could you possibly install a malicious program using apt-get? [duplicate]

Is it possible to install a malicious program using apt-get? Sure, but that requires there to be malicious software in your computer's listed repositories. That can happen:

  • If you have added a malicious repository, it can provide malicious packages. PPAs, for example could contain malicious code. They can also provide any package (they could provide an ubuntu-minimal replacement that would infect everybody.

  • But not just PPAs. Software in the main repositories could be infected, either because the Ubuntu maintainer is hacked or disgruntled, or because the Debian upstream maintainer is hacked or disgruntled, or that the original developer is hacked or disgruntled and that bad code filters through uncaught.

  • Somebody has somehow managed to intercept your network traffic and has also somehow managed to either sign a packages' manifest or alter a binary package without altering the package checksum.

    Both are incredibly unlikely unless you've been adding random keys, but even then it's hard to do without being at least partially on-site. It's a pretty complicated hack to pull off.

But is any of that it likely here? Is it telling you to install malicious software?

No. It's just asking you to install 32bit versions of these libraries because it uses them but was compiled against their 32bit versions.

But what are they? libcurl3 is used for downloading things within an application and libvorbisfile3 is for decoding Vorbis-encoded audio.

The :i386 on the end of the package name means. It's specifying the architecture. In Ubuntu's case, we use i386 to mean 32bit, it's actually compiled with i686 processor instructions.


If you're going to be paranoid about anything, downloading and running a closed source binary from a random website is the real danger here.