Lame. His entire premise is a user manually executing code from a malicious source. He asked the fedora team about his article and they said it was "well-known and expected behavior" and I agree.

I might as well claim I can spread linux viruses on Hacker News by telling everyone to open a shell and type "rm -r ~" or "sudo rm -r /*".

This is, however, exactly how millions of Windows machines have wound up in botnets. It's a serious attack vector.

Quite, and this is further evidence of how very far from prime-time Linux is, when you have to just pray that users "know" not to open innocent-looking attachments sent from familiar addresses. Anyone who sneers "but I use pine!" has completely missed the point of this article.

At least for now, Linux can feel comfortable its users are a whole lot smarter than their average Windows counterparts...

Maybe in Windows its common behavior to download a program that says installs something you want and running it with administrative privileges. Not so in any Linux I know.

It can assume that its users know more about PC operating systems but that's all. That is not really correlated with intelligence.

Surely, in most cases the vector was attachments that ran when clicked.

Could this also not be fixed simply be requiring that launchers have the execute bit set? Actually, having read the article properly, I see that the post makes the same suggestion.

As he also says the smaller Linux desktop user numbers and the diversity of desktops mean it is still a lot safer than Windows. How many actual Linux user have actually been infected by malware?

A far more relevant Linux security flaw about how easy it is to set up a malicious mirror: http://www.cs.arizona.edu/people/justin/packagemanagersecuri...

The "virus" in this article is a bit trivial, as other users have pointed out.

This guy makes a lot of claims without any details.These would be better classified as gnome or kde viruses. I actually think finding a buffer overflow on pidgen or another gnome c application that accepts inbound traffic might be more effective for writing viruses.

- That said some security around ~/.config/autostart wouldn't be a bad idea.

My pick would be the Flash plugin.

The virus idea proposed in this article relies heavily on the user being dumb. But the last item in his article about getting the root access, was quite scary.

Using gksu to trick the user into typing the root passwd or the sudo passwd to execute a malicious script is a real threat.

Makes me think it might make sense to have a configuration user and a "runtime" user. Any application that asks you to make a change to your configurations when you don't expect it to can be considered suspect.

The article basically points out that KDE and gnome both provide convenience methods in launchers that can be used for nefarious purposes and compromise the security that the execution bit provides.