Don't run a command if you don't understand what it is doing and don't run commands from untrusted people or places. Check with someone you trust if you are not sure, or check out the command's manual page.

Tom's advice is sound, but I fear he's shouting into the wind. I read the same Ubuntu forum announcement as Tom and while I've always been aware of the issue, it's worrying to read about it on such a high-traffic site as Ubuntu Forums — more so considering the site is heavily used for system support/help requests.

I find it funny that some Linux advocates proudly shout about the fact that Linux is near enough immune to virus attacks, yet rarely mention the negative aspects of running such a powerful system. Some of the malicious commands mentioned in the announcement are far more destructive than your average Windows virus.

The most worrying aspect to all this is the potential future implications for Linux on the Desktop. If When Linux finally gains real market share, then this type of maliciousness could really explode on the community [quite literally.]

Not a solution, just an idea

There isn't an immediate solution to this problem, there may never be a solution. However, I have come up with an idea that might help Ubuntu Forums to combat it:

The idea would involve Ubuntu Forum users [those wishing to post code or instructions] applying for a "seal of approval". The application would be looked at by a board/council and a seal issued when the applicant had shown enough evidence to warrant receiving it. Applicants could also submit testimonials from other forum members to backup their application.

Once a seal is approved it would be prominently displayed as an image link within the users profile bar. Clicking on the image would send the visitor to a notice page informing them that the message had been posted by an approved user.

All forum users should be made aware of the seal and its meaning. This could be done on registration for new users and via an announcement for existing members.

I'd be interested to know what people think of this. Please feel free to post a comment saying why it's either good or bad idea. Any technical suggestions about how it would work would also be welcome :)

Tags: security, ubuntu