I'm not, but the fact that there's the potential for junk to exist on the store in the first place is the problem, especially when there isn't adequate protection against typosquatting like I mentioned originally.Īs long as I only use the default repositories, I can `apt install` a package I've never even heard of and it's pretty much guaranteed to not be malicious/actively dangerous. > Why are you downloading random crap from teh snap store to begin with? This is the entire point of snap plugs/connections which are enforced permissions based model. Why do you comment on things you really don't seem to understand. >In other words, Snap sandboxing is in no way comparable to a 'proper' solution like a well-configured Firejail or a VM. On removal, the squashfs is removed and that is gone. The files needed are stored on squashfs, home config and configuration in it's own isolated directory. Snaps can't magically persist that is a load of FUD. Especially for sandboxing internet facing programs from my home directory. I have disconnected plenty of plugs that don't magically reappear. Snap permissions aren't controlled just by the author. In most cases there's nothing explicitly preventing a malicious Snap from gaining persistence even after it is removed. >Snap sandboxing is rarely utilised in a meaningful way, and the permissions for a particular app are controlled by the author by default. It probably is safe, in that it has had as much vetting as any other store owner.ĭownloading firefox, vscode, intellij, vlc, nodejs, spotify and all of these other first party snaps is perfectly fine. I wouldn't expect you to do that on Android or any other manufacturer.
![vuze update cryptomining vuze update cryptomining](https://cdn.mos.cms.futurecdn.net/heYaPBLn4eygTw22xf4Bt6.jpg)
No you probably shouldn't be installing hello-world snap from Davind1923232. People always take extreme perspectives over this and I find it weird. Why are you downloading random crap from teh snap store to begin with? You can be rest assured that the problematic snaps were tackled and addressed within 3 days, there are no cryptominers on the store anymore. It's not a risk I'm willing to take, as there's essentially no way to definitively prove that that's all the malicious Snap was doing. >If that happens then I have no choice but to assume a full system compromise and nuke my machine. I personally would like to see Apt remain as the default system package manager for all common/well-known software, with Snap existing purely as a 'community' repository for software that is known to be untrusted/unknown. Pushing Snaps as the main package management method goes too close to the Windows way of just downloading random EXEs from the internet.
![vuze update cryptomining vuze update cryptomining](https://i.ytimg.com/vi/bV7LGVR-h0o/maxresdefault.jpg)
įor me, the absolute key selling point of Linux over Windows/Mac is the secure-by-default and natively integrated package management. Snap's current 'protections' for this are mainly reactionary rather than preventative, which is far from satisfactory. However, with Snap, everybody in the world can publish any old rubbish in the Snap Store, including packages that typosquat the names of others. Using the default Ubuntu Apt repositories, I can `apt install` pretty much anything I want and it's almost guaranteed to not be malicious/dangerous, as only trusted/well-established developers can get their package into the Apt repos. It looks like deb files only can be installed via the terminal. The only 'con' is the pushing of Snap packages.