I've read Security in Linux Mint and Ubuntu: an Explanation and Some Tips by Pjotr.
I've also read countless threads about viruses in Linux(not really viruses) and why not to use anti-viruses or anything similar.
So, this thread isn't about "How to protect Linux from getting infected from Windows viruses".
The concerns I have are quite different.
Pjotr recommends to only install software from the official software sources of Linux Mint and Ubuntu.
This is what I do most of the times.
But in some cases, the said software isn't available in the official Mint and Ubuntu repo and I've to go the developer's website to download them.
Recently I've noticed a lot of developers distributing AppImages as the default format in their websites.
Just to be crystal clear, I'm not talking about untrusted or unverified developers.
I'm not for downloading an untrusted application then thinking about the security issues.
So, back to my points, due to a little rise in popularity of AppImages, I've started preferring AppImages over Flatpaks and Snaps.
This is where my worries begin.
When I started with Linux Mint, two months back, I read about different packing formats, their advantages and disadvantages.
There I found, that AppImages don't have any sandboxing feature by default whereas Flatpaks and Snaps have that.
So, I searched for how people preferred AppImages then and found that it's all about a game of trust.
You've to trust somebody and there are developers who have earned the trust of their users by providing good quality software for years or decades without any catches.
This brought back some relief as I never downloaded any untrusted software to begin with and I've followed the developers for years and know they're really reliable.
But while reading about AppImages, I found the developers recommended using FireJail for sandboxing.
So, I searched a little bit about the implementation and came across a discussion they were having about an implementation of sandboxing within AppImage by default.
Like a curious kid, I tried to dig deeper and I found out a post that broke my reality about the game of trust.
This is my summary of that discussion. (Don't confuse this with that other reply I had made in another unrelated post)
We trust these developers and they would never choose to distribute malwares, but in some cases, someone pretending to be our trusted developer can distribute a malware to users.The reason the system repo is safe is because it is verified regularly and the distro devs are really careful what they're passing.
They have a huge community and they can communicate with their users if any major security issue(most likely an attack) is encountered.
But in general, single or small developers might not have this big of a backing or resource because of which they might be more susceptible(not by an alarming rate) to an attack.
So, their websites might get hacked(for a day or two at max) and malwares can be distributed.
Now, this is where the trust becomes an issue.
Smart and updated users might know what's up, but people who work a lot in offline modes and don't have much of an online presence might not notice the discrepancies.
This is scary.
I trust my developers to protect their users at all costs, but there's still some risk and if we, as in users, could find a way to implement some safety measures like sandboxes, maybe that can work as a safety net in cases of emergencies.
So, my question is how big can the impact of this sandboxing-issue be and how can it be avoided and how can we use better prevention techniques as safety nets.
This is a pretty long post, I'm still new to Linux and don't know a lot of things, so kindly correct me if you find anything wrong with my post.
And please suggest any modifications if the post is really long and drives readers away instead of bringing them.