How much more malware is lurking in Linux official repositories?

The revelation that the open-source Unreal IRC server download has been infected with malware for some eight months is pretty worrying. But the added discovery that this Trojan horse made its way into the Gentoo distro is real reason for the Linux community to re-examine how trusted repositories are handled.

The revelation that the open-source Unreal IRC server download has been infected with malware for some eight months is pretty worrying. But the added discovery that this Trojan horse made its way into the Gentoo distro is real reason for the Linux community to re-examine how trusted repositories are handled.

It's true that compared to Windows, Linux is pretty safe bet if you want to remain protected from hackers. After all, the 1% or so usage share that the OS enjoys (combined with the fact that many of its users are pretty switched on) just doesn't make it a worthwhile target to go after.

But there's a big difference between the OS being a "pretty safe bet" and it being invulnerable. No OS is invulnerable. If someone wants in on your system, and they have the time and resources, they are likely to find a way.

But this is a major blunder. Allowing infected code to make its way into an official distro demonstrates how complacent some in the Linux community have become.

Which leads to the biggest and most important question of all - how can we, as Linux users, be sure that more malware hasn't infiltrated official channels?

The idea that we can blindly trust official repositories of open source code is slowly eroding. Earlier this year Mozilla discovered that it had been hosting a Firefox add-on that contained malware. This latest incident should underline the need to beef up security to protect users.