Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: How secure are pre-installed apps on Ubuntu Desktop?

  1. #1
    Join Date
    Apr 2020
    Beans
    7

    How secure are pre-installed apps on Ubuntu Desktop?

    I was planning to install the latest version of Ubuntu desktop. However, I see that the install comes with a lot of pre-installed applications. Are these verified to be secure? Can I be sure there is no malware in these applications?

  2. #2
    Join Date
    May 2010
    Beans
    155

    Re: How secure are pre-installed apps on Ubuntu Desktop?

    There is no malware in any Ubuntu distribution....

    If you want to reduce packages you can install Ubuntu Minimal then install the desktop of your choice (Not using the metapackage) like lxde or even just a window manager like openbox (for a super light OS).

    You will need to install something like lightdm or gdm to get a graphical log in.

  3. #3
    Join Date
    Apr 2020
    Beans
    7

    Re: How secure are pre-installed apps on Ubuntu Desktop?

    I would like to do the normal installation. Is there any scope for malware in any of those applications which come pre-installed?

  4. #4
    Join Date
    Sep 2014
    Location
    United States
    Beans
    254
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: How secure are pre-installed apps on Ubuntu Desktop?

    If you want the most secure distribution, you would need to inspect each compiled software at all phases. Because this is impossible to do individually, we trust that the developers are following best practices like deterministic builds.

    Ubuntu is a downstream distribution of Debian, which follows the deterministic build principle. Each binary will have the same binary as the distribution, which means all packages are verified to be built under the best conditions as possible.

    Further reading: https://wiki.debian.org/ReproducibleBuilds

    We trust that the distributed packages contain no malware.

    You can further improve the security of your Ubuntu install. Here's a helpful guide on determining your risk and mitigating it.

    https://www.ncsc.gov.uk/collection/e...untu-18-04-lts

  5. #5
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: How secure are pre-installed apps on Ubuntu Desktop?

    Please read the link in my sig: "Security Basics".

    No one can guarantee you 100% security perfection. Such perfection does not exist in our imperfect world. This includes the apps in the repos and it includes the Ubuntu distro itself. And even with the best of intentions, holes are regularly discovered in Linux itself and the foundational utilities and libraries that make it useful. This is why we update and patch.

    Nonetheless, I have confidence in my install and the apps from the repos. I take reasonable precautions and don't do stupid things.

    It bears mentioning that the vast majority of security problems that users run into are the result of their own unwise or uninformed actions. Holes in the OS itself are a tiny fraction of the problem. The problem that most users have trouble wrapping their heads around is their own silly behaviour. Most, especially general users coming from the Windows world, think that security is app-based and not behaviour-based.

    Ages ago, I wrote a response to a similar question. Aside from a few outdated references, it has aged surprisingly well. No point in my repeating myself, so if you are interested: https://ubuntuforums.org/showthread....5#post12833795

  6. #6
    Join Date
    Sep 2014
    Location
    United States
    Beans
    254
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: How secure are pre-installed apps on Ubuntu Desktop?

    I would like to respectfully disagree on keeping the status quo advice.

    There have been huge improvements made to the kernel to mitigate the attacks documented in this article.

    https://www.forbes.com/sites/daveywi.../#60aaae282086

    In the past, we did not recommend apparmor, and now it's included with many profiles on every new install.

    Today we can also implement kernel lockout, which was a Red Hat exclusive patch for a long time.

    Security does change. And there is a lot to learn about it.

    The biggest question is what is your use case and how much do you need to ensure complete compliance to a security model.

    Edit.

    I would like to say that Ubuntu is one of the most security-focused operating systems out there. Perhaps not the best, but it's very good.

    Let us do a case study. Gentoo had a supply chain attack. https://github.com/cncf/sig-security/pull/284

    What prevents this in Ubuntu are two teams. Security on Debian is a community-ran operation, which some paid employees making security changes for organizations paying them to create those changes.

    Ubuntu has a main and security repository that maintain Ubuntu specific security patches. These patches are the second filter for the user, where patches are typically applied both ways, with the Ubuntu team focusing on specific repositories and applying patches as vulnerabilities are made known.

    Gentoo lacked that infrastructure.
    Last edited by EuclideanCoffee; 4 Weeks Ago at 06:31 PM.

  7. #7
    Join Date
    Feb 2010
    Location
    Obscurial Springs
    Beans
    14,227
    Distro
    Ubuntu Budgie Development Release

    Re: How secure are pre-installed apps on Ubuntu Desktop?

    Unlike the proprietary software that comes with and for Windows the source code for default applications in Linux is publicly available for inspection. Malware that is designed for Mac and Windows simply won't run on Linux. Clam AV is available if you are share files with Windows. See the basic security link in my signature.

    https://help.ubuntu.com/community/Repositories/Ubuntu

    https://linux.oneandoneis2.org/LNW.htm
    “Start where you are. Use what you have. Do what you can".

    Ubuntu Documentation Search: Popular Pages
    Ubuntu: Security Basics
    Ubuntu: Flavors

  8. #8
    Join Date
    Apr 2020
    Beans
    7

    Re: How secure are pre-installed apps on Ubuntu Desktop?

    Thank you for your responses. Probably my question was not properly understood. What I really wanted to understand was if Ubuntu has any security review process in place while deciding which pre-installed apps to include with their OS distribution. How can we be sure that there is no malware in these pre-installed apps?

    Now, I am just a regular user of Ubuntu desktop. I mainly do browsing and some programming too. However, I am concerned about any malware recording my keystrokes and stealing my passwords.

  9. #9
    Join Date
    Sep 2014
    Location
    United States
    Beans
    254
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: How secure are pre-installed apps on Ubuntu Desktop?

    Check the ISO hashes.

    Example:

    md5sum *ubuntu-20.04-desktop-amd64.iso

    Should be the same as here:

    https://releases.ubuntu.com/20.04/MD5SUMS

    The same can be done for each package installed. http://archive.ubuntu.com

    https://manpages.ubuntu.com/manpages...debsums.1.html
    Last edited by EuclideanCoffee; 4 Weeks Ago at 02:32 PM.

  10. #10
    Join Date
    May 2010
    Beans
    155

    Re: How secure are pre-installed apps on Ubuntu Desktop?

    There is none of that in the packages in the OS. To do so would harm the OS and users who peruse the code would flag it up quickly as a security bug. Nothing in the default install will "steal your passwords" or "record keystrokes"

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •