How is Linux vulnerable to spyware and phishing

People using Linux today choose one of the window managers – often it is KDE or Gnome. Both of these window managers allow users to further extend the system via special widgets.

There are tons of widgets – they can be system or disk monitors, satellite image screens, weather forecasts or even the games. Some of them notify you about a new email, some will allow you to create to-do lists and keep track of your tasks. All of these widgets are free to download and made by community – i.e. developers donating their time to their pet projects.

When I download some widget, I often think about its code and structure – specially, when it requires you to fill in a username and a password to some service you are using. I keep thinking if it’s really safe to give the required data to the widget I have never heard of before. What if the developer was not a volunteer donating their time, but rather a criminal trying to get a hold on unsuspecting users’ private data including their usernames and passwords?

I am sure somebody would find that over a period of time, but it can be too late – private data of tens (or hundreds) of users could have been already stolen and misused.

I predict we will hear about the case of spyware on KDE or Gnome soon.

PS: Of course, any of this can easily happen on MS Windows as well.