Is it wrong to *feel* using Windows XP Professional SP2 is more secure than using Ubuntu?

I am running this system:

Pentium 4 3.2 GHz
2 GB Ram
400 GB Hard Drive
256 MB Graphics Card
Windows Xp Professional SP2

And I am protected with this:

Avast Antivirus Professional Edition
Webroot Antispyware
Webroot Desktop Firewall


I have run lots if online security tests from various sources and my computer is rated as "Superb" and "Stealth Mode - Your computer is invisable online" in all catagories.

If I eventually switch to Ubuntu (as i'm planning) will it really be safer/equally as safe as my current set up is?

We just answered your question in the other thread.

Damn it......... :cry:

I posted it, then thought about it, and realised that this question was probably better in a new thread (Not to lead the other one off topic)

I didnt realise people had seen/started answering my other post.... :cry:

Sorry! But my post in the other thread isnt there anymore now.... :cry:

Damn it......... :cry:

I posted it, then thought about it, and realised that this question was probably better in a new thread (Not to lead the other one off topic)

I didnt realise people had seen/started answering my other post.... :cry:

Sorry! But my post in the other thread isnt there anymore now.... :cry:

That is kewl, It is redundant for me to type it again so I will leave my answer there and if you want to quote from it or ask questions about it then you could reply to it here.

Edit: Here it is copied and pasted.


Yes it will be even more secure if you apply the same security policy as you do Windows. The permissions system on Linux makes it very hard for anything to be installed on your computer without your permission. I still recommend running a firewall, booting from the hard drive first, setting a password for the Bios, and using random secure passwords mixed with upper and lowercase letters plus throwing in a number or two and a charecter like the %. A antivirus is still a good Idea if you share files with a Windows computer to keep them from getting infected. Just because you use a more secure OS by design does not mean you are secure if you ignore good security practices.
__________________

Cheers mstlyevil!

Sorry for the momentary double posting! :cry:

All the best!

John

If you haven't installed anything that lissens on the net there is no point installing a firewall.


Edit: Do you want something that was broke(windows) and you fixed it or something that was secure from the start?

So your saying that Ubuntu will be far more secure than the setup that I described above? Or that now i've "fixed" windows as you put it, the security will be about the same?

Thanks for your feedback! :D

John

Ok lets start with the firewall a default windows install had more that 3 open ports, ubuntu has none. Thus nothing to firewall.

"Spyware" is non-existent in linux.

Viri are rare and patched very quickly. Just don't go around running random things at root and you should be good.

ubuntu is much more secure and opening your e-mail wont fux your system:D

Ok lets start with the firewall a default windows install had more that 3 open ports, ubuntu has none. Thus nothing to firewall.

"Spyware" is non-existent in linux.

Viri are rare and patched very quickly. Just don't go around running random things at root and you should be good.

ubuntu is much more secure and opening your e-mail wont fux your system:D

bjweeks - well said.

Thanks:)

Ok lets start with the firewall a default windows install had more that 3 open ports, ubuntu has none. Thus nothing to firewall.

"Spyware" is non-existent in linux.

Viri are rare and patched very quickly. Just don't go around running random things at root and you should be good.

ubuntu is much more secure and opening your e-mail wont fux your system:D

In the words of George Carlin...

"Just because you own a safe car doesn't mean you don't have to learn to drive the damn thing!"

Yes, Linux is much much much more secure than windows... But this doesn't mean you can get involved in "risky computing" either. Don't let the saftey of linux make your guard go down.

Just a thought - despite the lack of open/listening ports on a default install, the system will still respond to pings and ports will be shown as "closed". A firewall is still a good idea, as you can set it to not ping reply and stealth all ports - the results you saw in windows - which makes your computer a lot harder to find for mass scanners and things.

Just a thought - despite the lack of open/listening ports on a default install, the system will still respond to pings and ports will be shown as "closed". A firewall is still a good idea, as you can set it to not ping reply and stealth all ports - the results you saw in windows - which makes your computer a lot harder to find for mass scanners and things.

So what? Why does it matter if you can be "found"?

He asked if it would be as secure / show the same results as the windows box, and if he got Super Stealth (on what I assume is the Shields Up scan) it means his ports all showed green, ie filtered.

It doesn't matter that much from a security point of view, but if you want the same results....

Well personally I beleive in the hands of complete beginner linux is far less secure than Windows in the hands of a competent user .

Just a thought - despite the lack of open/listening ports on a default install, the system will still respond to pings and ports will be shown as "closed". A firewall is still a good idea, as you can set it to not ping reply and stealth all ports - the results you saw in windows - which makes your computer a lot harder to find for mass scanners and things.No, it doesn't. Determining a stealthed machine is pretty trivial.

Yes, if someone's looking for you.. but if someone's running a ping scan against a large network and you're set to not reply, security by obscurity it may be but odds are they won't find you right off, and if they are not looking for you..

I don't know, but I do feel safer with ports not replying at all than them sending back closed messages.

It doesn't matter its like installing anti-virus, useless

Yes, if someone's looking for you.. but if someone's running a ping scan against a large network and you're set to not reply,Then it's pretty obvious that you're stealthed, especially if I can see outgoing traffic.


security by obscurityThere is no such thing on the public Internet.


I don't know, but I do feel safer with ports not replying at all than them sending back closed messages.Like I said, it's trivial to deduce the state. If it's an automated attack, then you're a random victim anyway, and most automated attacks simply attempt to connect and go on if they fail. So it doesn't matter if you're stealthed or not, if you're not offering whatever serivce they want to connect to, they just pass you by.

It doesn't add anything in any case. Either the attacker is attacking you directly in which case, they'll find out; or they're using an automated tool that simply doesn't care.

Well, if you don't want to run a firewall it's your choice, I won't be stopping you.
Still, if you want to "*feel*" safe, and get all green / all stealth on tests, or if you want to actually open a port, or for whatever reason, might as well get one.

As far as automated tools - for example, nmap. Run a ping scan against 256 hosts on a subnet, others will reply but if you're running a firewall set to drop ping requests, your machine won't.

But, indeed, if you don't want to run a firewall then by all means don't. I don't use AV (on windows or linux) and I suspect my position on that is similar to yours on firewalls :P

The ICM Protocol isn't a joke, it wasn't developed because someone had too much time on his hands. Don't turn it off, especially when you run a server for public access. Eg my email provider used to do this and it was a pain in the *** (eg when the MTU packet size was too big but it didn't respond because it was... uh stealth).
If you don't offer any services, then you don't have to worry anyway. Besides that as already pointed out such a stealthmode doesn't exist anyway: http://www.hansenonline.net/Networking/stealth.html

The ICM Protocol isn't a joke, it wasn't developed because someone had too much time on his hands. Don't turn it off, especially when you run a server for public access. Eg my email provider used to do this and it was a pain in the *** (eg when the MTU packet size was too big but it didn't respond because it was... uh stealth).

I think we can assume he doesn't run any public services, though.


If you don't offer any services, then you don't have to worry anyway. Besides that as already pointed out such a stealthmode doesn't exist anyway: http://www.hansenonline.net/Networking/stealth.html
I believe firewalls can be configured to respond with a host unreachable message anyway, although I suppose this wouldn't be from the router one up, and I've no real idea about it anyway.

If an attacker really is focusing on you, then I imagine it wouldn't do much good, but that doesn't mean you shouldn't get a firewall running.

Obviously if you do run some services then you need to configure any firewall you may have to allow them, but I don't see the point in not getting a firewall.
It's possible to get hacked without any running server services, and in that scenario a firewall may help out some by not allowing some outgoing connections, or by keeping a port stealthed to do something about preventing attackers from running their own servers.

No doubt you're more experienced here than I am, so if you don't want to run a firewall then don't.

While I feel secure enough in windows with no anti-anything, I know you are more secure with the anti-stuff, but even then in my opinion Linux is more secure then your or my Windows.

As far as automated tools - for example, nmap. Run a ping scan against 256 hosts on a subnet, others will reply but if you're running a firewall set to drop ping requests, your machine won't.

:P
Well I would simply deduce from your example that the stealthed host has a lot more to hide than the unstealthed hosts and is therefore a much tastier morsel to pick at.

Does nmap pick out, from a ping scan, hosts that are dropping the packets as opposed to hosts that simply do not exist?
If it does, I can't say I've noticed that.

Well, if you don't want to run a firewall it's your choice, I won't be stopping you.Your reasoning for running one is total crap though, and that's the point I'm stressing.


Still, if you want to "*feel*" safe,From a false sense of security.


As far as automated tools - for example, nmap. Run a ping scan against 256 hosts on a subnet, others will reply but if you're running a firewall set to drop ping requests, your machine won't.Wonderful, but if I know your host is there (i.e., I see it's outgoing traffic) I don't need a positive response from nmap to tell me your host is there.


Does nmap pick out, from a ping scan, hosts that are dropping the packets as opposed to hosts that simply do not exist?
If it does, I can't say I've noticed that.No, point the point is a competent human attacker can tell anyway, and an automated worm is going to try to connect to your host first. They don't do portscans or anything of that nature.


I know you are more secure with the anti-stuff, but even then in my opinion Linux is more secure then your or my Windows.Not necessarily true and not generally true. Anti-stuff can only defend against what it knows.

My understanding is, the way that DHCP works means it quite easy to work out which hosts are stealthed by the very presence of its neighbours as in the case of a wan or a lan.

As I said earlier, it's possible to be hacked without having any server services running. Vunerabilities in programs like Firefox that could lead to code being executed on your machine, for instance. In that scenario, having no firewall would allow an attacker to start an SSH service, or something like an IRCd (there is someone right now in the security forum who it seems has had his machine comprimised and an IRCd run on it) while having a well setup firewall could easily enough stop such processes from binding to ports and running.

Same kind of thing if you're playing a game, or hosting a game server - if these were comprimised, that's another route into a system.

As far as nothing binding to ports... X is a network service, hm?

DeadEnd: I don't know about your DHCP, but mine assigns IPs randomly.

Anti-stuff can only defend against what it knows.

I know. Anti-stuff is more secure then no anti stuff though, nomatter if you feel you need any anti-stuff or not.

it's certainly not wrong to feel more secure using Windows, i hope not anyway because i feel much more secure using Windows. which one of my installs is more secure? i have no idea.

even if one is generally more secure then the other, you might come across an exploit like the recent 0 day, print job cancellation, MetaFile thing, which will install some malware. or, a script kiddie might use a new exploit you haven't patched against

i don't think you can say either way one is more secure, it depends which exploits you are talking about or you have to specify the exact conditions.

i believe the most important thing is how security conscious you are.

how many people are using Firefox 1.0.7 to view this? i think that's a problem for either OS, i haven't really checked because i use Opera 8)

I know. Anti-stuff is more secure then no anti stuff though, nomatter if you feel you need any anti-stuff or not.No, that's not true either.

More of the time, having anti-* will be more secure than not having it.
There are circumstances where it may not be so - old, out of date or vunerable anti-* programs - but more of the time it is more secure to be running them.

DeadEnd: I don't know about your DHCP, but mine assigns IPs randomly.

Thats my point, it does not assign them randomly it assigns them according to a ruleset.by knowing this and your neighbours existance then......

If building walls around you - to protect you from enemies, makes you feel safe. Then go with that.

If you are in alliance with your enemies and they wont/can't attack you.
Then go with another choice.


Watever makes you *feel* secure.

I assumed you meant that it assigned them in order, such as..
192.168.0.2
192.168.0.3
192.168.0.4
and so on.
Mine picks a random number in it's DHCP range and then allocates that.
No real scheme involved.

Mine picks a random number in it's DHCP range and then allocates that.
No real scheme involved.

DHCP will assign the lowest available IP in its address book range that is available,this is not random at all.

No, it won't. There's no onus on it to do so. Not all servers behave that way.

No, that's not true either.

Good idea. Tell me I am wrong then not tell me why.

More of the time, having anti-* will be more secure than not having it.
There are circumstances where it may not be so - old, out of date or vunerable anti-* programs - but more of the time it is more secure to be running them.

Nope, not true. If you don't need anti-virus software, but still use one "to be on the safe side", all you do is add an other software with potential flaws. Considering that this software by its very nature does many security critical things, this is not a good thing to do from a security point of view at all.

DHCP will assign the lowest available IP in its address book range that is available,this is not random at all.
Actually, my server assigned the *highest* in it's range before I told it otherwise.

Nope, not true. If you don't need anti-virus software, but still use one "to be on the safe side", all you do is add an other software with potential flaws. Considering that this software by its very nature does many security critical things, this is not a good thing to do from a security point of view at all.
Arguably, under a default windows install AV software can and is needed. I've never installed any, but as I said - so long as the software isn't too out of date or vunerable, which most modern AV isn't, all it will do is take up some CPU and time, and in return protect you against what viruses it knows.

By no means is one needed, but it's not usually a bad idea to install some. One is generally always safer with than without, although you don't always need it.

Arguably, under a default windows install AV software can and is needed. I've never installed any, but as I said - so long as the software isn't too out of date or vunerable, which most modern AV isn't, all it will do is take up some CPU and time, and in return protect you against what viruses it knows.

By no means is one needed, but it's not usually a bad idea to install some. One is generally always safer with than without, although you don't always need it.
Again, it's not always safer with than without, as having AV software on your computer adds an other potentail vulnerability.

That said, I'd never run Windows without an AV, but I'd also never run Ubuntu with AV software, unless if I'd run Ubuntu as a server and wanted to protect windows clients.

I ran windows for years with no AV and didn't get one virus; but I still doubt that it's more often unsafe to run AV than it is safe.
On a linux system one probably isn't needed; but on windows it's pretty much always safer to run some than not too. As I said, most modern AV isn't *that* vunerable, and the protection you gain should more than make up for the possibility of it being a vector for an attack.

As I said, most modern AV isn't *that* vunerable, and the protection you gain should more than make up for the possibility of it being a vector for an attack.
Weird, why are there vulnerabilities discovered in some modern AV nearly every day then?

I mean moderately major AV products, and real vunerabilities..
Things that actually get exploited from companies such as Norton or AV software like Avast or AVG. It may have a few exploits, but not that many, to the best of my knowledge.

Good idea. Tell me I am wrong then not tell me why.Most non file-serving applications don't need anti-virus per se. You certainly don't need anti-spyware if no one is browisng on that box.

More importantly, a lot of the issues and attacks we're seeing today are ones that they can never block without interferring with the user's normal ability to function.



I mean moderately major AV products, and real vunerabilities..
Things that actually get exploited from companies such as Norton or AV software like Avast or AVG. It may have a few exploits, but not that many, to the best of my knowledge.No, there have been several, look at secunia.org or similar if you don't believe me.

What types of programs do you have to be running in Ubuntu/Linux that would make it a good idea to have a firewall installed? Do programs such as Thunderbird and Gaim make your system vunerable?

I'm a newbie to Ubuntu (and Linux for that matter), so I'm not that familiar with it. All I know is Windows, and in Windows you pretty much need to have a firewall.

Thunderbird and Gaim are unlikely to need a firewall... really, the things that need firewalls are servers such as SSH or a web server like Apache.

Thunderbird and Gaim are unlikely to need a firewall... really, the things that need firewalls are servers such as SSH or a web server like Apache.

What if I were to install and use a P2P file sharing program like Azureus? (I thought of that after I posted my last message)

What if I were to install and use a P2P file sharing program like Azureus? (I thought of that after I posted my last message)
You don't need one either.

What iptables (the linux firewall so to speak) basically does, is block port on which apps might be listening. Now, Azureus certainly will be listening on some ports, but it also needs to be able to use them in order to function.

So if you want to use Azureus you'd need to open the ports it needs anyway.