When I wrote my Windows 7 vs. Ubuntu 10.04 Beta ARTICLE several days ago, I rated Ubuntu higher than Windows in terms of security. In hindsight, I think I was perhaps assuming certain bits and pieces, as well as maybe not thoroughly explaining why I thought that was the case.
Thanks to some of the posts from readers, I started thinking I should cover this subject in more depth. Moreover, I could see that there were certain areas that were lacking consensus, even among very skilled and knowledgeable people. Since then, I have been doing some research on certain things I was not 100% clear on, as well as carefully thinking about those potentially weak spots certain posts were raising. I would like to use this article to share my views on this subject.
First off, even if some posts claimed to expose irrefutable facts, I have to say I believe there no such thing, for all arguments were ultimately linked to personal opinions. In fact, the biggest disagreements came from different interpretations of three main questions:
- What is standard home desktop usage?
- What threats pose a risk to the Linux home desktop?
- What is currently missing security wise?
Answers to these questions did eventually shape another answer to yet another key question:
- What should end users do to close the gap?
Before I move on and share my own point of view, I would like to list a few things that may provide some context:
- There seems to be a tendency to interconect our data across an ever increasing amount of devices. Smartphones, iPods and the like, iPad and similar devices, netbooks... The list goes on and on.
- The media through which we interchange data is also changing and evolving very quickly. 3G (many countries have already incorporated 3.5G and a few already offer 4G), ADSL, Cable, High speed internet, etc.
- The evolution towards a cloud computing model keeps reducing the scope of the traditional home desktop as the primary means of storing data for the average user. Certain services, like Dropbox, offer users a cheap solution to keep data safe and available from different sources and locations.
- Corporations store critical data that may be a target for third parties for many reasons, thus justifying the huge investments they put in place to keep it private and safe. When they implement desktop security practices, they do so in a controlled environment, where each link of the chain gets just as much attention as the desktop.
- A home desktop OS should sport a balance between many features, among which security is just one. It is unreasonable to expect a standard user to spend hours partitioning a drive so that optimum security is achieved when, for all we know, s/he may never store anything worth securing.
What this means to me:
- The home desktop is not the only, maybe not even the main device whose security should concern us. In fact, we can make our desktop more secure than fort knox, but that means nothing if we don't encrypt our wireless connection, or if we have mobile devices with bluetooth fully open, or if our 3G connection is compromised, etc.
- In my opinion, trying to draw any comparisons between corporate and home desktop security is beyond the point. It is unreasonable to expect a standard user will have the ability or even the possibility to implement a fully secure environment.
On a different note, corporations implement security policies in accordance to the criticality of their information, which is directly related to how much of a target that information may become. I think those are concerns the average Joe does not share for obvious reasons.
- Security must be balanced with other elements that are equally important for the end user, such as ease of use.
With all that said, let me share my perspective on...
LINUX DESKTOP SECURITY
Since Windows is currently the most popular home desktop operating system, and whether we like it or not, the standard by which most keep judging the Linux desktop, I will continue to draw comparisons to the Microsoft OS. After all, it was this very comparison that created all the noise.
If you have read about the Linux desktop firewall on forums, or even in the posts from this blog, chances are you probably are confused about it. I know I was.
The most popular Linux desktops include a firewall from the get go, that much is clear, but there was little consensus on whether it was enabled or disabled by default. Things may vary slightly depending on the distro, but here's how it goes in Ubuntu:
The firewall policies are all set to ACCEPT by default, which effectively means all ports are open. However, none of them is listening, so in practical terms, they are all closed.
Zenmap's intense scan found no open ports in my Ubuntu 9.04 desktop.
As you can see from the screenshot above, a scan on one of my machines shows no ports are open by default, which is the result of having no ports listening. However, if I installed a mail server, a MySQL server, or maybe even just a printer, that would open one or more ports. That could be a potential threat, but if you are behind a router, as I am, you should be perfectly safe as long as you don't forward any port(s).
The best thing you could do, though, is install one of the visual interfaces available. GUFW and Firestarter are both available from pretty much any Linux distro repository and install very easily. When they are first setup during installation, a default configuration is put in place that should keep things very much secure (policies default to DROP). It is important to understand that once those rules have been setup, you should not need to run GUFW or firestarter all the time to stay safe. In fact, you should not need to run them unless you want to modify any of the rules or monitor IPTABLES activity.
Long story short, if you are using Ubuntu at home and you are behind a router, you are pretty much safe from attacks with the default setup. Having said so, I would still recommend installing one of the visual interfaces available. As far as I know, the Windows installation does include firewall support and is enabled by default, so I believe both are pretty even on this one.
If anything, I think Linux distros should make an effort to provide better information about this subject as part of the desktop experience, so the end user can understand the level of protection provided, the risks (if any), etc.
As we have seen in a previous ARTICLE, Linux is virus free. Now, I consider this a critical element and was surprised to see some posts claiming that all you need as a Windows user to be safe is to "install an antivirus".
Just like with pretty much anything in computing, the subject of viruses and antivirus software can get as deep and complex as you want to make it, so I will stick with a few concepts I consider relevant to our home desktop security discussion:
- Even if Windows users are asked to install an antivirus, it is still very much down to user choice. I have heard people I know say that they are not paying $30 a year for an antivirus. They either end up downloading a pirate copy (which may very well be infected already, be a trojan, etc.), downloading one of the few free antivirus applications available, or simply installing no antivirus at all.
- I recently heard a radio interview with a senior member of one of the leading Antivirus developing companies and he was claiming they were finding a significant number of malware entities created every day. Here is a quote from Wikipedia's entry for computer virus:
"The Sophos Company experts say about 40,000 computer viruses are now known to exist, with about 200 new computer viruses being released into the Internet each month"
Now, I think it is clear that such estimations are based on what these companies actually detect, which is not necessarily the grand total. In addition, that rate of detection varies depending on the quality of the antivirus at hand. My experience is that standard users tend to like better those antivirus applications which offer an easy to use interface, are not overly intrusive and don't add too much drag to overall performance. Quite honestly, I am yet to find a Windows user who consciously makes an effort to research antivirus benchmarking and buys the most effective antivirus based solely on security. My point being, if only 1% of viruses is not detected that means hundreds of thousands of users have absolutely no protection against 2 new viruses every month. That is assuming each and every Windows user has a current and valid antivirus license, which is no trivial assumption.
This is a significant advantage Linux desktop users can benefit from.
ROOTKITS, TROJANS AND SOCIAL ENGINEERING
Both rootkits and trojans require user interaction to be effective. In other words, for any of these pieces of malware to have significant impact in the system, a user must be tricked into taking a number of technical steps potentially involving administrative access. This concept, along with that of an extremely fragmented packaging system and that of a fairly small community have helped in keeping Linux as safe as it has been so far.
Let's not misinterpret what that means or rest on our laurels. Linux is far from being immune to this kind of attack. Here are some recommendations that should keep you fairly safe.
1.- Do not download or execute scripts from any untrusted source. This is a bit of a tough one, as the Linux community has a history of sharing scripts, putting together tutorials which new comers blindly execute without asking, etc. Certain scripts can be obtained from trustworthy sources, but as a rule of thumb, do not run anything you don't fully understand.
2.- Stick to official repositories when installing applications. If you can't afford to do so because you are using a distro with a limited catalog of applications available, then consider using a different one. Arch Linux is a distro with an immense amount of applications available from its official repositories. The same applies if your distro of choice is too conservative when adding new releases of applications. Fedora is a good example of a distro that does a very good job at making new versions of applications available very quickly.
Obviously, I am not asking you to move to a different distro just because of a few extra repository sources. However, if your current distro of choice forces you to keep a large sources.list file, you should consider switching to a different one. As always, use common sense and stay away from repositories you have no solid reasons to trust.
3.- Avoid downloading and installing applications from .DEB or .RPM packages as much as possible. If you follow the recommendation from item 2 above, then you are not likely to use this installation method much, but I still think it is worth stressing out. Don't get me wrong, many software vendors do package their software using this method and sometimes it is the only way for users to get an up to date version. OpenOffice, Dropbox, Skype and VirtualBox are examples of software that can be safely downloaded and installed this way.
Once again, use common sense and stay away from packages that are not easily distinguishable as trustworthy.
4.- Do not run any untrusted launcher. Both GNOME and KDE allow launchers to be executed with a simple double click, even if they do not have executable rights. To be fair, I have to say that both of them raise warning messages, but I still believe this poses a real threat. Best thing you can do is to never run any launcher that was not originated by your own machine processes.
5.- Make it a habit to use a standard user profile (as opposed to an administror one). Different distros handle it differently, but many grant admin rights (read sudo access) to the account that is created on installation. Ubuntu is a good example.
If you are using a Linux distro which provides default sudo access, I recommend you create an alternative user account for day to day activities. Think about it: Browsing the web, listening to music, watching movies, playing games, etc., all doable without admin privileges. Why risk it unnecessarily?
All things considered, I still believe that Linux desktop security is superior to that of Windows in a home environment. Here's why:
- The default firewall setup offers a very safe configuration off the bat.
- The software repository model is safer.
- Viruses are no concern.
- Social engineering is definitely a threat, but following a few simple guidelines should keep it safe.
Some have raised a very valid concern about the lack of reactive security in the Linux Desktop. Unlike Windows users, we have nothing to fix or even detect the situation once security is compromised. While I agree with such concerns, in my opinion all that means is that Linux users need to approach security differently to Windows users. Windows users have grown accostumed to a reactive model. They have a wide variety of tools to detect a security threat and kill it. The key to Linux desktop security is to take a proactive approach: Preventing over healing.
To me, it boils down to this: Linux desktop users are safe as long as they follow a few best practices, which is more than what Windows users can say today, even with the help of an antivirus. In addition, in the event of security being compromised, the severity of damage is generally much more limited.
Thanks for reading!