[TriLUG] spyware

[Mike Parkhurst]

Most of the spyware people are talking about is installed inadvertently 
by the [Windoze] user.  It comes from malicious web sites [M$ Internet 
explorer], malicious e-mail [Outlook & Outlook Express] and the 
backdoors from virii [Windoze, again] that don't always get fully 
cleaned.  I'm finding tons of it on the PCs at work.

It is possible that something slipped into Debian at the distribution 
level, but someone would have found it by now, using Ethereal, firewall 
logs, etc.

Mike

Mike M wrote:

>I just read an article about spyware.  I googled "linux spyware" and
>that people think Linux is immune.  That got me to thinking about the
>chain of trust I subscribe to in using Debian.  For example, I use
>mutt.  What if the upstream developer installed spyware?  Do I 
>trust the Debian package maintainer to review the code and alert the
>community to the problem?  I can't spend my time reading source for
>every package I use.
>
>THe only solution I can think of is to use a live-cd like Knoppix to
>do critical and sensitive tasks like financial transactions.
>
>Anybody else thought about this?
>  
>