Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can read those scripts, you know. If you have a passing understanding of bash, it's pretty easy to understand what a script is doing and ensure it's not malicious.

Can you do that with a compiled executable?



You are comparing behavior of people who can read scripts with the behavior of people who consider random 3rd party driver updaters a good idea.

What user can do doesn't matter. It matters what they actually do.


> It matters what they actually do

Yes, and Windows users often install stuff from 3rd party websites whilst it's comparatively rare for Linux users.


> comparatively rare

This would need some substantiation. I personally had not seen many setups that did not require 3rd party websites.


Sorry, I have no numbers for that. However, typical Linux distributions include an incredible amount of software in their repositories, so it's usually only proprietary software that requires installation outside of the OS tools.


No, you are making that assertion. I brought up the driver thing as a joke, but you're the one that turned it into this inane whataboutism

Almost all windows applications are distributed as compiled binaries. Even very advanced users would find it difficult to audit most apps.

Bash scripts are in plain text, and idiomatic enough that it can be read by anyone with a passing familiarity with bash. Which is the very large majority of Linux users. The script very clearly states what it does, and if it doesn't, you shouldn't run it.

Driver updaters are nearly universally malware, and the common advice has always been to avoid them as such. Similarly, running random bash scripts from the internet without even looking is discouraged in the same way. Mystery binaries are much more dangerous than a script because you can't audit them, but the same advice is given for both: don't.

If what the user can do matters less than what they actually do, then Windows is the most insecure operating system by a very large margin. Windows users install malware at rates order of magnitude higher than any other system. Linux may as well have zero vulnerabilities compared to the shit that Windows users will blindly install.

You're right, it's stupid to compare these situations. So why are you doing it?


> If what the user can do matters less than what they actually do, then Windows is the most insecure operating system by a very large margin.

What does Windows have to do with users ignoring best practice again?

> You're right, it's stupid to compare these situations. So why are you doing it?

I was not, you are excusing yourself from your own mistake. I was comparing people who install driver updaters with people who run random bash scripts from the Internet. Then you tried to convince me the right thing would be comparing with (imho mythical) people who read every bash script they download.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: