How safe is Ubuntu? [closed]

security remote-desktop

Last week I started desktop sharing using krfb. Continuing from my last session, it appears that the process restarts itself.

Two days ago I noticed messages popping up saying something like "rejecting uninvited connection from (some IP)", but today I figured it might be because of krfb, and I was right. krfb was running in the background.

Hence the question, How safe is Ubuntu? Should I expect someone to connect to my computer and erase everything on my hard drive?

To extend my question : how safe is Ubuntu compared to other OSs (Windows, Mac, ...)? How safe it is compared to other distros?

Linked Question

  • Why is Ubuntu more secure than Windows or Mac OS X?

Solution 1:

No, you shouldn't expect that.

An uninvited connection merely means that someone sent packets your way. Anybody can do that, and it's a good thing. I suspect that krfb has opened a port on the firewall, which isn't a problem - again. You do want it to accept invited connections, so it has to be exposed to the public internet.

If you, for example, run a web-server, you might get hundreds of break-in attempts per day.

The important bit is that they are attempts. Security is only compromised when you have, for example, a weak password for your SSH login (and accept connections on the SSH port, and have SSH installed). Another possibility is that a specially crafted message to a program can trigger a Bug in the program that allows arbitrary code execution. This is very dangerous. But: on Ubuntu, it's also comparatively rare, these vulnerabilities get fixed very quickly(1, 2, 3)*.

  • Use secure passwords

  • Don't install server software you don't need,

    and if you do, don't expose it to the public internet, if you don't have to.

  • Regularly update your system

If you follow this very basic advice, you should be absolutely fine.

Absolute security doesn't exist, and there is always some danger, but:

someone to connect to my computer and erase everything I got on disk?

This would be major headlines on all of the IT news sites. It's extremely unlikely.

If you really want to dig deep into the subject, there are two papers I found very interesting:

  • Installing, Running and Maintaining Large Linux Clusters at CERN

  • Quantifying Information Leak Vulnerabilities

This is just a small snapshot of the security landscape, but you might find them valuable.

*: Note, Ubuntu, with the help of Canonical, takes great care to deal with security related bugs very quickly. However, there is some software that Ubuntu have no control over. This is software that is installed from the universe and multiverse repositories. There, the onus is on the authors. Some of this software is very secure indeed, some isn't. If you are extra-paranoid, use only software from the main repository.

1. http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/
2. http://cryptome.org/cyberinsecurity.htm
3. http://www.technewsworld.com/story/55722.html

Solution 2:

There are also tons of tricks to learn at Server Fault, especially if you run web servers.

A good start might be the Linux kernel hardening question.

Related

I encountered a gconf2 error while installing some packages, what should I do?
Samba share read only for guests, read write for authenticated users
Add password to an existing zip file
Creating a new user after install with encrypted home
Where can I find Bluetooth Received folder?
Prepend current git branch in terminal [duplicate]
What units does the ntp drift file use?
Change git's language to English without changing the locale
Configuring logrotate without root access (per user log rotation)
docker snap: Cannot connect to the Docker daemon. Is the docker daemon running on this host?
Installing clang 6.0 on Ubuntu 18.04 LTS Bionic
dpkg-deb: error: archive ... has premature member 'control.tar.xz' before 'control.tar.gz', giving up