[st3fan]

* How does one realistically protect against these new attack vectors?*

Do not install unsigned software is a good start. Does that dialog need a secondary 'Are you really really sure?' absolutely .. but the basic defence in this specific case was in place.

[libeclipse]

Yeah, Linux especially I've never downloaded and installed something manually from the internet. I get all of my packages directly from:

  pacman -S foo

Or sometimes maybe:

  yaourt -S foo

tl;dr Use your operating-system's package manager.

[Macha]

The AUR (Since you mention yaourt) or PPAs are the linux equivalent of downloading random crap off developer homepages though. They have benefits in terms of updates etc. but they're no more secure (And you may want to look at the next PKGBUILD you install and see how many of them are literally just grabbing stuff off third party servers anyway)

See for example:

* Kivy: https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=pytho...

* Chrome: https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=googl...

* Vivaldi: https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=vival...

* Plymouth (over HTTP too!): https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=plymo...

* Oracle JDK (also plaintext HTTP!): https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=jdk

[floatboth]

That's how pretty much all packages in any distribution are built.

Note the included hashes — if the file on the server gets replaced, the building process will complain. (Sure the package maintainer will probably just replace the hash :D But if the file changed but the version number didn't change, or there was no release announcement, that's suspicious…)

[kingosticks]

But arch pulls these files and rebuilds every time, right? Compared to most other distros where only the (more) savvy maintainer does these steps. Don't arch end users just assume there's a new version out and the package hasn't been updated, ignore the error and install anyway? Or are they better trained to take notice of this suspicious stuff?

[floatboth]

> ignore the error and install anyway

I don't remember how Arch does it, but in FreeBSD Ports you need to actively replace the hash in the text file, there's no easy ignore option. (FreeBSD also mirrors the files on the project's servers, which is pretty cool)

[egypturnash]

MacOS's package manager is the App Store. Which Handbrake isn't on.

It isn't on the Windows store either as far as I can tell.

Why, I don't know - maybe nobody involved wants to pay the fees to become an Authorized Developer, maybe there's a Free Software religious argument going on, maybe Apple doesn't want a program whose original function was "ripping DVDs" to be on there because of the many deals they have with the entertainment industry.

tl;dr: the program in question ain't in the operating system's package manager.

[derimagia]

App store has a lot of issues as is, I actively try to avoid the app store. I'm sure it's more secure, but security isn't everything. The issue doesn't have to do with the app store, it's being careful what you are downloading no matter what it's from.

[libeclipse]

Maybe use operating systems that have proper package managers then.

cough Arch cough

[badosu]

AUR (Arch User Repository) is a great way to provide user and vendor provided installers IMO: you can check the build script, comment on it, flag outdated ones define and change maintainers while providing a web interface as well.

[jackewiehose]

I'm using linux for some time and I installed tons of software without my package manager (thats unavoidable because not every package archive has every software).

In the end its all about trust. If you trust some web domain you can also trust their software. If that software is compromised you're out of luck. No package manager or walled apple garden can help you with that.

[clarry]

But there is more to trust than just domains (web servers): signatures. If only people used these.

[AnimalMuppet]

We had a system that was used to generate television graphics. Our installer for new software was capable of bringing up a system with a new hard drive, so one of the options it had was to format the hard drive. The installer asked three times if you were sure, with increasingly severe warnings about losing all your data. Sure enough, a customer with an existing hard drive ran through all three warnings, formatted their hard drive, and then called customer service to complain about losing all their data.

The solution, of course, was to add a fourth question...

[mark-r]

A fourth question obviously isn't going to help. Make them enter "erase my drive" into a text box, that might get them to pause for a moment.

[strictfp]

Well, the probability approaches zero asymptotically as the number of questions approaches infinity...