1

For a project I have been contracted to work on a collaborating Chinese programmer has provided some software to simplify some tasks. I am unaware whether this software package contains malware or not. I would like to run this software and still protect my computer.

While I am not a Ubuntu noob I am newish to the OS. I understand that under Windows I run the risk of infecting my entire computer.

I am wondering what would be the best practice to protect my computer, private information, and data. Can I create a new user account and install the software with that account? Will that only protect the information on my primary login but not the computer as a whole? Note - the software involves running from ./softwarename.sh. The software is provided as a complete package and I do not have to download it (or anything) from the internet. I do not have to install any packages, third-party libraries etc. All I need to do is run a remote license manager (rlm) via a shell script and start the software from a shell script.

GBG
  • 300
  • 1
    Run it in a virtual machine. If it infects anything, just delete the VM. Also, this gives you the possibility to monitor (on the host) its network connections. – Jos Jan 21 '19 at 00:18
  • "While I am not a Ubuntu noob I am newish to the OS" Well, Ubuntu is an OS, so what exactly is meant by that is unclear and tells nothing of your extent of knowledge with Ubuntu. "For a project I have been contracted to work on a collaborating Chinese programmer has provided some software to simplify some tasks." First of, remove the "Chinese programmer" part, it's not relevant and also shows bias. Second, is your fear of malware based simply on the fact they're Chinese ? Is the software related or not related to the tasks you're doing ? Second, if it's an option to refuse installing ... – Sergiy Kolodyazhnyy Jan 21 '19 at 01:39
  • ... if it's an option to refuse installing, why not simply refuse ? Is the software a requirement to perform your task ? Next, consider your threat model. What are you afraid of ? Do you have private information on the computer ? Do you have significant company-related information on your computer ? What sort of malware or attacker do you expect ? – Sergiy Kolodyazhnyy Jan 21 '19 at 01:41
  • "the software involves running from ./softwarename.sh " The .sh extension designates a shell script unless it's obfuscated, which is a text file. You can easily look at it or ask someone who knows shell scripting to review what it does. – Sergiy Kolodyazhnyy Jan 21 '19 at 01:43

0 Answers0