Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › How safe is Ubuntu?
New Posts  All Forums:Forum Nav:

How safe is Ubuntu? - Page 6

post #51 of 97
Yeah, it goes back to the age-old argument when Vista came out - most people turned off UAC because it "was annoying and got in the way". However, this is the equivalent of running Linux as root all the time (sort of). This all stems from Windows apps being coded wrong, requiring local admin privileges just to run properly. Most Linux users would reel at the thought of this if presented with a Linux desktop app that required root 24/7
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
post #52 of 97
Quote:
Originally Posted by Bluescreen_Of_Death View Post
/confused

Quote person
Say they're wrong
Have long post that confirms their point, but with more detail
???
Profit
I didn't confirm their point. That person stated:

Quote:
Originally Posted by W4LNUT5 View Post
... Linux systems handle permissions far better than windows.
I'm just saying that's an incorrect statement. It's a statement about technology, and from that perspective NTFS provides much better permissions control than POSIX permissions.

Quote:
Originally Posted by Bluescreen_Of_Death View Post
The tech behind the security is no good if it's not used. So, even though NTFS might be technically more secure, Linux appears to be better at effectively using the security at it's disposal.

So, essentially, although Windows has the potential to be more secure, it's not. Right?
Windows operating systems since NT days, has the potential to be very secure; true. Is it more secure than Linux or not, at the end of the day depends on how it is used.

Like someone else posted above, a lot of people in the Vista days disabled UAC. Similarly, I know a hosting company that sets up Linux servers and allow remote SSH access to the root account. A lot of their customers, not knowing too much about security leave their servers this way. Guess what, hackers love to scan for SSH on their network and run brute-force attacks all day long. A LOT of Linux servers get owned that way. If you worked at that company, you'd probably think Linux was the most insecure OS.

On the other hand, I know of data centers that deploy a lot of Windows servers, but the admins there know their ****, and go through a securing process (as Linux admins should too) that locks down their servers. I've only known of one intrusion incident there due too a testing server leaving 1433/TCP (SQL server) open by accident (again, human error).

If anyone here has tried configuring SELinux to enable a MAC system (Mandatory Access Control), you'll realize how complicated it is and that it can easily be misconfigured. SELinux, is in a way, the Linux world's answer to "NTFS can do all this, why can't Linux?" And at the end of the day, whether Linux or Windows, we're not that much ahead.... how many times have you seen people recommend turning off SELinux on this forum and elsewhere? Because configuring SELinux is complicated (though getting better with policy templates) and because it often gets in the way of certain applications working, it often gets disabled.

I think, more to the point of what I'm trying to say is, don't be fooled into thinking Linux/Unix is more secure than Windows. I hear that statement a LOT, and really it's not necessarily true. Linux/Unix has the benefit that it's not the dominant desktop OS right now, and a lot of malware/trojans mostly target the dominant desktop OS; so in a sense, us Linux users are lucky because we're not targeted. A lot of Ubuntu installations out there that I've seen, especially from newbie Linux users, could be easily owned if targeted. If we start spreading the inaccurate word that "Linux is more secure than X operating system" and people think that's true and get arrogant about it and forget to secure their Ubuntu or Debian or Fedora installations, we're not doing ourselves any favors.

If we're going to have a serious discussion about security, as is relevant to this thread, we shouldn't just go around saying X is more secure than Y, when technically either one could be just as secure. We should have a discussion about what can be done to make one's OS more secure.

Sorry for the rant... i work in the security world and this is one point of contention i run into often. I love Linux and I'd hate to see Linux users get arrogant about security and end up with a lot of insecure Linux installations...
TAIPEI
(10 items)
 
AURORA
(13 items)
 
 
MotherboardGraphicsRAMHard Drive
ASRock X99 Extreme11 EVGA GTX 980 Superclocked 32GB 8x4GB Corsair LPX Samsung XP941  
Hard DriveCoolingOSMonitor
Western Digital 3TB RE Noctua NH-D15 Fedora 21 Linux Samsung S27D590C 
PowerCase
Seasonic SS-1200XP Cooler Master Cosmos II 
CPUMotherboardGraphicsRAM
Dual Quad-core L5430 2.66Ghz 12mb cache Intel 5000 chipset ATI ES1000 64GB FBDIMM DDR2 PC2-5300 667Mhz 
Hard DriveOSPower
WD3000FYYZ PERC H700 w/ 512MB cache CentOS 7.2.1511 950W x2 
  hide details  
Reply
TAIPEI
(10 items)
 
AURORA
(13 items)
 
 
MotherboardGraphicsRAMHard Drive
ASRock X99 Extreme11 EVGA GTX 980 Superclocked 32GB 8x4GB Corsair LPX Samsung XP941  
Hard DriveCoolingOSMonitor
Western Digital 3TB RE Noctua NH-D15 Fedora 21 Linux Samsung S27D590C 
PowerCase
Seasonic SS-1200XP Cooler Master Cosmos II 
CPUMotherboardGraphicsRAM
Dual Quad-core L5430 2.66Ghz 12mb cache Intel 5000 chipset ATI ES1000 64GB FBDIMM DDR2 PC2-5300 667Mhz 
Hard DriveOSPower
WD3000FYYZ PERC H700 w/ 512MB cache CentOS 7.2.1511 950W x2 
  hide details  
Reply
post #53 of 97
Assuming anything is secure at the end of the day is arrogant. We both know this.
    
CPUMotherboardGraphicsRAM
I5-2500k 4.8Ghz @ 1.38v Z68X-UD4-B3 PNY 480 8GB Dominator 1600's 
Hard DriveOptical DriveOSMonitor
Intel 510 + 300GB Velociraptor LG DVD RW Server 2012 HP 25" + HP 20" 
KeyboardPowerCaseMouse
Deck Legend TX850W XClio Coolbox Mamba 
Mouse PadAudio
Dolica HD550's 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
I5-2500k 4.8Ghz @ 1.38v Z68X-UD4-B3 PNY 480 8GB Dominator 1600's 
Hard DriveOptical DriveOSMonitor
Intel 510 + 300GB Velociraptor LG DVD RW Server 2012 HP 25" + HP 20" 
KeyboardPowerCaseMouse
Deck Legend TX850W XClio Coolbox Mamba 
Mouse PadAudio
Dolica HD550's 
  hide details  
Reply
post #54 of 97
Quote:
Originally Posted by BLinux View Post
I didn't confirm their point. That person stated:



I'm just saying that's an incorrect statement. It's a statement about technology, and from that perspective NTFS provides much better permissions control than POSIX permissions.
I don't see it. You can do everything with POSIX that can be done on NTFS (which is a crappy file system, btw).


Quote:
Like someone else posted above, a lot of people in the Vista days disabled UAC. Similarly, I know a hosting company that sets up Linux servers and allow remote SSH access to the root account. A lot of their customers, not knowing too much about security leave their servers this way. Guess what, hackers love to scan for SSH on their network and run brute-force attacks all day long. A LOT of Linux servers get owned that way. If you worked at that company, you'd probably think Linux was the most insecure OS.
Anyone who has even read security 101 knows not to leave ssh open to root. And just about everyone knows not to use password authentication on an ssh server.

Quote:
If anyone here has tried configuring SELinux to enable a MAC system (Mandatory Access Control), you'll realize how complicated it is and that it can easily be misconfigured. SELinux, is in a way, the Linux world's answer to "NTFS can do all this, why can't Linux?"
No, it's not. SELinux and NTFS are nothing alike whatsoever. Where did you get this idea? Indeed, Windows tried to copy SELinux with its integrity controls first put into Vista. Windows copied Linux by implementing DEP/ASLR 5 years after Linux had it. There's other examples of Windows becoming more Unix like. I've never heard of Linux copying Windows, though (at least not where security is concerned).

Quote:
And at the end of the day, whether Linux or Windows, we're not that much ahead.... how many times have you seen people recommend turning off SELinux on this forum and elsewhere? Because configuring SELinux is complicated (though getting better with policy templates) and because it often gets in the way of certain applications working, it often gets disabled.
I think SELinux is overkill on a desktop machine, so I don't really cry when people turn it off. I do think if one is running a server, one should attempt to learn about how it works and leave it enabled. There are several other MAC systems one can use that are much more simple to learn and understand (AppArmor and TOMOYO for instance).

Quote:
I think, more to the point of what I'm trying to say is, don't be fooled into thinking Linux/Unix is more secure than Windows. I hear that statement a LOT, and really it's not necessarily true. Linux/Unix has the benefit that it's not the dominant desktop OS right now, and a lot of malware/trojans mostly target the dominant desktop OS;
*nix servers are dominant in the market, yet we still don't see malware. Why not?

Quote:
so in a sense, us Linux users are lucky because we're not targeted. A lot of Ubuntu installations out there that I've seen, especially from newbie Linux users, could be easily owned if targeted. If we start spreading the inaccurate word that "Linux is more secure than X operating system" and people think that's true and get arrogant about it and forget to secure their Ubuntu or Debian or Fedora installations, we're not doing ourselves any favors.
I agree it is not smart to tell people that Linux will magically solve all security threats without them having to learn how to configure it. But this doesn't mean Windows is just unlucky because everyone targets it.

Quote:
It was mostly due to the capabilities of NTFS (and the audit features in WinNT) that allowed Windows NT in the mid 90's to achieve a C2 security rating based on the US DoD security standards. Linux with ext2 and basic POSIX permissions wasn't even close back then....
Uh, that's because Linux wasn't evaluated based on Orange Book standards. Why? Because it costs a lot of money (millions). If you look at the Trusted Criteria, you will see that SUSE Enterprise and Red Hat have both been evaluated at EAL4, and with MLS would most likely pass at EAL5.

Quote:
As far as UAC stuff, the Linux/Unix equivalent would be sudo or su... and neither of those are really great solutions from a security standpoint. It is why those programs have to be setuid root, which is what really allows it to escalate permissions. If you ever take a course on hacking Unix systems for local privilege escalation, you'll know that the 1st targets are all the setuid root binaries.
It's the same thing on Windows. Both Windows and POSIX use what is known as Discretionary Access Controls, which are vulnerable to privilege escalation. Only Linux has a robust MAC/MLS system.
Edited by thiussat - 4/30/11 at 10:36am
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
post #55 of 97
You guys are seriously over my head...
To think I like windows for such simple reasons that I can play games
    
CPUMotherboardGraphicsRAM
i7 970 4.15 @ ~1.39v HT ON, Turbo Off EVGA x58 3x SLI 2x EVGA GTX 980 SLI (watercooled), 1x EVGA GTX ... 6 GB 1600 OCZ DDR3 Gold Edition 7-7-7-18 @1475Mhz 
Hard DriveOptical DriveOSMonitor
Samsung 840 SSD 250GB, 2xSamsungF3 1TB (Raid0) 22x Super Multi, 8x Blu-ray Reader Windows 7 Ultimate x64 2x Yamakasi Catleap Q270s (2560x1440) 
PowerCaseMouseAudio
Kingwin 1000w Platinum HAF 932 Black Interior Logitech G500 Logitech Z5500 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 970 4.15 @ ~1.39v HT ON, Turbo Off EVGA x58 3x SLI 2x EVGA GTX 980 SLI (watercooled), 1x EVGA GTX ... 6 GB 1600 OCZ DDR3 Gold Edition 7-7-7-18 @1475Mhz 
Hard DriveOptical DriveOSMonitor
Samsung 840 SSD 250GB, 2xSamsungF3 1TB (Raid0) 22x Super Multi, 8x Blu-ray Reader Windows 7 Ultimate x64 2x Yamakasi Catleap Q270s (2560x1440) 
PowerCaseMouseAudio
Kingwin 1000w Platinum HAF 932 Black Interior Logitech G500 Logitech Z5500 
  hide details  
Reply
post #56 of 97
Quote:
Originally Posted by BLinux View Post
As far as UAC stuff, the Linux/Unix equivalent would be sudo or su... and neither of those are really great solutions from a security standpoint. It is why those programs have to be setuid root, which is what really allows it to escalate permissions. If you ever take a course on hacking Unix systems for local privilege escalation, you'll know that the 1st targets are all the setuid root binaries.
I think you'll enjoy this.
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
post #57 of 97
permissions aside (which anyone that has used both os's can say linux does better... i know you can be a nazi in windows and REALLY permission everything, but its so easy to exploit glitches for escalation :/)

linux is far more secure because of how modular it is... your browser gets hijacked? COOL your browser got hijacked nothing else your browser gets hijacked in windows? your screwed

not to mention how overly cluttered and complex windows is to the point you can find hilarious ways to easily get admin access by exploiting glitches... those are SOOOO much less common in linux because if you do find a glitch, you might be able to hijack one program but not an account or an entire system...

im no security expert, though i am trying to get there but it doesnt take a security expert to see the huge advantages to the way linux does things
Kinda meh now...
(13 items)
 
  
CPUMotherboardGraphicsRAM
PhII 940 BE asus M4N82 Deluxe 2x 8800gts(g92) 2x 1g ocz ddr2 1066 
Hard DriveOptical DriveOSMonitor
/dev/sd[abc] /dev/sr0 WinXP/Linux 22in acer 
PowerCaseMouseMouse Pad
950w rosewill timebomb Antec 900 (2small) Voodoo Deathadder (RED!) X-Trac Pads Ripper XL 
  hide details  
Reply
Kinda meh now...
(13 items)
 
  
CPUMotherboardGraphicsRAM
PhII 940 BE asus M4N82 Deluxe 2x 8800gts(g92) 2x 1g ocz ddr2 1066 
Hard DriveOptical DriveOSMonitor
/dev/sd[abc] /dev/sr0 WinXP/Linux 22in acer 
PowerCaseMouseMouse Pad
950w rosewill timebomb Antec 900 (2small) Voodoo Deathadder (RED!) X-Trac Pads Ripper XL 
  hide details  
Reply
post #58 of 97
Quote:
Originally Posted by EntTheGod View Post
permissions aside (which anyone that has used both os's can say linux does better... i know you can be a nazi in windows and REALLY permission everything, but its so easy to exploit glitches for escalation :/)

linux is far more secure because of how modular it is... your browser gets hijacked? COOL your browser got hijacked nothing else your browser gets hijacked in windows? your screwed

not to mention how overly cluttered and complex windows is to the point you can find hilarious ways to easily get admin access by exploiting glitches... those are SOOOO much less common in linux because if you do find a glitch, you might be able to hijack one program but not an account or an entire system...

im no security expert, though i am trying to get there but it doesnt take a security expert to see the huge advantages to the way linux does things
Right on the money here. This is one of the biggest reasons why Linux is more secure than Windows.
post #59 of 97
Quote:
Originally Posted by EntTheGod View Post
not to mention how overly cluttered and complex windows is to the point you can find hilarious ways to easily get admin access by exploiting glitches... those are SOOOO much less common in linux because if you do find a glitch, you might be able to hijack one program but not an account or an entire system...
I'm not expert but wouldn't that also be a problem with the browser? I mean everyone knows that until recently IE was full of more holes than swiss cheese compared to firefox or chrome.
    
CPUMotherboardGraphicsRAM
i7 970 4.15 @ ~1.39v HT ON, Turbo Off EVGA x58 3x SLI 2x EVGA GTX 980 SLI (watercooled), 1x EVGA GTX ... 6 GB 1600 OCZ DDR3 Gold Edition 7-7-7-18 @1475Mhz 
Hard DriveOptical DriveOSMonitor
Samsung 840 SSD 250GB, 2xSamsungF3 1TB (Raid0) 22x Super Multi, 8x Blu-ray Reader Windows 7 Ultimate x64 2x Yamakasi Catleap Q270s (2560x1440) 
PowerCaseMouseAudio
Kingwin 1000w Platinum HAF 932 Black Interior Logitech G500 Logitech Z5500 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 970 4.15 @ ~1.39v HT ON, Turbo Off EVGA x58 3x SLI 2x EVGA GTX 980 SLI (watercooled), 1x EVGA GTX ... 6 GB 1600 OCZ DDR3 Gold Edition 7-7-7-18 @1475Mhz 
Hard DriveOptical DriveOSMonitor
Samsung 840 SSD 250GB, 2xSamsungF3 1TB (Raid0) 22x Super Multi, 8x Blu-ray Reader Windows 7 Ultimate x64 2x Yamakasi Catleap Q270s (2560x1440) 
PowerCaseMouseAudio
Kingwin 1000w Platinum HAF 932 Black Interior Logitech G500 Logitech Z5500 
  hide details  
Reply
post #60 of 97
Quote:
Originally Posted by Klue22 View Post
I'm not expert but wouldn't that also be a problem with the browser? I mean everyone knows that until recently IE was full of more holes than swiss cheese compared to firefox or chrome.
Yes, it would, but Windows has an old habit of letting things get kernel access that didn't need it, like the browser IIRC.

In Linux, programs will only ask for kernel access if they actually need it. Therefore, a compromised browser is just a compromised browser, not a compromised computer.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Linux, Unix
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › How safe is Ubuntu?