Use VirusTotal to check Gnome extensions for malicious code

49studebaker · June 6, 2025, 5:03am

The Gnome security team has limited resources and might not be able to verify that every Gnome extension is safe. Extensions could be automatically submitted to VirusTotal to check the extension for malicious code.

jrahmatzadeh · June 6, 2025, 8:37am

You mean we should have strict rules for scripts and binaries in EGO Review Guidelines?

skeller · June 6, 2025, 10:06am

The virus you linked to isn’t really related to gnome extensions. It itself is not an extension nor was it distributed via the extension system and as far as I know made no use of any other extension mechanism. It only installed itself into that directory to disguise itself.

argentwolf · June 6, 2025, 10:14am

Wait, I’ve heard (ad nauseam) GNU/Linux was immune to “malware”? :-J

tragivictoria · June 6, 2025, 2:04pm

People who say this don’t know how anything works. There is nothing in Linux nor desktop Linux ecosystem that would be inherently “immune” to malware.

49studebaker · June 6, 2025, 4:08pm

Is it safe to download gnome extensions from the following website? Is it just as safe as installing extensions via the package manager?

https://extensions.gnome.org/

jrahmatzadeh · June 6, 2025, 4:41pm

The best place to download and install GNOME Shell extensions is from EGO since we review all of them.

If you are not comfortable using the EGO website, you can use Extension Manager. It’s using the EGO’s API.

Btw, all reviews are public. You can find them by going to the extension page → Versions section → click on one of the links in the Status section.

If you found any security issues you can directly talk to us on GNOME Extensions Matrix Channel.

I actually, invite all extension users and developers to that channel since that’s the fastest way to get in touch with reviewers, shell developers and extension developers. We have many friendly people there willing to help you and answer all of the questions related to the GNOME Shell extensions.

tragivictoria · June 6, 2025, 6:57pm

Thank you for all your work BTW!

49studebaker · June 7, 2025, 1:39am

Thank you for the information and your hard work.

49studebaker · June 7, 2025, 1:43am

Any operating system can get malware. Linux is as secure as you make it. If you install software from the package manager, use official repositories, and install security updates, your system will be very secure. However, if you add third-party repositories, download and execute software or scripts from websites, run commands you do not understand that are posted on the internet, or fail to install security updates, your system will likely be compromised.