HN Reader

A Study of Malware Prevention in Linux Distributions

1 year agoby belter

> Our interviews identified only a single Linux distribution, Wolfi OS, that performs active malware scanning.

Seems like several authors are affiliated with Chainguard that created Wolfi.

1 year agoby ATechGuy

Good to see Packj[1] as one of the malware scanners used.

1. https://github.com/ossillate-inc/packj

Packj detects malicious PyPI/NPM/Ruby/PHP/etc. dependencies using behavioral analysis. It uses static+dynamic code analysis to scan for indicators of compromise (e.g., spawning of shell, use of SSH keys, network communication, use of decode+eval, etc). It also checks for several metadata attributes to detect bad actors (e.g., typo squatting).

1 year agoby ashishbijlani

This study seems flawed. It references the Xz backdoor, but then talks about malware in Linux distribution packages?

It would make more sense to study and interview package management systems like PyPy and Nuget instead.

1 year agoby SamuelAdams

This is just marketing fluff

1 year agoby klysm