I have a question about gtk themes and security.
First you gotta understand that I worked for years in government, where we were pounded left and right about social engineering and proper IT security and communicating to the public, etc, so that our magic fairy dust knowledge would be protected. So, I naturally became even more cautious than I am naturally. Second, you gotta understand that I hate the grey gtk theme. Ugh, give me glorious black, charcoal, midnight, just bring down the lights. I used to use tawan's gtk-carbon theme (http://ta-wan.deviantart.com/art/carbon-fiber-gtk-160333821), which is almost perfection to me, back when I only surfed casually and did no personal financial, or any truly private junk on my linux system. Just a toy. But now, with my understanding of linux increasing (partially from using linux both at home AND work), I am more inclined to make the move completely. But that means it has to be more secure, so that I can do banking and stock market speculation etc.
The xbm and png files used to skin windows are jpg files with root permissions, right? So, how am I supposed to feel regarding someone's generic gtk theme I downloaded from boxlook or DeviantArt or whatnot? Image files can contain code other than just the image itself. Shouldn't I be cautious about this?
Much of the malware in image files takes advantage of Windows file naming convention where the file extension type is not shown i.e. anything.jpg.exe will usually be shown by Windows as anything.jpg.
Windows will run .exe files, Linux can sometimes through WINE otherwise they are simply files.
Remember that this is open source which means that the underlying code is always available for you to read.
Themes and styles are often in the root file system, this is not automatically the same as executable.
They can also be placed in the home partition, which does not have root permissions however those themes and styles will only be available for the users of that /home.
Check the file properties/permissions if the execute bit is not enabled no danger.
You are not the first with such concerns, see here:
http://ubuntuforums.org/showthread.php?t=2016144
Show Posts
