Join the fight against malicious commands given to new users

[jdong]

May I suggest that, in addition to warning users about suspicious commands (like "sudo rm"), that everyone explains commands when providing them to new users. Yes, even safe commands, like "ls" or "find."

If users see (quick, simple) explanations provided with helpful post (rather than just a terse "type this in a terminal"), they will be more suspicious when they see a strange command without any explanation. They will also learn what the commands do, which is very important.

And if trolls provide "fake explanations" for what a command is doing, it's still easier for users to detect the trickery (if a troll says "rm" installs software, a quick search will contradict that, and make the user suspicious...).

This is a great practice. I will try working it into the Forum Guidelines. (yes I'm still in a utopian state where I believe people read that document. Don't burst my bubble )

[Nunu]

May I suggest that, in addition to warning users about suspicious commands (like "sudo rm"), that everyone explains commands when providing them to new users. Yes, even safe commands, like "ls" or "find."

If users see (quick, simple) explanations provided with helpful post (rather than just a terse "type this in a terminal"), they will be more suspicious when they see a strange command without any explanation. They will also learn what the commands do, which is very important.

And if trolls provide "fake explanations" for what a command is doing, it's still easier for users to detect the trickery (if a troll says "rm" installs software, a quick search will contradict that, and make the user suspicious...).

Agreed this will also help the new guys understand what it is that they are doing and also teach them some of the command line skills required for Linux

[daynah]

May I suggest that, in addition to warning users about suspicious commands (like "sudo rm"), that everyone explains commands when providing them to new users. Yes, even safe commands, like "ls" or "find."

Check it, ya'll. If you like what he says, add a quick explination of "rm" in your sig (see mine). I'm seeing a lot of sigs that say "Never use rm!" which sounds like there's something wrong with linux. rm is a perfectly good command. Let's use education, not scare tactics.

[Keith Hedger]

I havn't seen any malaicious posts but I've added a warning to my sig, I don't get some people I mean why screw people just for the hell of it?

[PurposeOfReason]

Made it my new sig. I've never seen any of these posts but better safe than sorry.

[ice60]

i think the sticky in the Absolute Beginner forum is rubbish, go and have a look quickly at the stickys and see if sudo rm -rf stands out in a title. i bet you miss it!
http://ubuntuforums.org/forumdisplay.php?f=73

if you highlight don't sudo rm -rf / in a sticky title then you will see it even if only subconsciously.

if you can make it permanently stay as the first post, just below the stickys if that's possible??, then it will be almost impossible to miss it!

[Bruce M.]

Count me in!

I stripped my signature of everything personal and changed it to:

Education is the best form of defence!

[toupeiro]

Again, not trying to beat a dead horse here, but are you sure calling "sudo rm -rf" malicious is a good thing to instill in a new user to linux. sudo rm -rf is not malicious, but can be dangerous if you don't know what you are doing. Telling someone not to ever sudo rm -rf doesn't seem like the right approach... Its probably been too long since I've been a new user of an OS to understand the viewpoint, but knowing how many times I've used that command for very productive reasons makes me think its a bad choice in teaching.

so, if I were to post a productive script on the forums which made use of rm -rf, would I get banned???

I could tell someone how to edit their sudoers file so everything they run in sudo is executed without being prompted for a password, or how to sudo vi something, then shell out and get a root prompt. (a behaviour ubuntu is subject to out of the box.) All those things COULD be used maliciously, but they are NOT malicious.

Finally, from the example on the beginners page.. mkfs..

From MAN pages:

NAME
mkfs - build a Linux file system

mkfs, is a part of how you setup drives in Linux!! If I were to make a post detailing mkfs, and they still blew up one of their drives, would I get banned?? Was I being malicious because I tried to show someone how to use mkfs and they blindly used the command?? There are a lot of users that just cut and paste code under a thread name they are looking for. THAT is the behavior it seems we sould be working to curb. Even apt-get, the most commonly quoted command in the forums, could be scripted and used maliciously.

Teaching people what these commands mean, and what they can do rather than discouraging their use seems like a much more educational approach.

Any script I write, whether it be in C, Korn, Bash, perl, Windows shell or vbs, I put comments before each command or set of commands explaning what each component is doing. You will never see a script I wrote posted any other way.

I guess I'm just saying, there are better ways to prevent malicious intent than blacklisting common system commands. If you want to get Linux to catch on, making people afraid of CLI commands is not the way to do it.

[spamzilla]

*posting to see signature*

edit

much better

[JanDM]

Good idea, added to sig.

But we should maybe not focus too much on 'rm -rf'. There are loads of other dangerous commands like dd...