A brief take on security in Ubuntu

October 20, 2014

In Ubuntu, the first wall of security comes in the form of a special user account called root. Root has the ability to perform any operation on the system. To protect users or crackers from using root to harm the system, no user can actually login as root. Instead, users perform actions with root privileges by using a special command called “sudo”, which stands for “superuser do”. In Ubuntu, every time you try to make changes to the system that you do not have permissions for, you must provide your password, and your account must be included in a group that has access to the sudo ability. This model provides better security than the Windows model because it adopts a practice of providing users and processes with only the privileges that they need, rather than allowing an Administrator account the ability to make dangerous changes to the system.
Most Ubuntu users never manually install software. Like Apple, Ubuntu provides a software center that allows users to download what they need using Ubuntu’s package archive. Notice that Windows has also tried to incorporate this model due to its robust nature. In Ubuntu, updates and lists of installable software are pulled from servers run by Canonical. These “packages” of installable software are hand made by Ubuntu developers, or the authors of the software itself. All software put into the package archive must be approved by an Ubuntu “Master of the Universe,” whose sole job is to incorporate packages into the next release of Ubuntu. Users can trust the integrity of these packages, and unlike Windows, were the authenticity of downloaded software may not be determined in many cases, users of Ubuntu can avoid installing malicious software.
By default, Ubuntu does not listen on any port. This makes Ubuntu technically impenetrable if your computer isn’t connected via a wireless technology. Of course, your computer isn’t really useful without the Internet, so Ubuntu comes with an uncomplicated firewall, also called “ufw”. The defaults of ufw shouldn’t need any tweaking out of the box to keep Ubuntu safe from malicious requests. Ubuntu also doesn’t need anti-virus software. This is not terribly shocking for OSX users, but Windows users tend to find this fact scary. The reality is that Windows has a culture of viruses, it’s written for/at corporate speed and efficiency rather than security, and it’s implementation is susceptible to bugs. If you consider all of the natural protections that Ubuntu offers (especially its use of package repositories), it’s no surprise that Ubuntu doesn’t require anti-virus software. However, sometimes policy trumps reason, and in those instances, anti-virus software is available for Ubuntu. Both Avast and AVG make paid and free solutions, with many, many open source solutions maintained as well.
Around seventy percent of servers on the Internet run Linux in some form. Linux machines are extremely robust to network attacks, provide transparency in design for better consultations when a problem does arise, and puts the burden of keeping Linux secure on the shoulders of a larger community. So ask yourself, would you rather rely on code reviewed by only Microsoft employees, or by the massive community that is Linux. That includes not only corporations who pay employees to work on open source, but also regular programmers like you, professors writing security dissertations, and governments such as the United Kingdom, who’s defense department found Ubuntu 12.04 to surpass every other operating system in security when compared.
One last bit of information, for those of you who encrypt your drive using Bitlocker, Ubuntu has actually had tools for full drive encryption before Bitlocker was available for use. Ubuntu defaults to a AES 256-bit key encryption scheme, which is exactly the same defaults used by Windows (expect that Windows also offers the less secure 128-bit key. Ubuntu is also naturally more secure because all development of Ubuntu is open source, and monitored by the public. This stops the insertion of back-doors, which governments have tried to force upon Windows Bitlocker. For more information consult the Bitlocker Wikipedia pages under the security concerns section.
The end result of these technologies reveals that Ubuntu really only has one major vulnerability in security, and it’s the same attack vector found on every computer. The modern web browser not only renders web pages, but also includes a JavaScript interpreter. To stop malicious JavaScript attacks, the only real solution is to turn off the interpreter, which Ubuntu allows you to do via the settings in Firefox or Chrome. JavaScript has become a crucial part of the web, however, and the only real way to protect yourself is to educate yourself and browse to well known sites that employ good encryption algorithms.
To recap security, Ubuntu provides a robust model by limiting applications and users to the lowest possible level of privilege, unless the user makes a choice to provide a process with a higher privileges. The open source model of software development lends itself to finding and fixing vulnerabilities. The use of package repositories greatly reduces the risk of installing harmful applications. Finally, Ubuntu naturally protects itself from any form of attack unless the user opens the system by using a web browser. Since web browsers aren’t OS specific, the only real solution to this problem is to make smart choices.