Something I’ve wondered. One of those “too good to be true, it probably is” type things. With all the FOSS especially for linux, installing package after package because a web search said it would fix your problem, how is it Linux isn’t full of malware and such?

Id like to understand better so I can explain to others who are afraid of FOSS for those reasons. My best response is that since it’s open source, people can see what it’s doing and would right away notice something malicious. I wouldn’t, since I’m not that into code, but others would.

    • applemao@lemmy.worldOPEnglish
      218·
      4 months ago

      Checks and balances, and money… people won’t buy your product if it’s malware…unless you make them a captive audience (win11, tencent).

      • highball@lemmy.worldEnglish
        18·
        4 months ago

        That doesn’t stop any of them. Windows users still go, willy nilly, traipsing around the internet downloading and installing random things. There is no money, no checks and balances. I’m sure you’ve read Windows converts complaining, “Linux isn’t ready for the average user because it’s too hard to install programs, they want to be able to download an installer, then click next next next and have the application installed.” They think the security of package management is too much for the average user.

        Sure, FOSS could get some bad actors. It would be no different than the closed source community. At least with FOSS, there is still opportunity for people to find and eliminate the bad code. The world runs on Linux and FOSS. The place where you would want to sneak in some bad code the most. You’d have a much bigger impact. And, it does happen on occasion, people notice, and the bad code is removed. Compare that to the much smaller, Windows world, where you need anti-virus checkers and maleware checkers.

        It sounds like you have the computing world inverted. You believe Windows and closed source is the most dominant computing paradigm. It’s not.

  • Vopyr@lemmy.worldEnglish
    10·
    4 months ago

    Nothing? but the very fact that it is open source makes it much easier to detect malware, I guess. But I don’t think that closed source is better in this regard, rather worse, because corporations love spyware.

  • slazer2au@lemmy.worldEnglish
    8·
    4 months ago

    It does happen, the most notable one that I can remember is XZ Utils. The good thing about open source is eventually someone will spot it and call them out.

  • hperrin@lemmy.caEnglish
    5·
    4 months ago

    If it’s open source, then the source code of the malware is also open. Generally, binary blobs aren’t included in open source programs, and when they are with no good explanation, it raises a lot of suspicions.

    Closed source is where malware can readily be hidden, which is why there is tons of malware hidden in Windows and Android apps.

  • jimerson@lemmy.worldEnglish
    3·
    4 months ago

    I believe that as a FOSS developer, in order for your code to be implemented and widely adopted, you’ll have first reached a certain level of trust in the community. That, and yes your open source code can be picked through. Malicious code isn’t always immediately found, but it does ruin the hard earned reputation of the developer.

    Source: just speculation from being a FOSS fan for many years