I would like to make sure it's safe to download software using sudo apt-get install. Are the packages scanned somewhere? Are all packages downloaded using this command virus free?
If there is no guarantee that they are not virus free, after installing a package that contains virus, would the attacker be fully able to control my machine? Is there any way I can check all the packages that were installed on my computer by me? (not by the system automatically. I would like to filter them to see all the packages that were installed by me manually, not by the system.)
Best Answer
apton a default Ubuntu system will be very unlikely to get viruses. However, it doesn't mean it isn't possible:One of the features of APT is the ability for admins to add Personal Package Archives (PPAs) or other software sources to the APT cache. These third-party APT sources are not necessarily trusted, and may carry viruses. However, it would take an intentional action of the machine's admin to add one of these infected sources, making it rather hard for one to add itself.
In theory, a software repository may be hacked by a malicious party, causing downloaded
.debfiles to potentially carry malicious payloads. However, official software repositories are very carefully watched and security for these repositories is pretty tight. A hacker would be hard-pressed to take down one of the official Ubuntu software sources, but third-party software sources (see above) may be compromised a lot easier.If a network is compromised higher up (by, say, your ISP), it is possible to get a virus from official software sources. However, an attack of this caliber would require an extreme amount of effort and the ability to Man-In-The-Middle many sites, including GPG key distribution servers and the official repos.
Vulnerabilities do exist in open source, peer-reviewed, and maintained code. While these things aren't technically considered "viruses" by definition, certain exploits hidden or never revealed in the code could allow a malicious attacker to place a virus on or pwn your system. One example of this type of issue would be Heartbleed from OpenSSL, or the much-more-recent Dirty CoW. Note that programs from the
universeormultiverserepos are potential threats of this caliber, as explained here.apt(due to its importance on Linux systems) is pretty heavily guarded against almost all of these types of attacks on both the client and server side. While they are possible, an admin who knows what they're doing and knows how to read error logs will be able to prevent any of these attacks from taking place.Additionally,
aptalso enforces signature verification to ensure that the files downloaded are legitimate (and are downloaded correctly), making it even harder to sneak malware throughapt, as these digital signatures cannot be faked.As for responding to a malware infection incident, the absolute easiest path is to burn the system to the ground and start again from a recent (and known-clean) backup. Due to the nature of Linux, it can be very easy for malware to manifest itself so deep in the system that it can never be found or extracted. However, packages like
clamavandrkhuntercan be used to scan a system for infections.