Techly NewsGet the app

Get the latest tech news

A Study of Malware Prevention in Linux Distributions


Malicious attacks on open source software packages are a growing concern. This concern morphed into a panic-inducing crisis after the revelation of the XZ Utils backdoor, which would have provided the attacker with, according to one observer, a "skeleton key" to the internet. This study therefore explores the challenges of preventing and detecting malware in Linux distribution package repositories. To do so, we ask two research questions: (1) What measures have Linux distributions implemented to counter malware, and how have maintainers experienced these efforts? (2) How effective are current malware detection tools at identifying malicious Linux packages? To answer these questions, we conduct interviews with maintainers at several major Linux distributions and introduce a Linux package malware benchmark dataset. Using this dataset, we evaluate the performance of six open source malware detection scanners. Distribution maintainers, according to the interviews, have mostly focused on reproducible builds to date. Our interviews identified only a single Linux distribution, Wolfi OS, that performs active malware scanning. Using this new benchmark dataset, the evaluation found that the performance of existing open-source malware scanners is underwhelming. Most studied tools excel at producing false positives but only infrequently detect true malware. Those that avoid high false positive rates often do so at the expense of a satisfactory true positive. Our findings provide insights into Linux distribution package repositories' current practices for malware detection and demonstrate the current inadequacy of open-source tools designed to detect malicious Linux packages.

View a PDF of the paper titled A Study of Malware Prevention in Linux Distributions, by Duc-Ly Vu and 5 other authors View PDF Abstract:Malicious attacks on open source software packages are a growing concern. This concern morphed into a panic-inducing crisis after the revelation of the XZ Utils backdoor, which would have provided the attacker with, according to one observer, a "skeleton key" to the internet.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Study

Study

Photo of linux distributions

linux distributions

Photo of malware prevention

malware prevention

Related news:

News photo

Nearly half of employees think using AI is cheating, study shows

News photo

Study reveals that humans can’t identify AI-generated poetry

News photo

Electric car batteries last longer than expected (study) – ecomento.de

« Future Google supplier Kairos gets approval to build two small nuclear reactors
Apple is reportedly building a more conversational Siri powered by LLMs »