Can I trust downloading Python?

Steven D'Aprano steve+comp.lang.python at pearwood.info
Mon Sep 9 20:06:04 EDT 2013 

On Mon, 09 Sep 2013 12:19:11 +0000, Fattburger wrote:

> On Sun, 08 Sep 2013 03:37:15 +0000, Dave Angel wrote:
> 
>> 1) what OS are you running?  Actually, we can be pretty sure you're
>> running Windows, since any other common operating system would have
>> already included Python.
> 
> Plus I don't often run into Linux users who worry about viruses, unless
> the braces-and-pimples crowd has expanded its horizons recently and
> started creating malware that does anything in Linux.

Hello, the 1990s called and want their stereotypes back.

Malware in 2013 is not about loser nerds erasing your hard drive for the 
lulz. It's a multi-million dollar a year business, mostly driven by 
spammers, but with small yet profitable niche markets for industrial 
espionage and blackmail ("we've encrypted your files -- pay us $100 and 
we'll send you the key"). Plus so-called law enforcement[1] uses it to 
break into people's computers, for keylogging, etc., and you better 
believe they have cracks targeted at Linux. Of course, Linux is a much 
harder target than the average unpatched Windows box, and there are 
probably easier ways to get access to your files if they really need to.

But really, we've learned *nothing* from the viruses of the 1990s. 
Remember when we used to talk about how crazy it was to download code 
from untrusted sites on the Internet and execute it? We're still doing 
it, a hundred times a day. Every time you go on the Internet, you 
download other people's code and execute it. Javascript, Flash, HTML5, 
PDF are all either executable, or they include executable components. Now 
they're *supposed* to be sandboxed, but we've gone from "don't execute 
untrusted code" to "let's hope my browser doesn't have any bugs that the 
untrusted code might exploit".

The people driving malware these days are not script-kiddies, but 
professionals, up to and including some of the smartest and most highly 
funded professionals in the world. Stuxnet anyone?




[1] I say "so-called", because far too often the people who are supposed 
to be upholding the law are actually breaking the law with impunity.



-- 
Steven

More information about the Python-list mailing list