Can I trust downloading Python?
Steven D'Aprano
steve+comp.lang.python at pearwood.info
Mon Sep 9 20:06:04 EDT 2013
On Mon, 09 Sep 2013 12:19:11 +0000, Fattburger wrote:
> On Sun, 08 Sep 2013 03:37:15 +0000, Dave Angel wrote:
>
>> 1) what OS are you running? Actually, we can be pretty sure you're
>> running Windows, since any other common operating system would have
>> already included Python.
>
> Plus I don't often run into Linux users who worry about viruses, unless
> the braces-and-pimples crowd has expanded its horizons recently and
> started creating malware that does anything in Linux.
Hello, the 1990s called and want their stereotypes back.
Malware in 2013 is not about loser nerds erasing your hard drive for the
lulz. It's a multi-million dollar a year business, mostly driven by
spammers, but with small yet profitable niche markets for industrial
espionage and blackmail ("we've encrypted your files -- pay us $100 and
we'll send you the key"). Plus so-called law enforcement[1] uses it to
break into people's computers, for keylogging, etc., and you better
believe they have cracks targeted at Linux. Of course, Linux is a much
harder target than the average unpatched Windows box, and there are
probably easier ways to get access to your files if they really need to.
But really, we've learned *nothing* from the viruses of the 1990s.
Remember when we used to talk about how crazy it was to download code
from untrusted sites on the Internet and execute it? We're still doing
it, a hundred times a day. Every time you go on the Internet, you
download other people's code and execute it. Javascript, Flash, HTML5,
PDF are all either executable, or they include executable components. Now
they're *supposed* to be sandboxed, but we've gone from "don't execute
untrusted code" to "let's hope my browser doesn't have any bugs that the
untrusted code might exploit".
The people driving malware these days are not script-kiddies, but
professionals, up to and including some of the smartest and most highly
funded professionals in the world. Stuxnet anyone?
[1] I say "so-called", because far too often the people who are supposed
to be upholding the law are actually breaking the law with impunity.
--
Steven
More information about the Python-list
mailing list