The ubuntu is 100% safe promise

[tlu]

So if we analyze this quote:
- surf in safety in Ubuntu is a myth
- files and data safely protected is a myth, although we have the tools for encryption
- we have virus protection is a myth
- we have firewall protection is not true, we have the tools available for great firewall protection
- apparmor is an extra level of protection, but never will guarantee your safe
- access your bankaccount is at your own risk

That sounds a bit apodictic I mean: There is no 100% security. Nowhere! Nobody can guarantee that a meteorite won't beat you to death some day.

But you can say that Ubuntu is reasonably secure as far as one can tell. This site shows that they have done a lot in the past to protect you. And you can be sure that new security features/countermeasures will be introduced: AppArmor will get new features, seccomp2 will certainly play a bigger role and possibly also PIE. Just to name some examples.

[Soul-Sing]

There is no 100% security. Nowhere! Nobody can guarantee that a meteorite won't beat you to death some day.

But sometimes many meteorites are shown in path of Mother Earth Ubuntu. Very technical possibilities and frightning, Hollywoodlike scenerio's. Brrr. Indeed there's no 100% guarantee of security, but the text on Ubuntu's website comes very near to it in imho.
My what__are__real__facts__and__fear(s), theory and practice approach leeds to nothing really. I am starting to repeat myself. Soi.
Enjoy Ubuntu

[|{urse]

Well, it's neither '100% safe' nor '100% secure'. That's incredibly misleading. How about 'safer and more secure than windows, so long as you're not an idiot, promise.'?

[Hungry Man]

That could happen upstream. Who's to say that Linus Torvalds hasn't turned evil and started backdooring the kernel code? Who's to say the Apache developers haven't slipped in some malicious payload in their software? You see where I am going. If a malicious actor can subvert the code upstream, there is no reason to try and get past Ubuntu's repository security.

My point is, you have to trust someone unless you wrote (or audited) every LOC yourself. This goes for Windows, OSX, Linux and every other OS in human history.

You also have to verify the compiler you use to compile the code hasn't been tampered with. See: trusting trust.

There's a point where you have to throw it all out and just write your own OS - either that or you accept you can never always know.

Is Ubuntu secure? To an extent - it's still incredibly prone to use error, it's still behind in terms of shipping PIE +s binaries, and the Linux kernel is slacking in terms of security due to Linus not giving a **** and upstream generally having no concept of security. As with every desktop OS (except OS possibly) it provides very little security to third party code unless that code opts into the security built in.

Windows suffers from a lot of those issues as well - instead of having people like Linus holding the kernel back we have a series of developers who act behind closed doors.

tl;dr it is not even slightly fair to call Ubuntu 100%, you can barely call it "secure" unless you add quite a few words like "secure from most malware in the wild". Security with qualifiers just... seems lame.

[Ms. Daisy]

My what__are__real__facts__and__fear(s), theory and practice approach leeds to nothing really. I am starting to repeat myself. Soi.
Enjoy Ubuntu

What's fact vs. fud, what's theory vs. practice... it all totally depends on what you are going to do with your computer & your network. There are so many variants. If you keep your software up-to-date all the time and you only visit your personal banking websites from your home ethernet on a network you control, then the real risks to you are miniscule.

If you're a bit slow to install all the updates, if you're a bit lazy about what you click on, if you use public wifi for all sorts of personal accounts, then your risk goes up. How much? It depends.

If you never update, download/torrent illegal media, run several services with bad configurations, then it's not if you'll get owned, it's when.

How can anyone possibly answer your question when the reality is just a continuum of risk totally depended on each individual user? It's frustrating that we can't write a one-paragraph "how to stay 100% secure" document. I wish we could and have it not be a useless collection of words.

[CharlesA]

Basically, all security boils down to is finding the "acceptable amount of risk" for the situation, task and scenario.

For example, for a home user, using a strong password and not allowing VNC or the like open access to the internet might be as much security as they need in order to not get their box owned. While those things help prevent brute force attacks, the machine could still get owned if the browser if the user is careless on what they click and isn't running either AppArmor or something like NoScript.

For a production server, however, the accessible amount of risk could be near zero - lock down any services that need access to the internet, ensure no non essential services are running or installed (more packages installed = no change of stuff needing security updates). Thirdly, would be separation of services because it isn't if you are going to get owned, it is when and when that happens, you do not want your web server, database, and email server compromised all at once. Run a separate box for the web server, one for the database and one for the email server, with different logins and whatnot.

tl,dr: Nothing is 100% secure and "accessible risk" varies depending on the environment/situation.

[tubbygweilo]

You can I expect lock down the code side of things save some zero day exploits but with a bit of social engineering you can crack the user and have them open their system and allow a bad guy to do things. If you can convince the user to give you sudo access then it could well be game over with Ubuntu code still intact.

Ubuntu can be 100% safe but the user not.

[OpSecShellshock]

Yeah I think if you want to talk about Ubuntu regarding how it fits in to most home users' security concerns, you're going to ultimately arrive at the conclusion that the operating system doesn't actually have much to do with those concerns.

For example, if people are worried about their credit card and banking details being exposed, they should understand that compromising the computer, particularly at the OS level, is not a requirement. The one time it happened to me it was because I went out to eat at the wrong place on the wrong night. I had some really spectacular firewall rules, but they didn't do me much good, because I wasn't at home and I wasn't on my computer.

I guess my main point is that for the risk categories that home users tend to be most worried about, the OS has little to do with it.

[Soul-Sing]

If you never update, download/torrent illegal media, run several services with bad configurations, then it's not if you'll get owned, it's when.

Indeed, and be aware of some vulnerable software as Java also. Java is notoriously late/slow with patches. And seems to be intrinsic unsafe. The alertness not to install software (java?) you do not need.
About services. By default I reduce as many services as possible. And possible vulnerable "features" as dnsmasq, avahi, etc.

I guess my main point is that for the risk categories that home users tend to be most worried about, the OS has little to do with it.

Point taken.

[Ms. Daisy]

I guess my main point is that for the risk categories that home users tend to be most worried about, the OS has little to do with it.

There it is Soul-Sing. That's about as distilled as it can get.