This is a static archive of the old Zorin Forum.

The information below may be outdated. Visit the new Zorin Forum here ›

If you have registered on the old forum, you will need to create an account on the new forum.

Old Zorin Forum archiveHelp and Support

Screenlets is it safe? How do you know what is safe?

dmemphis

Fri Dec 13, 2013 4:08:41 am

I installed Screenlets to get some gadgets for the desktop.
After the fact, I was nervous that it asked for the admin password to install - i presume because
it needed to install some chron stuff or the like (I'm not talking about the password requested by the Software Center,
this was as Screenlets was setting itself up.

It occured to me that I ought not be cavalier about giving apps the admin passord.
How do I know its not installing malware, loggers or other mischief?
Plus, their website is blocked.... that made me doubly nervous.

How would I completely back this out and insure it left nothing behind?

Further, what is the best practice in Linux for this sort of thing, can you inerently trust the Software Center items?

Thanks!

Swarfendor437

Fri Dec 13, 2013 12:51:50 pm

Applications themselves should not be an issue - GNU/Linux is similar to Windows in that it needs to have 'elevated' priveleges - for this to take place you need to enter your login password (and when you do this in a terminal, the characters won't show at all so you need to be careful. If the website is blocked it suggests that you are trying to access the site from a school or other site not your home - I can't update GNU/Linux from work due to proxy filters! :D

The only thing you SHOULD be concerned about if some person of doubtful parentage has created a tarball with commands that will wipe your hard drive - this is not malware - just someone with malintent to ensure you don't enjoy your computing experience - this occurrd with a theme uploaded to Gnome-look.org called 'Ubundows' - anyone extracting would have seen their computer devoid of its GNU/Linux OS and any data!

You have been given the answer you seek!

dmemphis

Fri Dec 13, 2013 5:48:30 pm

But screenlets does ask for a password at its install and therefore has all the elevated privileges, yes?
This is the screenlet website.
http://www.screenlets.org/index.php/Get_more_screenlets
I mispoke, its not blocked, the page that loads says "website disable"
does not instill confidence.

dmemphis

Fri Dec 13, 2013 5:56:37 pm

Swarfendor437 wrote:The only thing you SHOULD be concerned about if some person of doubtful parentage has created a tarball with commands that will wipe your hard drive - this is not malware - just someone with malintent to ensure you don't enjoy your computing experience - this occurrd with a theme uploaded to Gnome-look.org called 'Ubundows' - anyone extracting would have seen their computer devoid of its GNU/Linux OS and any data!


Well that's pretty frightening.
How would you know? Seems you have to backup before running ANYTHING.

Swarfendor437

Fri Dec 13, 2013 11:58:19 pm

dmemphis wrote:But screenlets does ask for a password at its install and therefore has all the elevated privileges, yes?
This is the screenlet website.
http://www.screenlets.org/index.php/Get_more_screenlets
I mispoke, its not blocked, the page that loads says "website disable"
does not instill confidence.


It means the website has been taken down:

http://answers.yahoo.com/question/index ... 237AAdUzUd

Swarfendor437

Fri Dec 13, 2013 11:59:20 pm

dmemphis wrote:
Swarfendor437 wrote:The only thing you SHOULD be concerned about if some person of doubtful parentage has created a tarball with commands that will wipe your hard drive - this is not malware - just someone with malintent to ensure you don't enjoy your computing experience - this occurrd with a theme uploaded to Gnome-look.org called 'Ubundows' - anyone extracting would have seen their computer devoid of its GNU/Linux OS and any data!


Well that's pretty frightening.
How would you know? Seems you have to backup before running ANYTHING.


You check what is in a file by checking for any scripts - my original guidance appears to have disappeared - will get back to you on this one.

Swarfendor437

Sat Dec 14, 2013 11:34:30 pm

Forgot to tell you the 'remove' instructions! Open a terminal (Ctrl+ Alt+ T) and enter:

Code:
sudo apt-get purge [enter name of the package you were trying to install]


alternatively if things have not installed properly:

Code:
sudo apt-get autoremove


After you have completed this exercise:

Code:
sudo apt-get update && sudo apt-get upgrade

Swarfendor437

Sun Dec 15, 2013 12:04:07 am

Ok. Here is how to check the contents of a tar.ball before extracting to install (thanks to Blackwolf of ultimateeditionoz.com):

[link removed as not operational]

dmemphis

Sun Dec 15, 2013 6:27:44 pm

Swarfendor437 wrote:Ok. Here is how to check the contents of a tar.ball before extracting to install (thanks to Blackwolf of ultimateeditionoz.com):

https://www.ultimateeditionoz.com/forum ... 572#p17572


I'm getting a 503 error on that link.
I saw it once, but didn't get to see what operation produced the indication of malware...

Hmmm. OK. Can scripts be disabled for tarball?
Can the tarballs be worked with without SU priveliege? Seems like it should.
I need to bone up on my shell and privileges knowlege!
It just seems dumb that the sudo this and that so willy nilly that one of these things has an opportunity to run away from us.

dmemphis

Sun Dec 15, 2013 6:32:00 pm

Swarfendor437 wrote:
dmemphis wrote:But screenlets does ask for a password at its install and therefore has all the elevated privileges, yes?
This is the screenlet website.
http://www.screenlets.org/index.php/Get_more_screenlets
I mispoke, its not blocked, the page that loads says "website disable"
does not instill confidence.


It means the website has been taken down:

http://answers.yahoo.com/question/index ... 237AAdUzUd


Thanks. I guess that's right.
On the other hand, it raises suspision as to the pedigree of the screenlets app.
Should it be removed from the Software Center?
I did the standard uninstall. Is that equivalent to the remove commands you shared?

Swarfendor437

Sun Dec 15, 2013 7:16:45 pm

Provided it reported that the uninstall went ok - this should show up as no tick against the screenlets in the Software Center(re) - indicating it is not installed - usually you get a green circle with a white tick in which means it is on the system. It won't 'purge' the package you downloaded if you did it separately.

Swarfendor437

Sun Dec 15, 2013 7:21:10 pm

dmemphis wrote:
Swarfendor437 wrote:Ok. Here is how to check the contents of a tar.ball before extracting to install (thanks to Blackwolf of ultimateeditionoz.com):

https://www.ultimateeditionoz.com/forum ... 572#p17572


I'm getting a 503 error on that link.
I saw it once, but didn't get to see what operation produced the indication of malware...

Hmmm. OK. Can scripts be disabled for tarball?
Can the tarballs be worked with without SU priveliege? Seems like it should.
I need to bone up on my shell and privileges knowlege!
It just seems dumb that the sudo this and that so willy nilly that one of these things has an opportunity to run away from us.


I'm getting a 503 error - I will delete the link and copy and paste later - it could have been taken out as you need to login to view the code - sorry! :(

Wolfman

Tue Dec 17, 2013 6:54:59 am

Hi,

the app "Screenlets" is safe within itself, the only problem is that anyone can write a screenlet app and add it to the package, if that screws up the system, it is each individual applet and not the main body of the Screenlets package that would be responsible!.

I use the Clearweather screenlet and have no problems at all!.

Regards Wolfman :D

Swarfendor437

Wed Dec 18, 2013 11:33:12 pm

"I always open the debs and check for suspicious post-install scripts"

This is how to do that. ...

Listing the files from a debian package using dpkg -c

dpkg is the package manager for debian. So using dpkg command you can list and extract the packages, as shown below.

To view the content of *.deb file:

Code:
:
$ dpkg -c ovpc_1.06.94-3_i386.deb
dr-xr-xr-x root/root         0 2010-02-25 10:54 ./
dr-xr-xr-x root/root         0 2010-02-25 10:54 ./ovpc/
dr-xr-xr-x root/root         0 2010-02-25 10:54 ./ovpc/pkg/
dr-xr-xr-x root/root         0 2010-02-25 10:54 ./ovpc/pkg/lib/
dr-xr-xr-x root/root         0 2010-02-25 10:48 ./ovpc/pkg/lib/header/
-r-xr-xr-x root/root       130 2009-10-29 17:06 ./ovpc/pkg/lib/header/libov.so
.
.
.

-r-xr-xr-x root/root       131 2009-10-29 17:06 ./ovpc/pkg/etc/conf
dr-xr-xr-x root/root         0 2010-02-25 10:54 ./ovpc/pkg/etc/conf/log.conf



Extracting the files from a debian package using dpkg -x

Use dpkg -x to extract the files from a deb package as shown below.

Code:
:
$ dpkg -x  ovpc_1.06.94-3_i386.deb /tmp/ov
$ ls /tmp/ov
ovpc



DEB files are ar archives, which always contains the three files — debian-binary, control.tar.gz, and data.tar.gz. We can use ar command and tar command to extract and view the files from the deb package, as shown below.

First, extract the content of *.deb archive file using ar command.

Code:
:
$ ar -vx ovpc_1.06.94-3_i386.deb
x - debian-binary
x - control.tar.gz
x - data.tar.gz
$



Next, extract the content of data.tar.gz file as shown below.

Code:
:
$ tar -xvzf data.tar.gz
./
./ovpc/
./ovpc/pkg/
./ovpc/pkg/lib/
./ovpc/pkg/lib/header/
./ovpc/pkg/lib/header/libov.so
.
.
./ovpc/pkg/etc/conf
./ovpc/pkg/etc/conf/log.con


With acknowlegedment to Blackwolf on ultimateeditionoz.com forum.