Revisiting Linux Part 1: A Look at Ubuntu 8.04
by Ryan Smith on August 26, 2009 12:00 AM EST- Posted in
- Linux
It’s Secure
Security is a tough nut to crack, both with respect to making something secure and judging something to be secure. I’m going to call Ubuntu secure, and I suspect that there’s going to be a lot of disagreement here. Nonetheless, allow me to explain why I consider Ubuntu secure.
Let’s first throw out the idea that any desktop OS can be perfectly secure. The weakest component in any system is the user – if they can install software, they can install malware. So while Ubuntu would be extremely secure if the user could not install any software, it would not be very useful to be that way. Ubuntu is just as capable as any other desktop OS out there when it comes to catching malware if the user is dedicated enough. The dancing pigs problem is not solved here.
Nevertheless, Ubuntu is more secure than other OSes (and let’s be frank, we’re talking about Windows) for two reasons. The first is for practical reasons, and the second is for technical reasons.
To completely butcher a metaphor here: if your operating system has vulnerabilities and no one is exploiting them, is it really vulnerable? The logical answer to that is “yes” and yet that’s not quite how things work. Or more simply put: when’s the last time you’ve seen a malware outbreak ravaging the Ubuntu (or any desktop Linux distro) community?
Apple often gets nailed for this logic, and yet I have a hard time disagreeing with it. If no one is trying to break into your computer, then right now, at this moment, it’s secure. The Ubuntu and Mac OS X user bases are so tiny compared to that of Windows that attacking anything but Windows makes very little sense from an attacker’s perspective.
It’s true that they’re soft targets – few machines run anti-virus software and there’s no other malware to fend off – but that does not seem to be driving any kind of significant malware creation for either platform. This goes particularly for Mac OS X, where security researchers have been warning about the complacent nature this creates, but other than a few proof of concept trojan horses, the only time anyone seems to be making a real effort to break into a Mac is to win one.
So I am going to call Ubuntu, with its smaller-yet user base and lack of active threats, practically secure. No one is trying to break into Ubuntu machines, and there’s a number of years’ worth of history with the similar Mac OS X that says it’s not going to change. There just aren’t any credible threats to be worried about right now.
With that said, there are plenty of good technical reasons too for why Ubuntu is secure; while it may be practically secure, it would also be difficult to break into the OS even if you wanted to. Probably the most noteworthy aspect here is that Ubuntu does not ship with any outward facing services or daemons, which means there is nothing listening that can be compromised for facilitating a fully automated remote code execution attack. Windows has historically been compromised many times through these attacks, most recently in October of 2008. Firewalls are intended to prevent these kinds of issues, but there is always someone out there that manages to be completely exposed to the internet anyhow, hence not having any outward facing services in the first place is an excellent design decision.
Less enthusing about Ubuntu’s design choices however is that in part because of the lack of services to expose, the OS does not ship with an enabled firewall. The Linux kernel does have built-in firewall functionality through iptables, but out of the box Ubuntu lets everything in and out. This is similar to how Mac OS X ships, and significantly different from how Windows Vista ships, which blocks all incoming connections by default. Worse yet, Ubuntu doesn’t ship with a GUI to control the firewall either (something Mac OS X does), which necessitates pulling down a 3rd party package or configuring it via CLI.
| Operating System | Inbound | Outbound |
| Windows Vista | All applications blocked, applications can request an open port | All applications allowed, complex GUI to allow blocking them |
| Ubuntu 8.04 | All applications allowed, no GUI to change this | All applications allowed, no GUI to change this |
| Mac OS X 10.5 | All applications allowed, simple GUI to allow blocking them | All applications allowed, no GUI to change this |
Now to be fair, even if Ubuntu had shipped with a GUI tool for configuring its firewall I likely would have set it up exactly the same as how I leave Mac OS X set up – all incoming connections allowed – nevertheless I find myself scratching my head. Host-based firewalls aren’t the solution to all that ails computer security, but they’re also good ideas. I would rather see Ubuntu ship like Vista does, with an active firewall blocking incoming connections.
Backwards compatibility, or rather the lack thereof, is also a technical security benefit for Ubuntu. Unlike Windows, which attempts to provide security and still support old software that pre-dates modern security in Windows, Ubuntu does not have any such legacy software to deal with. Since Linux has supported the traditional *nix security model from the get-go, properly built legacy software should not expect free reign of the system when running and hence be a modern vulnerability. This is more an artifact of previous design than a feature, but it bears mentioning as a pillar of total security.
Moving on, there is an interesting element of Ubuntu’s design being more secure, but I hesitate to call it intentional. Earlier I mentioned how an OS that doesn’t let a user install software isn’t very useful, but Ubuntu falls under this umbrella somewhat. Because the OS is based heavily around a package manager and signed packages, it’s not well-geared towards installing software outside of the package manager. Depending on how it’s packaged, many downloaded applications need to be manually assigned an executable flag before they can be run, significantly impairing the ability for a user to blindly click on anything that runs. It’s genuinely hard to run non-packaged software on Ubuntu, and in this case that’s a security benefit – it’s that much harder to coerce a user to run malware, even if the dancing pigs problem isn’t solved.
Rounding out the security underpinnings of Ubuntu, we have the more traditional mechanisms. No-eXecute bit support helps to prevent buffer overflow attacks, and Address Space Layout Randomization makes targeting specific memory addresses harder. The traditional *nix sudo security mechanism keeps software running with user privileges unless specifically authenticated to take on full root abilities, making it functionally similar to UAC on Vista (or rather, the other way around). Finally, Ubuntu comes with the AppArmor and SELinux security policy features that enable further locking down the OS, although these are generally overkill for home use.
There’s one last issue I’d like to touch on when it comes to technical security measures, and that’s the nature of open source software. There is a well-reasoned argument that open source software is more secure because it allows for anyone to check the source code for security vulnerabilities and to fix them. Conversely, being able to see the source code means that such vulnerabilities cannot be completely obscured from public view.
It’s not a settled debate, nor do I intend to settle it, but it bears mentioning. Looking through the list of updates on a fresh Ubuntu install and the CERT vulnerability list, there are a number of potential vulnerabilities in various programs included with Ubuntu – Firefox for example has been patched for vulnerabilities seven times now. There are enough vulnerabilities that I don’t believe just counting them is a good way to decide if Ubuntu being open source has a significant impact on improving its security. Plus this comes full-circle with the notion of Ubuntu being practically secure (are there more vulnerabilities that people aren’t bothering to look for?), but nevertheless it’s my belief that being open source is a security benefit for Ubuntu here, even if I can’t completely prove it.
Because of the aforementioned ability to see and modify any and every bit of code in Ubuntu and its applications, Ubuntu also gains a security advantage in that it’s possible for users to manually patch flaws immediately (assuming they know how) and that with that ability Ubuntu security updates are pushed out just about as rapidly as humanly possible. This is a significant distinction from Windows and Patch Tuesday, and while Microsoft has a good business reason for doing this (IT admins would rather get all their patches at once, rather than testing new patches constantly) it’s not good technical reasoning. Ubuntu is more secure than Windows through the virtue of patching most vulnerabilities sooner than Windows.
Finally, looking at Ubuntu there are certainly areas for improvement with security. I’ve already touched on the firewall abilities, but sandboxing is the other notable weakness here. Windows has seen a lot of work put into sandboxing Internet Explorer so that machines cannot get hit with drive-by malware downloads, and it has proven to be effective. Both Internet Explorer and Google’s Chrome implement sandboxes using different methods, with similar results. Meanwhile Chrome is not ready for Linux, and Firefox lacks sandboxing abilities. Given the importance of the browser in certain kinds of malware infections, Ubuntu would benefit greatly from having Firefox sandboxed, even if no one is specifically targeting Ubuntu right now.
Facebook
Twitter
RSS
195 Comments
View All Comments
justniz - Wednesday, August 26, 2009 - link
Maybe I'm missung something but this appears to be a new article.Why are you reviewing a year-old version of Ubuntu? there's been nearly 3 releases since that (Ubuntu is on 9.04 now with 9.10 coming very soon).
Its important to review the most recent version as Ubuntu is totally unlike the Microsoft world in tnat new releases are frequent (Every 6 months) and have real practical improvements.
ioannis - Wednesday, August 26, 2009 - link
I couldn't help myself, but...RTFA!!
:-D
PS: if you read the article, you will also get the joke ;)
nafhan - Wednesday, August 26, 2009 - link
Great article. I look forward to reading the follow up.One comment on security that I would like to make. The commercial Linux vendors (IBM, Novell, Redhat, etc.) are all VERY dedicated to ensuring Linux security, as many/all of their server products use Linux, and changes they make will filter back down to the Linux desktop community. This is something that OSX does not have to nearly the same degree.
My experience with running Linux on the desktop sounds pretty much the same as yours.
-Games killed it in general. I don't usually have a top of the line system. So, I'm usually pushing my computer its limits to run newer games under Windows. Also, I hate dual booting, and most of the FOSS I use is available as a compiled binary for Windows.
-Drivers killed it in one specific instance with an older laptop, as I never got NdisWrapper (required for my wifi cards Windows drivers) to run better than intermittently. I spent way to much time messing with it.
crimson117 - Wednesday, August 26, 2009 - link
[quote]and for the price you’re only giving up official support.[/quote]Ubuntu doesn't have free official support, but neither does Microsoft. Apple does give 90 days free phone support, to their credit, but after that you have to pay.
You can always hire an expert (from ms, or apple, or a third party) to help you, but that's also true with ubuntu, though I expect there are fewer such experts to be found.
MS, Apple, and Ubuntu all offer free web-based help, both community maintained and "officially" maintained.
So I think it's misleading to imply that going from Windows or Mac to Ubuntu means you're downgrading your support options. People overestimate just how "supported" their operating systems are. Also, Linux / Ubuntu releases fixes and updates much more quickly than Apple or MS, so your chances of hitting a bug is lower in the first place. (MS maintains a huge knowledgebase of bugs they haven't bothered to fix yet and might have a workaround for - but I hardly see that as a positive).
crimson117 - Wednesday, August 26, 2009 - link
I'm probably being too hard on Apple here. The genius bar offers free 15 minute appointments to diagnose problems and offer software tips / advice.I'd say apple has the best "official" support, followed by a fuzzy tie between ubuntu and microsoft.
gordonsmall - Wednesday, August 26, 2009 - link
While I have used computers for 20 years or more, I am not a techie. I am much more interested an experience that "just works".When Vista came out I decided to explore the Linux desktop world. I have been using it as my primary system (still keep the dual boot option for XP) for just under 2 years.
I agree that "free" and security are big considerations for moving to a Linux desktop environment. However, there are some other items (and you might class them under security) that I like - because of the file structure, you don't have to periodically defrag your system. Both systems have a lot of updates, but so far I have not gotten the feeling that my Ubuntu system is gradually slowing down and clogging up with a lot of useless files (you don't see a lot of adds for such utilities as Registry Cleaners:). I no longer experience the MS ripple effect - when MS sneezes, other Windows apps may get a cold.
That is not to say that there cannot be issues. My pet peeve has been that my sound has disappeared on a couple of occassions after downloading updates. Using Google, and the Ubuntu documentation, I have been able to get it back up - but wish that wouldn't happen. But Windows updates can on occassion cause some issues.
I think you made a very valid point about the issue of tech support. Google has made a big difference in problem solving.
Enjoyed your review.
Gordon Small
yuchai - Wednesday, August 26, 2009 - link
I've tried using Linux (usually Ubuntu) as a full replacement desktop on and off for the last few years. I've gone back to Windows every time after a while. Some key points:1. For my desktop usage, there honestly isn't anything that Linux does better, in terms of functionality, than Windows
2. Windows is cheap enough that I do not mind spending the money on it. For the $100 that I spent for Vista 64 Home Premium OEM, it is quite worthwhile even if I only use it for 3 years. Yes, there are more apps out of the box for Linux, but it's usually easy to find freeware for Windows with the same functionality. Even Office is now pretty affordable with the Home & Office version.
3. Games - Wine just doesn't cut it. When I want to play a new game, I want buy it and play it immediately! I do not want to have to do research to see whether some game would work on Wine even before I buy it. I do not want to spend hours troubleshooting on the internet if something doesn't work right.
4. There's always something that you want to change in Linux that you can't figure out. Yes, usually the solution is on the internet. And I used to even enjoy spending time and looking for the solution. But, it eventually grew old. Now I just want things to work and keep working.
Note that I do love Linux and actually have a server that doubles as a mythtv HTPC setup. It's a beautiful thing. I am comfortable with shell commands and frequently use SSH to perform multiple functions remotely. My opinions above is purely based on desktop usage.
cciemd - Wednesday, August 26, 2009 - link
Great article, Ryan! Putting out some well written Linux articles really adds depth to your site. I have been reading this site daily for years and this article is prompting my first post.For future articles it would be great to see some Linux benchmarks in most of the hardware reviews. There are some excellent tools out there (check out http://www.phoronix-test-suite.com/)">http://www.phoronix-test-suite.com/). This would also give some closer apples-to-apples comparisons for Mac vs. Linux performance. I for one would LOVE to see SSD articles report some Linux (and Opensolaris/ZFS) benchmarks along with all the Windows tests.
Users often don't realize how much they benefit daily from open source software. I don't think most Mac users realize all the OSX pieces that are used in the background for which Apple leverages open source code (Samba for SMB access and sharing, Webkit for Safari, etc.). Home NAS and enterprise storage which serve files in Windows environments are often *nix based.
It is also a myth that open source means that developers aren't paid. Most enterprises recognize that implementing even commercial apps can require considerable internal development manpower. If enterprise developers can utilize open source code internally and contribute back to the code base, the companies save considerable money and benefit from a healthy software development ecosystem. There are thousands if not millions of developers employed to work on open source code.
Please keep up the good work. I am looking for your next article.
Ryan Smith - Wednesday, August 26, 2009 - link
Unfortunately the Phoronix Test Suite doesn't work under Windows, so it's of limited utility. It's something we may be able to work in to hardware reviews, but it's not really applicable to OS reviews.chrone - Wednesday, August 26, 2009 - link
what i'd like to see on the next ubuntu version is more softer and smoother graphic and font rendering. i hate the way gnome renders the graphic and font. they look old operating system. using the ms core font some how helps but not much.i know there's compiz and friends, but i just wish it comes by default, so no need to hassle with compiz and its setting. i wish it could be rendered softer and smoother such as in windows and mac osx.
the look and feel should be tweaked more often! :D