the problem? I can't spend my time reading source for
> every package I use.
>
> THe only solution I can think of is to use a live-cd like Knoppix to
> do critical and sensitive tasks like financial transactions.
>
> Anybody else thought about this?
> --
> Mike
>
> Moving forward in pushing back the envelope of the corporate paradigm.
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
>
More information about the TriLUG
mailing list