I'm a complete newbie to Linux and still a bit hesitant to use it for sensitive tasks like online banking. I've got a couple of major concerns regarding using the terminal to install applications. First off, how can I be sure that when I type commands like 'sudo apt install steam', I'm actually installing the legitimate Steam application? Is there a chance someone could change the name or that I could accidentally type something wrong and end up installing malware instead?
Secondly, when updating software, I worry about dependencies. What if a developer of one of the dependencies gets hacked or decides to add malicious code in their package? How does that work with the software I install?
3 Answers
Honestly, I've been using Linux for ages, and I've never encountered malware through standard package installs. If you're sticking to official repositories, you should be in a good place.
But do remember, things can get tricky if you start adding custom repos. They could overwrite important system packages, leading to issues. If you're really security-conscious, Flatpak is a solid alternative, as it runs apps in sandboxes, each containing its own dependencies, but do note it comes with some limitations.
I see where you're coming from. One thing to keep in mind is that when using package managers, like apt, you’re getting software from repositories that are typically already vetted by maintainers. But it’s true that installing from a Personal Package Archive (PPA) means you’re downloading software outside the main repository scope, and that requires a bit of extra trust on your part.
And on the note of security across platforms, any OS can have vulnerabilities. Just recently, users had malware issues by downloading specific software from the wrong website, which is a risk a package manager generally helps mitigate. GPG signing can also help ensure packages come from trustworthy sources.
To start with, the apt command doesn't just pull software from the internet at random. It gets packages from a well-maintained repository where each program is verified before being accepted. So, no crazy malware like 'chicken_is_no_weapon_browser' is getting in.
About dependencies, most of them are open source, meaning anyone can check the code. Repository maintainers tend to keep an eye on these changes to ensure nothing malicious slides through. If you're still uneasy, consider using Flatpak or Snap on Ubuntu; these options run applications in a secure container, although they can take a bit longer to start up.
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux