I'm new to using Linux and still hesitant about using it for sensitive tasks like online banking. I have a couple of security concerns regarding terminal commands. First, when I type a command like 'sudo apt install steam', how can I be sure I'm actually installing the legitimate Steam application? What if I accidentally type something wrong and end up installing malware instead? Secondly, when I update programs, many dependencies are involved. Is there a risk that a developer could compromise one of those dependencies and sneak in something harmful? How can I protect myself from this?
5 Answers
The 'apt' command pulls software from approved repositories, so if someone tried to create a malicious program named, say, 'chicken_is_no_weapon_browser', it wouldn't get approved. Most dependencies are open source too, allowing the community to check and audit the code, which adds a layer of security. If you’re really worried, consider using Flatpak, which runs applications in a sandbox for added safety, even though it might have longer launch times and less integration with your system.
That’s true, and it’s a good point. Just because something is a Flatpak doesn’t mean it’s safe.
Using the software store application over the terminal can simplify things. Both pull from the same repositories, so malware is unlikely as long as the sources are trusted. However, if you're using PPAs (Personal Package Archives), be cautious since you're bypassing the default channel and could unintentionally install something sketchy.
That's not entirely useful; using the software store runs the same background processes as the terminal.
Exactly, the software store is just another interface to the same commands. Risks don't change.
When you install from official repositories, the distributions aim to verify the integrity of the packages. As for your concerns about dependencies, this is a universal problem – it applies to all software. Good practices like checking GPG signatures help, but you might have to audit packages occasionally, especially from PPAs.
If you're concerned, always stick to the official package repositories of your distribution. Extra repositories can lead to issues because they may not be as well monitored. Also, remember, this isn't just a Linux issue; even Windows users face similar risks without the protections that package managers offer. With good practices, the risk with Linux is generally low.
What distribution are you using? Linux packages are typically safe. In all my years on Linux, I’ve never dealt with malware. Just be cautious with custom repos, as they can mess with stable setups if they overwrite core packages. For more security, Flatpak or Snap (although Snap can have its own issues) can run applications separately from each other, adding extra security.
But remember, anyone can create a Flatpak. Many aren't made by the original developers and can pose risks too.