Zero Install is a decentralized installation system (there is no central repository; all packages are identified by URLs), loosly-coupled (if different programs require different versions of a library then both versions are installed in parallel, without conflicts), and has an emphasis on security (all package descriptions are GPG-signed, and contain cryptographic hashes of the contents of each version). Each version of each program is stored in its own sub-directory within the Zero Install cache (nothing is installed to directories outside of the cache, such as /usr/bin) and no code from the package is run during install or uninstall. The system can automatically check for updates when software is run.
Install Zero Install Injector in ubuntu
sudo apt-get install zeroinstall-injector
This will install all the required files
Screenshot
Video Demo
This is such an insanely bad idea, I can’t even begin to convey it. “Emphasis on security”? “Signed”? By who? With what trust model?
Firefox extensions are bad enough, this is just begging for a social engineering attack.
[Reply]
I couldn’t agree more with Fritz. This is an absolutely terrible idea. There’s a reason why root permissions are required for installs.
[Reply]
@Fritz: you have to say which people you trust. For example, you could decide to only accept packages signed by official Debian packagers. See this screenshot:
http://0install.net/confirm-tal-rox.png
(from http://0install.net/injector-using.html)
[Reply]
Okay, yes, I see that you can trust “someone”, but there’s no real trust model.
The point is, you (or whoever) are creating an application to make it totally easy to download and run an app without root permissions, but then you’re saying the security is okay because you have to decide to trust someone, verify their identity (how?) and then accept keys and such to allow the one-click run to happen.
This is Microsoft mentality - put in a new whiz-bang feature, but make the actual SECURITY of the feature insanely hard. That way, when the hapless user gets social-engineered into downloading and running the latest rootkit, you can just shrug and say “it’s the user’s fault, they accepted the certificate!”. But the reality is, you didn’t give them the tools to be smart about the security in the first place, so you shouldn’t have introduced the tool.
See Microsoft UAC for a classic example of this. Have you ever looked at the “details” of any of those UAC dialogs? They don’t say what the action is going to be, they usually have a CLASSID of some random control instead of a name, they provide no useful information for a decision. But Microsoft put it in so they could blame the users and shift responsibility for their completely broken trust model.
[Reply]
First, let’s clarify what is meant by “without root permissions”, because there are two possible interpretations. For example, Fedora recently allowed unprivileged users to install RPMs from their repository; the packages executed as root as they installed. This is not what Zero Install does. It does not execute any code from the package (as root or as anyone else) at install time. Installation is side-effect free.
So, it’s not letting users do anything they couldn’t already do (e.g. by downloading a shell script and clicking on it), but it does give them much better information (such as indicating that the package is signed by their distribution, or that the signing key has changed since they last updated).
In particular, you can’t use it to install a rootkit as you suggest. The user would have to take some extra step (e.g. entering their password at the sudo prompt). If software installation doesn’t need to be done as root, then fewer users will need to have administrator access in the first place. In an ideal world, we wouldn’t need to worry about users installing strange software any more than we currently worry about them visiting strange web sites.
Now, whether you think installing something this way is “more secure” or “less secure” depends what you’re comparing it to:
Compared to not installing the software, it’s probably less secure (unless the package being installed helps with security or something…).
Compared to installing a .deb package, from the same author? Probably more secure, since the installation isn’t happening as root.
Compared to installing a random .deb you found on the web which you have no basis to trust? Slightly more secure perhaps, but you’d better be careful either way. Probably combining it with some sandboxing or virtual machine would be good (Zero Install lets you share libraries between mutually-suspicious VMs, for example).
Ultimately, a Linux community made up of users too scared to install software doesn’t help the Free software ecosystem. Developers need users to test new versions of their software, and we need to make it as easy and safe as possible.
[Reply]
Today is 22 march 2011--one year after this argument between Fritz and Thomas.
I am new to ubuntu (first install 10.10)
Where do you stand today Thomas ? Were your arguments accepted by users ? because-Ubuntu is HUGE today (after 10:10). 3 months inside and I love it.
Anything to say Fritz ?
[Reply]
I’m with Krishna - this was a short but fascinating debate. Each post swung my (relatively newly formed) opinions from side to side. Great stuff.
I would like to hear more from both. As a non-idiot but non-technical user, who has recently been subjected to forced immersion education as a result of the Windows ‘experts’ being either too corrupt or too ignorant to do anything apart from direct endless geese-chasing - I’m now alternately between the two kernels. I have zero desire to use Windows whatsoever; Kubuntu is really quite amazing…but the transition is (imo) unnecessarily complex.
Sometimes the most inane procedures will take frustrated hours to do what would have been done in Windows in mere minutes or less - like installing Skype sigh.
I understand the arguments about security; man do I know some things about Microsoft I did not know 4 months ago - things that, quite frankly, I’m surprised haven’t placed some people in some prisons. So I understand the dilemma, but as a ‘spoiled’ (horrible word choice, should be something like “marinaded”) Windows user - I find myself just taking outrageous risks with Linux in frustration at endless complexities (a large portion of which are purely the function of ignorance, of course). So I dunno, seems a bit like 6 on one side, half-dozen on the other.
I think I have to lean towards Thomas’ side of the debate, but only because I’ve been corrupted by a lifetime of (unknowingly handing over control of my entire life to) Windows. Moving forward, education simply has to be preferable to ‘convenience’.
I’ve learned that, the really hard way.
[Reply]
Just entering a password. That’s all. Just entering one single password. Is this task so onerous that we need help, or else the crippling inconvenience will…err…cripple us? I am happy to stay and certain and not wonder who I should trust when I install software. And entering my password is really, really simple.
[Reply]
Throwing in my 2 cents:
So.. basically this is choosing between running:
sudo apt-get install “whatever you want”
OR
sudo apt-get install zeroinstall-injector
and then installing “whatever you want” with zeroinstall.
All this does is shift the problem. This doesn’t solve anything, since I still need sudo rights to begin with.
[Reply]
What in the hell is up with these ridiculous comments??
FACT: Whenever you install a piece of software, you are trusting whoever put out that software that it isn’t malicious.
Q: Would you rather install a piece of software that is open source, or closed source? Hint: Open.
Q: Would you rather let a program have root access to your computer, or just user-level access? Hint: user-level
Again, what the hell?
Zero Install solves one of the biggest programs ever to face Linux: NO FREAKING PROGRAM INSTALLATION STANDARDS.
Users should not be trapped into waiting on a distro company like Canonical for Ubuntu or Red Hat for Fedora or Novell for SUSE or anyone else just to get the programs they want. It should be a PIECE OF CAKE to get the latest version of Firefox, EVEN a totally new major revision of Firefox (like moving from Firefox 3 to Firefox 4, etc) if that’s what a user wants. Sadly, right now it’s not easy, and users are trapped because of it. The only thing Mozilla offers them are a binary TAR file which contains no installers whatsoever, so they have to manually create shortcuts/icons/links/menu entries just to get the damn thing properly on their system, and in addition they won’t get any updates at all, they have to go manually download a new TAR file and extract it and copy it over the old one every time there is an update.
HORRIBLE.
Zero Install = SOLUTION TO HORRIBLENESS.
As soon as the Linux community pulls their heads out of their asses and starts making intelligently-designed programs based on intelligent STANDARDS, then maybe Zero Install will no longer be necessary, but for right now it is necessary because it is installable across all distros and even runs on Windows and OS X.
Linux is supposed to be about freedom for users though, and due to the lack of installation standards, companies are exploiting Linux users by locking them into their own stacks of software. Not completely, but for your grandma? YES. For the average Joe Sixpack? YES.
It’s time for Linux users to say screw all that, and to start supporting initiatives for true freedom on Linux with attempts like Zero Install.
[Reply]