Revisiting Linux Part 1: A Look at Ubuntu 8.04
by Ryan Smith on August 26, 2009 12:00 AM EST- Posted in
- Linux
It’s Secure
Security is a tough nut to crack, both with respect to making something secure and judging something to be secure. I’m going to call Ubuntu secure, and I suspect that there’s going to be a lot of disagreement here. Nonetheless, allow me to explain why I consider Ubuntu secure.
Let’s first throw out the idea that any desktop OS can be perfectly secure. The weakest component in any system is the user – if they can install software, they can install malware. So while Ubuntu would be extremely secure if the user could not install any software, it would not be very useful to be that way. Ubuntu is just as capable as any other desktop OS out there when it comes to catching malware if the user is dedicated enough. The dancing pigs problem is not solved here.
Nevertheless, Ubuntu is more secure than other OSes (and let’s be frank, we’re talking about Windows) for two reasons. The first is for practical reasons, and the second is for technical reasons.
To completely butcher a metaphor here: if your operating system has vulnerabilities and no one is exploiting them, is it really vulnerable? The logical answer to that is “yes” and yet that’s not quite how things work. Or more simply put: when’s the last time you’ve seen a malware outbreak ravaging the Ubuntu (or any desktop Linux distro) community?
Apple often gets nailed for this logic, and yet I have a hard time disagreeing with it. If no one is trying to break into your computer, then right now, at this moment, it’s secure. The Ubuntu and Mac OS X user bases are so tiny compared to that of Windows that attacking anything but Windows makes very little sense from an attacker’s perspective.
It’s true that they’re soft targets – few machines run anti-virus software and there’s no other malware to fend off – but that does not seem to be driving any kind of significant malware creation for either platform. This goes particularly for Mac OS X, where security researchers have been warning about the complacent nature this creates, but other than a few proof of concept trojan horses, the only time anyone seems to be making a real effort to break into a Mac is to win one.
So I am going to call Ubuntu, with its smaller-yet user base and lack of active threats, practically secure. No one is trying to break into Ubuntu machines, and there’s a number of years’ worth of history with the similar Mac OS X that says it’s not going to change. There just aren’t any credible threats to be worried about right now.
With that said, there are plenty of good technical reasons too for why Ubuntu is secure; while it may be practically secure, it would also be difficult to break into the OS even if you wanted to. Probably the most noteworthy aspect here is that Ubuntu does not ship with any outward facing services or daemons, which means there is nothing listening that can be compromised for facilitating a fully automated remote code execution attack. Windows has historically been compromised many times through these attacks, most recently in October of 2008. Firewalls are intended to prevent these kinds of issues, but there is always someone out there that manages to be completely exposed to the internet anyhow, hence not having any outward facing services in the first place is an excellent design decision.
Less enthusing about Ubuntu’s design choices however is that in part because of the lack of services to expose, the OS does not ship with an enabled firewall. The Linux kernel does have built-in firewall functionality through iptables, but out of the box Ubuntu lets everything in and out. This is similar to how Mac OS X ships, and significantly different from how Windows Vista ships, which blocks all incoming connections by default. Worse yet, Ubuntu doesn’t ship with a GUI to control the firewall either (something Mac OS X does), which necessitates pulling down a 3rd party package or configuring it via CLI.
Operating System | Inbound | Outbound |
Windows Vista | All applications blocked, applications can request an open port | All applications allowed, complex GUI to allow blocking them |
Ubuntu 8.04 | All applications allowed, no GUI to change this | All applications allowed, no GUI to change this |
Mac OS X 10.5 | All applications allowed, simple GUI to allow blocking them | All applications allowed, no GUI to change this |
Now to be fair, even if Ubuntu had shipped with a GUI tool for configuring its firewall I likely would have set it up exactly the same as how I leave Mac OS X set up – all incoming connections allowed – nevertheless I find myself scratching my head. Host-based firewalls aren’t the solution to all that ails computer security, but they’re also good ideas. I would rather see Ubuntu ship like Vista does, with an active firewall blocking incoming connections.
Backwards compatibility, or rather the lack thereof, is also a technical security benefit for Ubuntu. Unlike Windows, which attempts to provide security and still support old software that pre-dates modern security in Windows, Ubuntu does not have any such legacy software to deal with. Since Linux has supported the traditional *nix security model from the get-go, properly built legacy software should not expect free reign of the system when running and hence be a modern vulnerability. This is more an artifact of previous design than a feature, but it bears mentioning as a pillar of total security.
Moving on, there is an interesting element of Ubuntu’s design being more secure, but I hesitate to call it intentional. Earlier I mentioned how an OS that doesn’t let a user install software isn’t very useful, but Ubuntu falls under this umbrella somewhat. Because the OS is based heavily around a package manager and signed packages, it’s not well-geared towards installing software outside of the package manager. Depending on how it’s packaged, many downloaded applications need to be manually assigned an executable flag before they can be run, significantly impairing the ability for a user to blindly click on anything that runs. It’s genuinely hard to run non-packaged software on Ubuntu, and in this case that’s a security benefit – it’s that much harder to coerce a user to run malware, even if the dancing pigs problem isn’t solved.
Rounding out the security underpinnings of Ubuntu, we have the more traditional mechanisms. No-eXecute bit support helps to prevent buffer overflow attacks, and Address Space Layout Randomization makes targeting specific memory addresses harder. The traditional *nix sudo security mechanism keeps software running with user privileges unless specifically authenticated to take on full root abilities, making it functionally similar to UAC on Vista (or rather, the other way around). Finally, Ubuntu comes with the AppArmor and SELinux security policy features that enable further locking down the OS, although these are generally overkill for home use.
There’s one last issue I’d like to touch on when it comes to technical security measures, and that’s the nature of open source software. There is a well-reasoned argument that open source software is more secure because it allows for anyone to check the source code for security vulnerabilities and to fix them. Conversely, being able to see the source code means that such vulnerabilities cannot be completely obscured from public view.
It’s not a settled debate, nor do I intend to settle it, but it bears mentioning. Looking through the list of updates on a fresh Ubuntu install and the CERT vulnerability list, there are a number of potential vulnerabilities in various programs included with Ubuntu – Firefox for example has been patched for vulnerabilities seven times now. There are enough vulnerabilities that I don’t believe just counting them is a good way to decide if Ubuntu being open source has a significant impact on improving its security. Plus this comes full-circle with the notion of Ubuntu being practically secure (are there more vulnerabilities that people aren’t bothering to look for?), but nevertheless it’s my belief that being open source is a security benefit for Ubuntu here, even if I can’t completely prove it.
Because of the aforementioned ability to see and modify any and every bit of code in Ubuntu and its applications, Ubuntu also gains a security advantage in that it’s possible for users to manually patch flaws immediately (assuming they know how) and that with that ability Ubuntu security updates are pushed out just about as rapidly as humanly possible. This is a significant distinction from Windows and Patch Tuesday, and while Microsoft has a good business reason for doing this (IT admins would rather get all their patches at once, rather than testing new patches constantly) it’s not good technical reasoning. Ubuntu is more secure than Windows through the virtue of patching most vulnerabilities sooner than Windows.
Finally, looking at Ubuntu there are certainly areas for improvement with security. I’ve already touched on the firewall abilities, but sandboxing is the other notable weakness here. Windows has seen a lot of work put into sandboxing Internet Explorer so that machines cannot get hit with drive-by malware downloads, and it has proven to be effective. Both Internet Explorer and Google’s Chrome implement sandboxes using different methods, with similar results. Meanwhile Chrome is not ready for Linux, and Firefox lacks sandboxing abilities. Given the importance of the browser in certain kinds of malware infections, Ubuntu would benefit greatly from having Firefox sandboxed, even if no one is specifically targeting Ubuntu right now.
195 Comments
View All Comments
apt1002 - Thursday, August 27, 2009 - link
Excellent article, thank you. I will definitely be passing it on.I completely agree with superfrie2 about the CLI. Why resist it?
Versions: I, like you, originally plumped for Hardy Heron because it is an LTS version. I recently changed my mind, and now run the latest stable Ubuntu. As a single user, at home, the benefits of a long-term unchanging OS are pretty small, and in the end it was more important to me to have more recent versions of software. Now if I were administering a network for an office, it would be a different matter...
Package management: Yes, this is absolutely the most amazing part of free software! How cool is it to get all your software, no matter who wrote it, from one source, which spends all its time diligently tracking its dependencies, checking it for compatibility, monitoring its security flaws, filtering out malware, imposing sensible standards, and resisting all attempts by big corporations to shove stuff down your throat that you don't want, all completely for free? And you can upgrade *everything* to the latest versions, at your own convenience, in a single command. I still don't quite believe it.
Unpackaged software: Yes, I agree, unpackaged software is not nearly as good as packaged software. It's non-uniform, may not have a good uninstaller, might require me to install something else first, might not work, and might conceal malware of some sort. That's no different from any other OS. However, it's not as bad as you make out. There *is* a slightly more old-fashioned way of installing software: tarballs. They're primitive, but they are standard across all versions of Unix (certainly all Linux distributions), they work, and pretty much all Linux software is available in this form. It never gets worse than that.
Games: A fair cop. Linux is bad for games.
GPUs: Another fair cop. I lived with manually installing binary nVidia drivers for five years, but life's too short for that kind of nonsense. These days I buy Intel graphics only.
40 second boot: More like 20 for me on my desktop machine, and about 12 on my netbook (which boots off SSD). After I installed, I spent a couple of minutes removing software I didn't use (e.g. nautilus, gdm, and most of the task bar applets), and it pays off every time I boot.
Separate menu bar and task bar: I, like you, prefer a Windows-ish layout with everything at the bottom, so after I installed I spent a minute or two dragging-and-dropping it all down there.
GregE - Wednesday, August 26, 2009 - link
I use GNU/Linux for 100% of my needs, but then I have for years and my hardware and software reflect this. For example I have a Creative Zen 32gb SSD music player and only buy DRM free MP3s. In Linux I plug it in and fire up Amarok and it automatically appears in the menus and I can move tracks back and forth. I knew this when I bought it, I would never buy an iPod as I know it would make life difficult.The lesson here is that if you live in a Linux world you make your choices and purchases accordingly. A few minutes with Google can save you a lot of hassle when it comes to buying hardware.
There are three web sites any Ubuntu neophyte needs to learn.
1 www.medibuntu.org where multimedia hassles evaporate.
2 http://ubuntuguide.org/wiki/Ubuntu:Jaunty">http://ubuntuguide.org/wiki/Ubuntu:Jaunty the missing manual where you will find the solution to just about any issue.
3 http://www.getdeb.net/">http://www.getdeb.net/ where new versions of packages are published outside of the normal repositories. You need to learn how to use gdebi installer, but essentially you download a deb and double click on it.
Then there are PPA repositories for the true bleeding edge. This is the realm of the advanced user.
For a home user it is always best to keep up to date. The software is updated daily, what did not work yesterday works today. Hardware drivers appear all the time, by sticking with LTS releases you are frozen in time. Six months is a long time, a year is ancient history. An example is USB TV sticks, buy one and plug it into 8.10 and nothing happens, plug it in 9.04 and it just works or still does not work, but will in 9.10
Yes it is a wild ride, but never boring. For some it is an adventure, for others it is too anarchic.
I use Debian Sid which is a rolling release. That means that there are no new versions, every day is an update that goes on forever. Ubuntu is good for beginners and the experienced, the more you learn the deeper you can go into a world of software that exceeds 30,000 programs that are all free in both senses.
I look forward to part 2 of this article, but remember that the author is a Linux beginner, clearly technically adept but still a Linux beginner.
It all comes down to choice.
allasm - Thursday, August 27, 2009 - link
> I use Debian Sid which is a rolling release.> That means that there are no new versions, every day is an update that goes on forever.
This is actually one of the best things about Ubuntu and Debian - you NEVER have to reinstall your OS.
With Windows you may live with one OS for years (few manage to do that without reinstalling, but it is definitely possible) - but you HAVE to wipe everything clean and install a new OS eventually. With Debian and Ubuntu you can simply constantly upgrade and be happy. At the same time noone forces you to upgrade ALL the time, or upgrade EVERYTHING - if you arehappy with, say, firefox v2 and dont want to go to v3 because your fav skin is not there yet - just dont upgrade one app (and decide for yourself if uyou need the security fixes).
Some time ago I turned on a Debian box which was offline/turned off for 2+ years and managed to update it (to a new release) with just two reboots (one for the new kernel to take effect). That was it, it worked right after that. To be fair, I did have to update a few config files manually after that to make it flawless, but even without manual updates the OS at least booted "into" the new release. Natuarally, all my user data stayed intact, as did most of the OS settings. Most (99%) programs worked as expected as well - the problematic 1% falling on some GUI programs not dealing well with new X/window manager. And had no garbage files or whatever after the update (unlike what you get if you try to upgrade a winXP to say WinVista)
Having said all that, I 100% agree that linux has its problems as a desktop OS (I use windows more than linux day-to-day), but I totally disagree that using one OS for a long time is a weak point of Ubuntu.
P.S. one thing i never tried is upgrading a 32 bit distro to 64 bit - i wonder if this is possible on a live OS using a package manager.
wolfdale - Wednesday, August 26, 2009 - link
A good article but I have a few pointers.1) More linux distros need to be reviewed. Your "out of the box" review was informational but seemed to more in-tuned with commercial products aimed for making a profit (ie, is this a good buy for your money?). I, for one, used to check AnandTech.com before making a big computer item purchase. However linux is free to the public thus the tradeoff for the user would now be how much time should I invest in learning and customizing this particular distro. Multi-distro comparisons along with a few customized snapshots would help the average user on deciding what to spend with his valuable time and effort.
2) Include Linux compatibility on hardware reviews. Like I said earlier, I once used AnandTech.com as my guide for all PC related purchases and I have to say about 80% of the time it was correct. But, try to imagine my horror about 1.5 years ago when my brand spanking new HD4850 video card refused to do anything related to 3-D on Ubuntu. I spent weeks trying to get it to work but ended up selling it and going with Nvidia. Of course it was a driver issue but no where did AnandTech.com mentioned this other than saying it was a best buy.
Thanks for listening, I feel better now. I'm looking forward to reading your Ubuntu 9.04 review and please keep adding more linux related articles.
ParadigmComplex - Wednesday, August 26, 2009 - link
When I first saw that there was going to be a "first time with Linux" article on Anandtech, I have to admit I was a bit worried. While the hardware reviews here are excellent, it's already something you guys are familiar with - it's not new grounds, you know what to look for. I sadly expected Ryan would enter with the wrong mindset, trip over something small and end up with an unfair review like almost all "first time with Linux" reviews end up being.Boy, was I wrong.
With only one major issue (about APT, which I explained in another post) and only a handful of little things (which I expect will be largely remedied in Part 2), this article was excellent. Pretty much every major thing that needed to be touched on was hit, most of Ubuntu's major pluses and minuses fairly reviewed. It's evident you really did your homework, Ryan. Very well done. I should have known better then to doubt anyone from anandtech, you guys are brilliant :D
Fox5 - Wednesday, August 26, 2009 - link
One last thing I forgot to say....Good job on the article. I (and many others) would have liked to see 9.04 instead (I don't know of anyone who uses the LTS releases, those seemed to be aimed at system integrators, such as Dell's netbooks with ubuntu), but the article itself was quality.
jasperjones - Wednesday, August 26, 2009 - link
I'd like to make one last addition in similar spirit. I appreciate this article as a generally unbiased review that covers many important aspects of a general-purpose OS.And just to be sure: I'm not a Linux fanatic, in fact, for some reason, I'm writing up this post on Vista x64 ;)
jasperjones - Wednesday, August 26, 2009 - link
You're right that there are historical reasons that dictate that one Linux binary might be in /usr/bin, another in /sbin or /usr/sbin, yet another one in /usr/local/bin, etc.However, you really couldn't care less as long as the binary is in your path. which foo will then tell you the location. Furthermore, there's hardly any need to manually configure something in the installation directory. Virtually anything that can be user-configured (and there's a lot more that can than on Windows) can be configured in a file below ~ (your home). The name of the config file is usually intuitive.
But yeah, for things that you configure as admin (think X11 in /etc/X11/xorg.conf or Postgres usually somewhere under /usr/local/pgsql) you might need to know the directory. However, the admin installs the app, so he should know. Furthermore, GUIs exist to configure most admin-ish things (I don't know what it's in Ubuntu for X but it's sax2 in SUSE; and it's pgadmin for Postgresql in both Ubuntu and SUSE)
ParadigmComplex - Wednesday, August 26, 2009 - link
Again, if I may extend from what you've said:Even though it is technically possible to reorder the directory structure, Ubuntu isn't going to do it for a variety of reasons:
First and foremost, one must remember Ubuntu is essentially just a snapshot of Debian's in-development branch (unstable aka Sid) with some polish aiming towards user-friendliness and (paid) support. Other then the user-friendly tweaks and support, Ubuntu is whatever Debian is at the time of the snapshot. And while Debian has a lot of great qualities, user-friendliness isn't one of them (hence the need for Ubuntu). Debian focuses on F/OSS principles (DFSG), stability, security, and portability - Debian isn't going to reorder everything in the name of user-friendless.
Second, it'd break compatibility with every other Linux program out there. Despite the fact that Ryan seemed to think it's a pain to install things that aren't from Ubuntu's servers, it's quite common. If Ubuntu rearranges things, it'd break everything else from everyone else.
Third, it would be a tremendous amount of work. I don't have a number off-hand, but Ubuntu has a huge number of programs available in it's repos that would have to be changed. Theoretically it could be done with a script, but it's risking breaking quite a lot for no real gain. And this would have to be done every six months from the latest Debian freeze.
jasperjones - Wednesday, August 26, 2009 - link
I disagree with the evaluation of the package manager.First, there's a repo for almost anything. I quickly got used to adding a repo containing newer builds of a desired app and then installing via apt-get.
Second, with a few exceptions, you can just download source code and then install via "./configure; make; sudo make install." This usually works very well if, before running those commands, you have a quick look at the README and install required dependencies via apt-get (the versions of the dependencies in the package manager almost always are fine).
Third, and most importantly, you can simply update your whole Ubuntu distribution via dist-upgrade. True, you might occasionally get issues from doing that (ATI/NVIDIA driver comes to mind) but think of the convenience. You get a coffee while "sudo apt-get dist-upgrade" runs and when you get back, virtually EVERYTHING is upgraded to a recent version. Compare that with Windows, where you might waste hours to upgrade all apps (think of coming back to your parent's PC after 10 months, discovering all apps are outdated).