2mo ago

Arch Linux users told to purge Firefox forks after AUR malware scare

www.theregister.com

Arch user-contributed browsers compromised

The distro's greatest asset is arguably also its greatest weakness If you installed the Firefox, LibreWolf, or Zen web browsers from the Arch User Repository (AUR) in the last few days, delete them immediately and install fresh copies.…

4 comments

I appreciate the article explaining the AUR repository. I'm still a linux noob and always thought AUR is the official repo for arch based distros.
- I was learning too and I was trying to wrap my head around the security implications of the AUR. It's like ok don't run anything new without votes and comments but you are still running random scripts. I suppose it's not much different from running an exe file but in windows you have anti virus. On Linux you are the anti virus apparently.
  
  Yeah the debate on whether linux would need an antivirus is bit difficult. I feel like experienced linux users forget that there is a huge amount of people between "I only need browser and libreOffice" and "I can confidently review the source code and scripts of a package" that want to switch to linux.
  I know the first line of defence is you, the second is linux permission system, but the third is missing to my limited knowledge.
  Ny understanding is that ClamAV is for scanning windows viruses on linux and don't know about any other linux virus scanning software. The userbase growing is bound to bring more linux desktop targeted malicious software.
Worth mentioning that the packages that had malicious code were not the most downloaded.
It wouldn’t be much different than adding a Firefox Patch on an App Store and hoping people would download it instead of the official/most popular one. Same works for a browser extension.
Still an issue and all but probably much smaller impact than I initially thought when I started reading the article and panicking I may had been affected.