Emerging Tech

No more Ubuntu on Dell in the United Kingdom

Remember our report in August about Dell offering Ubuntu pre-installed on selected hardware as an option? There were some of you folks who got very excited about it then.

Remember our report in August about Dell offering Ubuntu pre-installed on selected hardware as an option? There were some of you folks who got very excited about it then.

Well, it appears that Dell has stopped offering Ubuntu pre-installed in the United Kingdom.

Excerpt from The Registry:

One bloke who tried to order a Dell Ubuntu system told the Ubuntu forums he couldn't get one. According to his posting here, Dell says the machine is unavailable. Another poster reckons the whole thing was a publicity stunt.

And if you visit the Dell U.K. site, the page either hangs or ends up with a "discontinued" sign.

Additional sleuthing uncovered the following:

A call to Dell's marketing folk in the UK confirms Dell no longer supplies Ubuntu pre-installed. "It has been discontinued in the UK," a closed source said.

So, what really happened? Is this a publicity stunt, or simply a reflection of the lack of demand for pre-installed Linux at large?

--------------------------------------------------------------------------------

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

157 comments
mikifin
mikifin

Have it shipped through Dell in the U.K.

Fyrewerx
Fyrewerx

In most cases, Dell PCs come with the Vista or XP "restore" installation disk (and at a minimum, the sticker with the authentication numbers). Some manufacturers, like HP, give you the opportunity to make one. After receiving the PC, I load ubuntu, then use the original disk to load Windows "virtually." At least its a licensed copy now.

Deadly Ernest
Deadly Ernest

If this is the case, I thinks it's more likely to be due to pressure from MS not to offer alternatives to MS or pay more for the MS software.

Andy Goss
Andy Goss

Though they make it hard to find. Go to the Dell site, www.dell.co.uk and do a search for linux. This will bring up a page with a link "Ubuntu - now available on Dell products" under Recommended Links that will take you to the Ubuntu page. If they will actually fill the order I don't know. That there are no visible links to Ubuntu offerings suggests to me that it is largely a stunt to impress the FOSS people while keeping ordinary buyers in ignorance.

PC Rescue
PC Rescue

... because I just "ordered" an Ubuntu Dell from the UK website to check this out (short of actually processing my card details) so it's a redundant story.

Meesha
Meesha

No doubt it's a bit of both. I don't know if anyone else has noticed but in the last few weeks I've seen an awful lot of announcements, articles, etc. linking MS and Dell. This gives me pause to think that this U.K. situation is not necessarily unplanned but scripted to make MS more attractive to the public in view of it's lack luster results with Vista. I also found that other vendors i.e. Lenovo have announced Linux distros available for some of their equipment. Yet when I'm on their site I can't see to find anything. It seems to be well hidden. Does this all add up to MS's latest big push on keeping hardware vendors in check? Conspiracy theories notwithstanding, Dell or Lenovo or whomever would be in better position to keep offering choice as the extreme expense of MS keeps escalating. And please, no MS O/S lite need be discussed since it is/will be as "patchy" as anything MS is offering today.

CharlieSpencer
CharlieSpencer

If they don't sell a bunch of them for Christmas in the U.S., you won't see them available here either in 2008. I give them credit for making the effort. I'm not sure how it could have been a publicity stunt. Who's attention would they have been trying to get? If anybody benefited, it may have been Linux. Perhaps it gained some name recognition among consumers.

paulmah
paulmah

So what really happened? Is it a publicity stunt, or just simply a reflection of the lack of demand for pre-installed Linux at large.

Neon Samurai
Neon Samurai

I'm not sure if that's possible as most Dell sized retailers build there own restore disk but if you can get a proper Vista CD and use your Dell license code with it then you'll skip all the extra "added value" crap that usually comes with a restore disk. On the up side, it's not HP with there write your own restore disks during the first boot setup.

neighbourcg
neighbourcg

Seem we may all have been victims of yet another disinformation FUD, from who knows where, regarding the discontinued sale of Ubuntu on Dell system in the UK. Glad to see some positive comments regarding PCLinuxOS. I recently did some comparative installs of Ubuntu and PCLinuxOS and found the latter to be a faster install. In terms of security, PCLinuxOS did ask for an admin/root password separate (note the spelling) from a user password during the install. And, yes this is normal for most, if not all, Linux distros. Although I do agree that for Joe Keyboard the need for a root password may be an irrelevant issue. In terms of support for Ubuntu, there were press releases by Dell and Canonical, that technical support was available, but as a separate extra service contract that had to be purchased.

JCitizen
JCitizen

to get clicks would you? ;)

ben@channells
ben@channells

Personal I test Linux in Vmwear an I've never been happy with any of them to switch from Windows. Sure windows has its problems but I can lock it down so it's safe and easy for my kids to use. Dell has always charged much more for delivery, but when asked to pay more in the UK and get less support does not help. especially as Dell has a crap record of delivering working PC's or laptops. Stick with Win XPpro or buy an Apple Mac errrrrmmmm.

JCitizen
JCitizen

and get it over with. So the manufacturers wouldn't be so intimidated making such offers. Maybe that will be the EU's next move.

badiane_ka
badiane_ka

This notion that every-one is responsible for you has to be taken out of your heads. One thing that should be done by any company distributing a GNU/Linux distro is to provide a good book with the units. You the user should be willing to read and learn. I do agree that things are to lax. When I installed Debian for my mom and had her enter her password she had no problem login in all the time. As for the guy who mentions that Debian distros are insecure based on their repositories probably didn't realize that initially you will either have your cdrom repository or the us.debian.org and security main ones available. I have also never seen any one of the windows users for whom I've installed it for go and set their firewalls; the install does it for them. I think that Ubuntu should do the same and install firestart or guard-dog or similar apps and go with a basic secure config. Know why you are buying your system. If you want security find a company that will sell you Slackware, Debian, Gentoo, SuSE and pick from Distrowatch. I have recently installed NetBSD on a P100 with 80MB of ram running MySQL, Postfix, Perl, Ruby, SSHd, Screen, ncftp2, twm, XF4.0, xterm and I'm happy. If you have an Atheros based card you can turn it into multiple access points and a station. MS has spend years dumming down people and letting them believe that because they could open a few windows and use a few apps that they "know how use a computer." And now Linux distros have to give them the same level of dumb if it has to be accepted. When I type control-a in my shell it takes me to the beginning of the line, in firefox running on my distro it selects everything. Why do I have to give up my emacs keystrokes in an OS which has much greater flexibility to get the dumb OS version. I don't want to give up the flexibility that I've learned over the years in oder to make the Windows converts feel good. If you are running from windows try to find a book which will speak to you. Unbuntu/Debian has a pretty nice package manager learn how to use it. It's a different mentality and way of doing things. Learn to adapt. Trust me you will be rewarded. So, yes the default config is not as secure as it should be and they should sell it more secured but also provide a manual or automate the process of securing it. But it's not hole ridden and intrinsically insecure as windows.

dtune59
dtune59

Firstly, the Linux systems were dearer than the Windows versions & the hardware they were using was "last year's model". This got end-users offside. Secondly, Dell Web Support is no better than a list of Linux sites - pick the wrong site, search your question & get no answer. This got end-users offside. Thirdly, frustrated end-users took the advertised option, call Dell Customer Support. Need I say it again, offside, big time! I loved the Dell (Australia) support guy's comment - we won't sell a Linux alternative in Australia because it only comes in English. Ha, ha, ha....

lastchip
lastchip

I scoured the National Press Dell full page advertisements and the Ubuntu option was no where to be seen. With zero marketing, what else can you expect? But it does make you wonder, if it was just a ploy to screw Microsoft down on price for volume licences for Vista. When you see what prices new machines are offered for, they sure as hell are not paying ?51.15p a time, (the cheapest I could find an OEM licence) or anything like it! I wonder if any member here has managed to buy a Dell machine pre-installed with Ubuntu? Or have they met with a blank brick wall as well?

Open Minded Geek
Open Minded Geek

Didn't think Dell offered Ubuntu pre-installed in the UK anyway. I've priced and ordered a number of desktops and servers in the last 6 months and I never saw an Ubuntu option - Red Hat Linux, but not Ubunutu. I was also under the impression that Ubuntu was only going to be available for machines ordered in the USA. Perhaps I was wrong??

Jaqui
Jaqui

that the brits are smart enough to realise that with no root password ubuntu is not secure :p

JCitizen
JCitizen

My notebook came with a CD. But some machines I work on have a restore partition; lately I saw a lot of models for sale that you have to make your own apparently. I wondered if these actually had the partition as well. I like the retail box fully supported license idea also. In fact the 32/64bit combo choice would be mandatory for me.

Fyrewerx
Fyrewerx

I do have several Dell disks from work (we support approx. 5800 Dells) and because they're for business Latitudes, they don't have the "crapware". For someone without those type of disks, the best you can hope for is to borrow someones clean Vista or XP.

dtune59
dtune59

You are so right about this being FUD & what's worse is that it came direct from a DELL customer service officer.

JCitizen
JCitizen

worth it; and that is what I try to get my customers fed up with Windows to do. I have plenty to do without supporting another operating environment. When they see the cost annalysis of not having to put up with down time,slow downs, and AV software costs. They usually see the light. WGA is the Linux community's best selling point.

JCitizen
JCitizen

purposely to undermine them; just so the public will steer towards Windows. You don't think Redmond would have anything to do with that do you? ;) Don't worry about the English; we are more worried about Linux taking over the US(we hope). The rest of the world, bless their souls may have to wait.

casimiro.barreto
casimiro.barreto

Perhaps this is was a Mr. Gates "sponsored news" :) Here in the "lands of South" one important consulting company wasted years of TI managers patience "proving" that MS Windows (NT, 2000, XP...) had a better TCO over Linux (even in server environments). The consequence of this orientation was that discredit made the company leave the country.

j-mart
j-mart

This is a test of if a user has enough brain power to use a computer. Any one too thick to understand the concept of having a root account for admin. and user accounts for normal use obviously has not the intelligence to use a computer.

Deadly Ernest
Deadly Ernest

I ask as I've been using Ubuntu for the past several months, starting with fawn and now Gibbon, (well, Kubuntu, actually) and it does have a password for root access. What it does, is gets you to enter a password when you install it. It uses that password for your root access and your main user account. When you log on, it logs you in as the user, and when you want to do something as root, it asks for your password again. If you're one of those people who wants to have it do an auto initial log in, it can be readily set to do that, but you always still need your root password to be re-entered when you ask to do something that requires root access. I know many people who like it this way, as it saves them having to remember two passwords, and some because they like the auto user log in. If someone can breakdown the encrypted password for one account, they can get both, so it neither adds or removes security, but adds easy of access for some.

Freebird54
Freebird54

thought - as if they ARE smart, they know that with no root password - root can't be hacked. Hardly a reason for this story :)

jlwallen
jlwallen

i always at least add a sudo password to ubuntu . otherwise some applications are a nightmare to install or run. so just run sudo passwd and then give it the password you want to use. now you can actually "su" to "root".

blissb
blissb

One cannot log in to a default ubuntu system as root. Without the primary user's password, one cannot obtain root access unless one has physical access to the machine. And, as we all know, if I have physical access to your machine, I own your data, regardless of whatever passwords there are.

CharlieSpencer
CharlieSpencer

I know you two have covered this in countless other discussions, but I'm going to waste your time and ask again anyway. What is it about Ubuntu that makes it less secure that other distributions? If possible, please phrase your answer in terms a Windows user / Linux neophyte can understand. Feel free to stick with one syllable words.

Neil Higgins
Neil Higgins

for a while Jaqui,and only me.My partner has Vista,on her laptop.Dont ask,it was pre-installed when she bought it. As she does not use Ubuntu,there is only me to consider....er...and my seven year old son,family members ,visitors,burglars....all who should not touch!! But I see your point.However,if you do want that extra safety in Ubuntu: http://www.ubuntux.org/how-to-change-the-root-password-in-ubuntu

Jaqui
Jaqui

that is the first user added's password. open a terminal and try to su you can't, because there is no password on the root account. the *buntu distros use sudo and a non root password for everything.

TechExec2
TechExec2

Joe Keyboard doesn't know nor care about the root account. The Ubuntu default configuration is PERFECT for Joe Keyboard.

CharlieSpencer
CharlieSpencer

Do you think Joe Keyboard knows to do it with the system he just got from Dell? If he knows he should do it, does he know how?

Jaqui
Jaqui

you should be prompted for the root password during the install, not having to force the system to make a root password.

shardeth-15902278
shardeth-15902278

SO this user is using some ther distro. They still will use the same password for root, and for the user account (assuming they even bother with user account. They will probably just log on as root, so they don't have to keep logging out and back in, or su'ing to perform tasks requiring elevated priv's).

shardeth-15902278
shardeth-15902278

If the attacker has put your machine in safe mode, he has obtained physical access to your system, at which point it doesn't matter what your password is, or what you have renamed admin to.

shardeth-15902278
shardeth-15902278

It really doesn't matter which OS they use to perform the above behaviors. Ubuntu's protection in this case is no worse than any other distro.

Raymond Danner
Raymond Danner

That's a broad generalization there, Jaqui, and an insult to those of us who use Ubuntu (in my case, via LiveCD, not an actual live OS) who don't use the same password for all sites, and show preference toward those that do use SSL or TLS logins.

Raymond Danner
Raymond Danner

Brian Mills noted: [i]It's kinda like how Administrator is disabled in XP Home. No password and can't log in.[/i] In fact, Administrator account (which I strongly suggest naming to something ELSE) can be used in Safe Mode (even Safe Mode with Networking) in both XP Home and Pro (and MCE, which is based on XP Pro)

Dumphrey
Dumphrey

in that the default set up in Ubuntu is unsafe. Ubuntu's model is good, but it takes effort to "lock down" the OS to a reasonable security model (firewall, sudo config, service control). And much of this could easily be implemented "out of the box" as it were. I run Ubuntu on a machine at home, but I have spent the time to make it more secure. As it stands, Ubuntu's model is like Windows, "open it up, let the user lock it down," instead of the Unix model of "deny all, allow exceptions."

boxfiddler
boxfiddler

Anyone who uses their personal system password as a password to log in to websites and/or other systems is asking for trouble.

Jaqui
Jaqui

after all, why should they be resposible for anything when business isn't responsible for their products? when they cann / will / do file a law suit for damages because they got screwed through their own actions using ABC Company's product? I'm saying take what happens with devices and apply it to software.

TechExec2
TechExec2

Oh goodie... Now nobody will be personally responsible for anything they do to themselves! :0 ;-) :^0 B-)

Jaqui
Jaqui

with their targeted user base, who use one password for everything, including those plain text website logins. they chose to not have a root password, making the end user's password that is regularly exposed online the system admin password. critical security flaw in default configuration.

Jaqui
Jaqui

has to ignore their target market's habits in the default config and expose their customers to identity theft because of it. maybe Cannonical should be legally responsible for damages from their mistake.

JCitizen
JCitizen

I suspect more like EncFS. You could use the "Ask a Question" function(click the button near the header on this page) here at TechRepublic or better yet find a Ubuntu forum to get quick answers to this.

Tony Hopkinson
Tony Hopkinson

market, they are called home windows users. I call them appliance users, they Browse, IM, email and play games and don't want to be bothered by anything under the hood ever. Start down that route and you end up with holes in your security A single password for everything is the first step down that track.

Freebird54
Freebird54

If you really feel as if you want that extra layer of security, just create a normal 'user' account, and run that. Log in as the 'administrative user' only when required. You then have greater security than a 'standard' Linux setup because the name of the 'admin user' is not obvious - ie: not 'root'. Are there REALLY any people left who use the same password for their machine and for web logons? Do they have any data worth worrying about? :) (wouldn't think they'd remain uncompromised long enough to create any!) Anyway - critical data should be encrypted anyway - you never know when phsyical access might happen.....

Tony Hopkinson
Tony Hopkinson

You don't need to log on a root in defaault Ubuntu, you need to log in as me or you. Two passwords to get to the good stuff vs one is what we are talking about and the mentality that says this is a good idea. Physical security is always important but if you don't have electronic security, it will rarely matter.

TechExec2
TechExec2

. There are TWO violations of good security practice here and neither one is Ubuntu's fault: 1. Never login across the Internet in clear text. 2. Always use a different password on each website or system. If these people get burned by doing either of these, I consider it the forces of "digital evolution" at work cleaning up the gene pool! ;-) :^0

TechExec2
TechExec2

. [b][i]"...I still have trouble seeing how having root access locked out is a security risk. The blanked password part I can see, but disallowing root login seems like a good thing in the case where users don't really know what they're mucking around with..."[/i][/b] You're absolutely right. Having root "disabled" is an improvement. There is nothing wrong with Ubuntu's default configuration after install. It just rubs traditional Unix gurus the wrong way. One caveat: Because the "administrator user" account that is created during install can elevate privilege to run as root via sudo, that account must have a very strong password, just like the root account would. See my other post for more information about this: Don't fear the Ubuntu http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=243773&messageID=2356888

Jaqui
Jaqui

for the typical persons use of one password for everything. add to that the typical website not using ssl for logins and all *buntu users are giving their "admin" password in plain text across the internet.

JCitizen
JCitizen

I'm reading the links and still not getting a clear picture. But I saw a curious affect once while running XP Pro as a restricted user. When I right clicked on the application I wanted to run as Administrator the whole account suddenly ran as an adminstrator. Every uninstalled piece of spyware/virus that was in that user's temp files promptly installed themselves and I had a heck of a time cleaning up the mess. Consequently I have never had confidence that I truely understood the Windows NT security model either.

JCitizen
JCitizen

In XP Home, but you probably knew that already. I just added it for other readers here possibly.

brian.mills
brian.mills

I guess I had my terminology wrong. I still have trouble seeing how having root access locked out is a security risk. The blanked password part I can see, but disallowing root login seems like a good thing in the case where users don't really know what they're mucking around with.

Dumphrey
Dumphrey

is not disabled, its locked out from logging in, and has an unset password.

ginkep
ginkep

and what about encryption - EFS?

brian.mills
brian.mills

It's kinda like how Administrator is disabled in XP Home. No password and can't log in. I guess it would still be possible for malicious software to gain root access if it was piggybacking on something being installed, but overall if an account is disabled I thought that was more secure than having it enabled even with a password.

Dumphrey
Dumphrey

each generation. Its a matter of opening the firewall controls, clicking the add button, and telling it you want to add a port. Fedora 8 now has integration of custom rules into the default policy with a minimal of work. For basic personal firewall use its more then adaquate, but it lacks any real granular control that many other packages give you. But, being linux, you can install those packages as well.

shardeth-15902278
shardeth-15902278

Pluggable security center... nice. Very cool. I like it. Fedora Firewall. I always wound up disabling it and then building my own, because there was something I needs a port open for that wasn't in there easy list. Problem is, I forget what it was now... May have been something that wouldn't be an issue for most users...

Dumphrey
Dumphrey

About the firewall for average end users, and even something a simple as what the Fedora and Red Hat distros do would be of use, it asks what traffic you want to allow for Incoming, unsolicited traffic, and blocks the rest, with an allow all on the out going. Very much XP Firewall-esq. As for logical raid, the server version should definitely have it, and it should be an advanced option on the desktop version, if for no other reason then for people to play with... But, there is no real excuse for not including LVM and encrypted file structure support in the default install. Seems to me, LVs would fit in with the Ubuntu mission. Need space? Add a new disk and the Ubuntu-disk-wizard-script auto add the new disk to the existing volume group... I like your idea no a security center. Really I think every OS should have one, with security being as important as it is now days. It could be made easier for the SS programmer in Linux my setting some guide lines for compatible programs to integrate with Security Center, and that way, they just have to write the frame, and ideally, a simple, basic set of tools to be replaced by the user at a latter date.

Dumphrey
Dumphrey

I do know it was enabled in both 6.X.Xs and 7.04. It would be nice if it was nt enabled by default in 7.10. I installed 7.10 long enough to figure out I needed to turn off the default beryl/compriz mess, it just does not play nice with the propriatry ATI divers. Right now I have Fedora7 and MythBuntu on that box. I will run a 7.10 install at some point this week and double check my memory on the bittorrent stuff.

shardeth-15902278
shardeth-15902278

I have a completely default install using the 7.10 desktop CD. I am not seeing anything about torrent on the screen during startup, nor can I see anything in any logfiles, nor am I seeing anything 'torrent'esque with rcconf. Find didn't turn up anything either. Perhaps it was only in a previous version?

shardeth-15902278
shardeth-15902278

I don't really count that as being there, since a commandline, apt-get and modprobe are involved. And yeah, the encryptedFS is probably even more important nowadays than LVM (and is available in VISTA, so to remain comparable...) RAID...I am of two minds on that one, certainly should be in the Server version, the desktop version?... well, I like it and might use it, but desktop RAID often leads to a higher failure rate due to increased complexity. Might be better not to make that one readily available to average user... The firewall is of course built-in, and thus is there, just in allow any:any by default. Thus my thought of a security center to let you know that this was a high-risk state to be in. Now that I think about that though, average user... They should probably just pick one of the easier and more lighweight firewall front-ends and install it by default with a ruleset. (For the security center to work well, it would need to be able to deregister from that front-end and register to an alternate front-end of the users choice). Actually, the windows server 2003 (SP1 or maybe not until 2,can't remember now) strategy is quite nice. The system starts out completely firewalled. One first login, you go through you prep steps, including getting al current updates. Once you are done' with that, it relaxes to operation security. I wouldn't mind seeing them adopt something similar to that...

Dumphrey
Dumphrey

you just have to do some prep work by installing the LVM managment packages etc to the live environment prior to starting the install. But I do agree that this should BE THERE ALREADY! As should encrypted filesystem support (once again, ETCH supports this by default, so why not Ubuntu?)and logical raid support. And as for the security center, they would have to enable a firewall to need the firewall configs, but it would be a good idea, especially now that AppArmor is included in Gibbon. I would like to see Tripwire in that center.... Maybe we should send Canonical some feedback on this.

Dumphrey
Dumphrey

The second user you create would have zero permissions other then basic user permissions. No sudo, no su, no installs, write permissiosn to home folder and tmp (maybe) only. You can then go in and assign very specific commands they are allowed to run through sudo. And even with the initial admin user, you still are required to sudo to get permissions.

Dumphrey
Dumphrey

You can see the "starting bit torrent" message while the computer is booting unless you have it on quiet boot or hide everything under a splash screen (neither is default behavior for *buntu). first, apt-get install rcconf (to actually be able to see and manage all the start ups) next run rcconf from a terminal. last, disable bit torrent from default startup. BUM also works to do this. I originally thought maybe Ubuntu was using BT to download updates etc... but it isn't its just there as part of their end-user experience, as Gnome and KDE both have default BT clients now that are installed by default if you install anything more then "base" system.

shardeth-15902278
shardeth-15902278

and similar system for finding and adding "restricted plugins", is what first grabbed me (that and the ridiculously easy VMWARE integration). I like the way their strategy stays true to the Debian principle of open source, while at the same time making it easy for the end-user. My only gripe at this point is the lack of LVM support in the install (which I realize exceeds the goal of an XP or Vista replacment). And from a XP/Vista replacment standpoint, there probably ought to be a "Security center" tool in the default install, with at least a super-friendly firewall management tool (you could go crazy with it, and add spamassassin, an AV monitor, a vulnerability assessment tool..., not installing them all mind you, just providing a single, friendly interface to inform the user, and make it easy too select and deploy the associated packages if desired). It is the first (and to date, the only) install that my wireless adapter "just worked" on. It has definitely scored points in easy-to-install and-easy-to use...

shardeth-15902278
shardeth-15902278

All that should be necessary to satify the more security paranoid, is to realize the the first account created is a named admin account (since the generic admin account is wisely disabled by default). As such, the security conscious shoud immediately create a separate "normal user" account for their "normal" use. And then only log in to the named admin account as required for admin purposes. Yes? No? Go back to my corner?...

shardeth-15902278
shardeth-15902278

That just flat out wouldn't even boot the CD on my system. I am afraid they haven't sold me yet...

roaming
roaming

"Ubuntu configures two "kinds" of user accounts: "administrator user" and "normal user". The configuration difference is that the "administrator user" accounts belong to the "admin" group while the "normal user" accounts do not. This allows "administrator user" accounts to elevate privilege via the sudo command (the 'admin' group is in the /etc/sudoers file). The "normal user" accounts are not permitted to elevate privilege at any time." Now that I know it I can make the changes to my mother's laptop so that she cannot sudo. That bit is what has worried me for a while.

Dumphrey
Dumphrey

iptables/chains depending on 2.6 or 2.4 kernel. The firewalls you are referring to are actually just front ends to the messy command lines for iptables. I started to learn the syntax, but got side tracked before I could do more then block all traffic and allow http =\ I hope to get back to it soon as we can get the monitoring station and call center moved. FrozenTux has a very good on-line for iptables, worth a good read. http://iptables-tutorial.frozentux.net/iptables-tutorial.html

Dumphrey
Dumphrey

and I agree except for one issue, bit torrent service is enabled and started by default on every version of Ubuntu I have installed since 6.06. Not a huge issue since I do not know any major BT exploits, but its a service that should be off by default I would say, but thats just me =) Maybe Ubuntu Security for the Paranoid is a thread I need to start.... I have never refused Ubuntu, and in many ways prefer it to other distros for its ease of use features, but I guess I approached it in much the same way as I would Windows, and assumed it was insecure until I locked it down. After reading through more of their security model, I now realize it is much safer then I thought, but, I will still continue to lock down my box =)

Dumphrey
Dumphrey

to give you a root terminal.

badiane_ka
badiane_ka

Then look into the server version Ubuntu and just add the desktop packages you need. Anyway Canonical is offering support now.

badiane_ka
badiane_ka

antithetic? Aren't the many concepts which make up NT security a bit beyond a newbies capacity? It's either you're a newbie or you can handle NT security concepts. There are tons of distros to choose from. Find any distro based on Slackware, Gentoo, Debian, Opensolaris (Nexenta has Debian apt/get with Solaris Kernel with 12,200 applications), NetBSD, FreeBSD, OpenBSD based distros. What's lacking here is information which will help you understand which distro will serve your needs best and how to get the most out of that distro.

badiane_ka
badiane_ka

sudo /bin/su - give me when sudo is not properly configure to prevent this kind of behavior?

TechExec2
TechExec2

. I'm glad you found my posts helpful! Regarding firewalls and Ubuntu: ** Yes. The default Ubuntu configuration does not include a firewall. But... ** The default Ubuntu configuration does not include any installed or enabled network service listeners either (no SSH, no FTP, no NFS, no SMB, etc). ** Given the default configuration and targeting the end user, they could have easily included a full stealth firewall by default without adding any complexity to installation, configuration, or function. I would prefer to see this. ** "Firestarter", a simple and effective workstation firewall, can be easily installed via "Add/Remove Programs" (aka Adept Installer). ** Other more sophisticated (and more complicated) firewalls are available via the full Adept Package Manager (in Kubuntu: K -> System -> Adept Manager). In Ubuntu, the "missing" root account, "missing" firewall, and "missing" network service listeners are all part of the same thing: The Ubuntu people are trying to create a great end-user desktop Linux that is much simpler and less geeky while still being secure "out of the box". I think they've done a great job. Cheers!

Deadly Ernest
Deadly Ernest

firewall loaded in it, all you have to do is choose to install it from the disc, and activate it.

Penguin_me
Penguin_me

Fair enough, but SU isn't run as, sudo is the closest thing to run as, as it means "Run this command as root"... so really the windows equivalent to sudo *is* run as, just without the option to run it as anything but Admin.

Dumphrey
Dumphrey

After reading some of your posts, I went back and looked at a default Ubuntu install, to see if it was secure enough for normal use. I won't go into many details, but it has much less attack surface (brute force)then Windows XPsp2 (both in default mode). The core Ubuntu OS seems secure, and I have looked at their user policy and have no problems with it. My major concern has always been the lack of firewall, but I am now much less concerned then I was. But, if I was putting a Ubuntu box directly on the net, I would configure a restrictive firewall as an extra (required in my mind) precaution. But, as it stands, I agree with you in that its not to be feared. Also, even though you can not su to root by default, sudo su works just fine, and only requires the admin user's password.

Neon Samurai
Neon Samurai

It takes a minimal install and adds in all the packages then updates all the configuration files with my server specific info (hostname, mail deamon settings) and finally builds a couple of tarballs for needed programs not available as RPM packages (ISPConfig and some others). It's pretty cool to see it in action and has cut my server rebuild time down from a few hours of hunting and picking for packages to an hour of standardized selections with only a few places that require human interaction. I could probably remove all human interaction within the script using Expect. (The final build will have restore images and backups but I needed a script to automate the initial build and consecutive rebuilds of the development rig.) Now, it's currently a glorified .bat file until I get some grep and replace coding into it rather than "echo blah >> file" or "cp base.file /path/file" but wow is scripting a whole new thing under *nix. I used to write some crazy .bat for dos and have done some complicated .bat and .cmd for winNT but nothing like scripting for Bash. I hear Perl makes scripting a whole new level above that again. Note, I know of .vbs but I've always done my VB VC++ coding in studio or used a nice small third party macro/scripter I picked up (an old copy of Hotkey macro recorder).

Deadly Ernest
Deadly Ernest

Kubuntu in 7.04 and 7.10 are both very easy to use - they have a very Windowish feel to them, this helps with us long term Windows addicts - in fact, Kubuntu out of the box, looks more like the old familiar Windows 98, than Vista or XP do when first out of the box. I have an Intel 64 bit system, and the 7.04 Kubuntu work great with a basic auto install - all my fancy hardware works with out of the box drivers etc - no extra software to load - except the 64 bit version of WINE, for some older applications I use (Forte Agent is the main one).

JCitizen
JCitizen

Set me on the road to Linux as well. Good to hear about Kubuntu 64bit as that is the path I am on also. I am a newbie but I hear good things about the KDE kernel.

Deadly Ernest
Deadly Ernest

distributions after over 15 years of Microsoft DOS and Windows - I wanted an operating system that did NOT force me to rebuild the system every five or six weeks. No broadband access, so I turned off Auto updates and was selective about updates. Get four or five weeks behind in your updates, or not have them all, and WGA declares your system a pirate. Crash of system, another call to MS for another reactivation code, but it requires a rebuild to work, aarrggh. Finally got fed up and looked at various Linux distros. Liked SimplyMEPIS, but had some issues with the 64 bit version, so now use Kubuntu - and no issues at all.

JCitizen
JCitizen

"Continue anyway" a lot when I install drivers and other software. Microsoft seems to go out of their way to generated animosity between them and their software customers too. Everysince WGA I have been planning the switch.

Deadly Ernest
Deadly Ernest

is that many of the manufacturers have given up on making the equipment out of the box compatible with Windows. Many years ago, the industry established a group of standard instruction sets for all hardware. This is what made 'plug and play' possible. For a short period, everyone used them. Then Microsoft started writing their Windows software using a different set of instructions, and you needed a driver for each piece of hardware to work with Windows, unless a driver was already in the Windows driver sets. Many manufacturers decided to make their equipment more compatible with Windows, and started designing their new equipment to use the instruction set of the current Windows operating system. That's why some systems are just plug and use for Win 2000/XP but need special drivers for Win 98 etc. This worked well for the peripheral manufacturers for a short while. Then, in one of the XP service packs, MS changed part of the hardware instruction set - which is why some equipment needed new drivers after that SP was installed. The new XP drivers included both instruction sets. Since MS don't give out their instructions sets freely, the hardware manufacturers had to pay for them, twice; this upset a few of them. Since that problem, some have gone back to using the generic instruction set, and writing complete driver sets for Windows. Because of this, any operating system using the generic instruction set will work with that hardware without the need for a special driver. Basic Linux, and most of the distributions, uses the generic instruction set. This makes it a lot easier to use hardware out of the box now. If all the hardware manufacturers went to using generic instruction sets, and put the responsibility of writing Windows compatible drivers on MS, we'd see a lot of people move away from Windows. As it is, many people don't upgrade their Windows OS, as the new stuff doesn't have compatible drivers for their peripherals - especially their specialised peripherals. As it is, MS gets other people to do a lot of their work for them in this area, because MS uses non standard code.

JCitizen
JCitizen

Windows drivers let alone support Ubuntu. I'd bet a guy would have better luck looking at who ever made the original equipment. I see a lot of Linux support listed at OEM hardware sites lately.

Deadly Ernest
Deadly Ernest

and they'll help with anything that's a standard Ubuntu matter - the only issues likely to be unusual are any Dell special hardware that requires special drivers. If Dell hand these over to be included in the standard Ubuntu repositories, there's absolutely no support issues at all. However, what's more likely, for Dell to keep those drivers as proprietary and not hand them over - then, you could see some support issues related tot he drivers and interactions with updates etc. In much the same way they have issues with updates and drivers in Windows.

Vladas Saulis
Vladas Saulis

When user can run [b]sudo bash[/b] and he gets root shell, it's turns to be a full equivalent of [b]su[/b]. Sudo in any system must be configured to run only [i]some[/i] of commands, and not all.

Neon Samurai
Neon Samurai

When LiveCD still seemed like a novelty, I setup a VM with 512 alocated ram and a 100 meg hard drive file (minimum under VMware) just to check out ISO. If I found one that I wanted to check out on physical hardare then out comes the DVD blanks. My work issued notebook runs off a Mandriva liveCD too when I'm home unless I'm doing work. It's nice to have that *nix network transparency to run apps off my desktop from anywhere in the house a-la wifi thin-client style. It's actually a little surprising to me that when I first got my hands on VMware (late too the party by some standars) liveCD outside of Knoppix seems like a novelty and now it's become simply expected for a distribution to have a liveCD option along side a DVD and CD custom install. Happy hacking, glad to have been of help.

Neon Samurai
Neon Samurai

That's what I remember hearing anyhow but I didn't have reason to dig through Dell or Cononical's website being that I'm not in the market for a new machine or currently being asked for that type of recommendation. If I'd heard correctly though, Dell was selling the hardware with Ubuntu installed then forwarding customers to Cononical's call centres for support.

JCitizen
JCitizen

Aren't there projects out their that already sell support for various distros like Ubuntu? I'm pretty sure there are for Mandriva(Linspire); I'm just not up to snuff on the other distros. If so, Dell could have at least pointed their customers toward that direction; if they didn't have such a pigheaded proprietary attitude that is.

TechExec2
TechExec2

. In Ubuntu's default configuration, the first user created is an "administrator user". It is a regular Unix user account that belongs to the "admin" group that is permitted to use sudo by the default configuration. It is the "admin" [u]group[/u] that is permitted to use sudo in the default configuration, not the individual user. Of course, it cannot "su" to the root account because root is "disabled" (no password). Subsequent users can be "administrator users" or "normal users" depending on whether you make them a member of the "admin" group or not when you create the account. It is not necessary to edit the sudoers file to create another "administrator user".

JCitizen
JCitizen

Good grief even Walmart was smart enough to sell Lindows units with a year of support. I don't know about the new one Wally World is offering now. I still think these people WANT the project to fail just to make Microsoft look good.

JCitizen
JCitizen

But you really sold me on the idea of doing the LiveCD route. I can always install permanent later. I'm always looking for a better distro for newbies so I can wean more and more of them from Microsoft. Some of them already know more about Linux/Unix than I do. I could make more money supporting Windows but I would rather have a satisfied customer. People are generaly happy to find out they can upgrade their OS and still keep most of the equipment they already have, instead of buying a new more expensive machine with Vista and never knowing what to expect from that combo! This has become even more so a reality as I am running into more customers that own a 64bit ready machine but can't afford 64bit Vista. They, like I, want the full 64bit experience, even if they got to search for new apps.

Deadly Ernest
Deadly Ernest

been created by Dell - the system should be installed and set up for proper working before it leaves their facility, the same way they do with the Windows machines. I would expect some driver problems as Dell has a reputation for using obscure but very cheap hardware at time - thus making proper drivers a major issue. But they should be ensuring they have working drivers for their systems and have them installed. After that, other software etc is very simple with Ubuntu.

Dumphrey
Dumphrey

thats only for the default user created during the install. All subsequent users are "normal" and would require editing the sudoers file to provide them any root-like access. Which is similar to running XP as a non-admin user, but with some "power user" like perks.

Dumphrey
Dumphrey

but he did ask for "simple terms" that a "windows user" would understand. As windows does not really have an equivalent to sudo, I linked su to "run as"

dtune59
dtune59

I think this is exactly where Dell comes unstuck in this venture because their website clearly states: NO UBUNTU SUPPORT.

Neon Samurai
Neon Samurai

Mandriva's liveCDs are well done and I've had little issue with hardware recognition. The 2008 menu layout is much cleaner than 2007 and the drak tools are fantastic for administration. PCLinuxOS uses the drak tools I'm told. That would probably be my second choice though I've not looked at the liveCD so I'm speculating. OpenSuse I hear good things about also since it's polished by Novell for businesses. You'll have to decided for yourself on that one though as most still have political feelings about it. Dell choosing Ubuntu wasn't a surprise as it's also a very good entry to advanced level distribution. It still comes down to playign with liveCD to find what you like. Stick to the major distributions like those listed above. Mint and a few other's may also interest you. (hit distrowatch.org for a comprehensive listing)

CG IT
CG IT

I think Dell found out that Unbuntu was a support nightmare $$ wise and that warranty returns from average joe user was running way to high, simply because average joe user couldn't figure out how to run Unbuntu. That and the call centers in India didn't have the paper scripts the operators could read to average joe user to fix the problem.

Penguin_me
Penguin_me

Just to correct you here, SU is *NOT* "Run as root" that's effectively what SUDO is for, SU stands for "Switch user" when it's run on its own it switches to the root account, but if you specify a username it will switch to that user (i.e. "su bob" will switch to the user bob). By contrast, SUDO will run the command as root and then return you to the original state (i.e. on the command line it'll run the command as root and then put you back to your normal user).

TechExec2
TechExec2

You're quite welcome. I'm glad my post was helpful to you! B-)

Tony Hopkinson
Tony Hopkinson

I'm saying right so by default it's less secure to appeal to a wider market. It''s doing better than more secure distros but not as well as we'd like, so let's make it even less secure. More the the thinking behind it than the implementation. Not worried about configuration, if you can't configure it, it's not linux.

TechExec2
TechExec2

. I think Ubuntu is designed to attract end users in the same way that Mac OS X and Windows Vista are. That is a strength, not a weakness. I've found that there are no compromises for technical users. It's a distro that is very easy to like. It's a great distro to standardize an entire company on, end users AND technical users. OpenOffice? Got it. Eclipse? Got it. OCaml? Got it. I don't worry about security with Ubuntu's default account configuration. I've studied what they did and how they did it so I know, I don't fear. It's different than the traditional Unix/Linux configuration. It is arguably a little less secure than the traditional Unix/Linux configuration. But, I consider it very secure so long as you use a very strong password on the "administrator user" account, just like you do with a root account. Anyone who is concerned can just change it to work the traditional way. Two quick steps, and you're traditional.

TechExec2
TechExec2

. [b]Ubuntu is better for a standalone end user[/b] For a standalone end user (no sysadmin), the default Ubuntu install provides a simple secure approach with one non-root "administrator user" account just like Mac OS X and Vista. The user runs as a normal unprivileged user at all times unless he explicitly elevates privilege by: (1) Using sudo and entering his own password at the command prompt to run one command, or (2) Entering his own password into a GUI dialog when prompted after pressing the "Administrator" button on certain admin-only functions in the GUI. It is not possible to login as root (in the GUI logon, local terminal session, nor remote terminal session) and not possible to "su" to root. This is on par with Mac OS X and Vista, and much more secure than Windows XP. [b]Ubuntu works well for a corporate environment[/b] For a corporate environment (end user and sysadmin), the system administrator would configure two accounts: (1) One "administrator user" account for himself and (2) One "normal user" account for the end user. The end user cannot elevate privilege to root at any time. The root account is still "disabled". And, the only account that can elevate to root (the administrator's) has a name that a hacker must guess before attempting to break into it. [b]Ubuntu can work the traditional way for experts[/b] Anyone who wants Ubuntu to work the traditional way can easily change it. See: Don't fear the Ubuntu http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=243773&messageID=2356888 [b]This is a complete non-issue[/b] There is a lot more to Ubuntu than its default user account configuration. ** It is very polished and the best I've found so far. This is very evident once you spend a little time with it. The "corners" are much more rounded than in Fedora 6 and 7 for example. ** Very easy to get digital media support (encrypted DVD, MP3, iTunes AAC without DRM, QuickTime, Flash). ** Very easy to get the fully legal and licensed Microsoft Fonts for the Web installed. I happen to LIKE to see my familiar Microsoft fonts in my UI! :^0 ** It has a huge following. It has the best end-user support forums I have found. Great detailed information. More help. Less attitude. ** There are a lot of developers working on it. Their work shows. ** It is now considered a major distro by software vendors right up there with RedHat and Suse. It is one of the few distros officially supported by VMware (painless install by the way). ** It gets a lot of support from Canonical. Those direct CD downloads come down to me at 600+ KBytes per second every time (true!). No messing around with Torrents. ** Reliable releases every 6 months. It stays current with the OSS developers releases of enhancements and bug fixes, unlike may distros. ** The application install/remove is fast and tight. I've never seen it break. It has "every" program out there including proprietary video drivers that provide superior video performance and make multiple monitor support a breeze, etc. If you like other things about Ubuntu, but want the root and user accounts to work the traditional way, you can change it in two steps and less than 30 seconds. I really consider this a complete non-issue. There are far more important reasons to choose a distro that this. Those are the reasons I settled on Ubuntu. And, after getting used to the default account configuration, I came to like it. But, that's what's great about Linux. There are many flavors and each of us can pick the one that tastes the best to us. Cheers...

yschoo1
yschoo1

I have tried PCLinuxOS for a week and I still prefer Ubuntu 7.10.

yschoo1
yschoo1

Now, at least I know what we are dealing with and what the rantings are all about.

JCitizen
JCitizen

Its been a while but it seemed like I was able to set up a root account and user at the moment of installation. All prompted during installation; I was using Mandrake 7.0 at the time.. I was looking for something that newbies could use on an old computer and get NT strong security without going to Windows 2000 Pro, or XP. The only problem was, I was going to end up installing all the applications because newbies don't know anything about REM. I could have made money off the support but that was what I was trying to steer them away from.

Tony Hopkinson
Tony Hopkinson

ie appliance users rather than techs. Doesn't it worry you that the default is less secure than standard? The thinking behind it worries me a fair bit, it's almost MS like.

Tony Hopkinson
Tony Hopkinson

On the default secure option. You must define a strong root password and a user to use. You cannot login as root remotely. If you use su you must enter the root password. That means you have to crack my password, then crack root. In Ubuntu you crack the user password and you have su, and it does not require a further password. It's sort of like Vista with UAC on as a user with admin rights. Only one layer of security. Any one who has admin rights can take this shortcut in one way or another, but should it be the out of the box option, especiaally when specifically targeting the less technical?

JCitizen
JCitizen

Hopefully legal too. They sure like to sell support for Windows. I imagine it would assuredly still compare price wise to the Windows box. Even if it didn't it would get people away from all the Windows problems so they could concentrate on just enjoying computing for once. That is worth a lot - No more calling me and getting charged for figuring out Windows annoyances, no more bloat, no more bloated anti-virus/maleware suites, no more slow page loading because of all previous mentioned causes; NO MORE FLIPPING WGA ISSUES!! Oh Yeah! I think is is well worth it!

JCitizen
JCitizen

I can now put any Dell customer's mind at ease; as I do occasionally contract for them. I'll bend over backwards if I have to in the process of weaning the public off Windows.

JCitizen
JCitizen

As I will be booting from the DVD/CD drive; this sounds good. Everything will be lost when I reboot. I will only save to flash drive when needed.'Bout as secure as you can get at the evaluation stage. I do appreciate your time and input.

TechExec2
TechExec2

. With all due respect to the Linux and Unix gurus who have had bad things to say about Ubuntu, don't fear the Ubuntu. Ubuntu is still 100% Linux and is quite secure. The default install of Ubuntu implements a [u]configuration[/u] that operates very much like Mac OS X and Windows Vista instead of traditional Unix. It is not like Windows XP and is not vulnerable in the way Windows XP is vulnerable. All of the details appear below: [b]Traditional Unix/Linux Configuration[/b] Since Ubuntu is 100% Linux but with a non-traditional default configuration, let's first review the traditional Unix/Linux configuration. ** There are two kinds of accounts: root and user. The root account is "god" and can do anything to the system. By default, user accounts can only affect their own files and cannot damage the system. Anything beyond that must be explicitly set up by the system administrator in advance via his root account. ** su command: This command allows any user who knows the "root" account password to start a root terminal session after login to his own user account. ** sudo command: This command allows any permitted user account to run a program as root (command line or GUI) by entering [u]his own[/u] password when prompted (not the root password). A user is explicitly granted permission to use the sudo command by the system administrator by modifying the /etc/sudoers file. Security management notes: ** The root account is an obvious hacker target. The administrator must take steps to protect the root account: Assign a very strong password (always). Don't allow remote login to root (as appropriate). Etc. ** Because a root session can do anything to the system, the administrator must be strictly disciplined about [u]when[/u] he uses the root account. He must not routinely run as root on the system. If he does, the system is vulnerable like Windows XP is vulnerable. He greatly increases the chance he will unintentionally run a malware program at the time he is running as root, thus giving the malware a free run as root on the system. ** To take over a system, a cracker must break the "very secure" root password to login directly as root. Or, he must break a "frequently weak" user password to login as the user, and then break the "very secure" root password to run as root. [b]Ubuntu Default Configuration[/b] ** Ubuntu is 100% Linux. The difference is in the [u]default configuration[/u]. Since it is just a configuration difference, you can easily reconfigure Ubuntu to work just like other Linux distros if you wish. See below. ** I'm speaking specifically about Ubuntu 7.04 "Feisty Fawn" here. There could be default configuration differences in other versions (but I doubt they are major). ** There are still just two kinds of accounts: root and user. Ubuntu is Linux! ** The root account is present but "disabled" (no password assigned). You cannot login to root locally or remotely, nor can you use "su" to the root account. ** Ubuntu configures two "kinds" of user accounts: "administrator user" and "normal user". The configuration difference is that the "administrator user" accounts belong to the "admin" group while the "normal user" accounts do not. This allows "administrator user" accounts to elevate privilege via the sudo command (the 'admin' group is in the /etc/sudoers file). The "normal user" accounts are not permitted to elevate privilege at any time. ** During Ubuntu install, one "administrator user" account is created. For a single-user standalone (no sysadmin) system, it is safe to use this account as the only account in the system. This account operates much like the "administrator" account in Mac OS X or Windows Vista. It runs as a normal user at all times, except when explicit privilege escalation is done. An "administrator user" account is not equivalent to the "Administrator" account in Windows XP (which is equivalent to the Unix/Linux root account). ** "su" and "sudo" work the same in Ubuntu as any other Linux. Ubuntu is Linux! In the default configuration: (1) Because "root" is "disabled" (no password), you cannot "su" into the root account, and (2) Ubuntu preconfigures sudo (/etc/sudoers file) to permit any user in the "admin" group to use sudo to do anything as root. ** Bonus: Various administrative functions in the GUI have an "Administrator" button that can be clicked in order to make changes to the system configuration. A dialog is displayed and you must enter your "administrator user" account password. This runs "sudo" in the GUI. This is the same way Mac OS X and Vista elevate privilege. This scheme helps to ensure malware cannot run as root without explicit privilege elevation by the user. Security managements notes: ** As the root account is "disabled" in the default install, this obvious target is removed from vulnerability altogether. This is actually SAFER than traditional Linux because the root account is the primary target for remote brute force SSH attacks. ** As the "administrator user" account that has the power to run as root can be ANYTHING and will never be named "root", this adds a level of obscurity that also increases the safety of an Ubuntu system. A potential hacker must correctly guess the "administrator user" account name, then break the password. As always, obscurity is not security. A very strong password is a must for a Ubuntu "administrator user" account, just as for the root account. ** The system administrator must assign his own "administrator user" account a very strong password just like he would the root account. Likewise, he must ensure that anyone he adds to the "admin" group, and thus deputizes them as "administrator user" accounts, must always assign a very strong password. ** To lock down an end-user's system from modification, the system administrator must create an Ubuntu "normal user" account for the end user instead of an Ubuntu "administrator user" account. This is normal Unix/Linux system administration. [b]How to reconfigure Ubuntu to work like traditional Unix/Linux[/b] If you really dislike Ubuntu's default configuration, it is very simple to make it work in the traditional way. Two steps and about 30 seconds: [b]Step 1.[/b] Assign a password to the "root" account with the "passwd" command. You must login to an "administrator user" account, and you must use "sudo" because even an "administrator user" is not permitted to change passwords on other accounts. The sudo command will prompt you for your own password before executing the passwd command. sudo passwd root Note: Even if you "enable" the root account in this way, the default configuration of Ubuntu will NOT allow you to login directly to root via the GUI. It will only allow terminal sessions by remote (ssh) or local (su command). [b]Step 2.[/b] Edit the /etc/sudoers file and remove the following line. This one line is what permits "administrator user" accounts to use sudo. %admin ALL=(ALL) ALL [b]Conclusions[/b] Personally, I *LIKE* the default Ubuntu security configuration (although I also enable the root account). It's a good combination of security and usability. Notice I didn't say "compromise". There is nothing wrong with Ubuntu's default user account configuration. I consider it an [u]improvement[/u] on the traditional Unix security configuration for a workstation. Even for a server, the disabled root account is a plus in the default configuration. But, for a server, there are lots of other security considerations that go beyond Ubuntu's default configuration of user accounts. And, since you can easily reconfigure Ubuntu to operate in the traditional way, this is completely a non-issue. Choose a distribution for some other reason. And, Ubuntu has many of those other reasons in spades. Don't fear the Ubuntu! ;-) edit: minor corrections, clarifications

Jaqui
Jaqui

a relaxed version of the standard model, they allow root login in a gui, which most distros don't. [ makes doing updates or installing more software easier, log in as root and do the admin tasks then log out, one password entry, the login. dangerous to your system to be rot in a gui, since you have 100% access to the entire system and could delete something critical by mistake.. which is countered by the trash bin on the desktop, [SHIFT]+[DELETE} required to actually delete from in a gui instead of send to trash bin. ]

CharlieSpencer
CharlieSpencer

While I was aware Ubuntu has a disabled root account and would prompt for sudo credentials, I didn't know it would accept the first user's p/w instead of a separate root account p/w. That sure does look a lot like running Windows logged in as Administrator. Thanks.

JCitizen
JCitizen

I'll have to go back to that site and bone up on their security model; just for my own education. Thanks Jaqui! I am and will be definitely going to try their LiveCD as Neon suggested; there is no accounting for the Dell dunderheads at corporate.

Jaqui
Jaqui

They didn't pull the same thing as Cannonical did, and they have an even more polished distro.

Jaqui
Jaqui

is that they essentially TURNED OFF the System Administrator account. essentially the first user on a *buntu install [ the only one for 99.9995% of them ] is the administrator, so they FORCED people to pull the MS thing of ALWAYS running as administrator.

JCitizen
JCitizen

For ease of use balanced with security and update support?

Neon Samurai
Neon Samurai

As Dumphrey points out, the regular user on Ubuntu is basically an Administrator limited only by the need to re-enter there user password at an "allow or deny" messagebox or place "sudo" before any command at a console prompt indicating that the command should run with Admin rights. At most, you'll need the user's password which is probably easier to get than the Administrator's password. At best, you just need to get fingers on there keyboard and hit the console. The better way is to maintain complete seporation between Administrator and the regular user accounts. "allow or deny" should require the Root password not the currently logged in first user's password. I'm not sure of "sudu command" prompts for a password; I surely hope it does though again, it should be the Root password. The underlying architeture is still *nix with it's various strengths but the user/administrator is managed like WinXP with a barely rased speedbump.

Vladas Saulis
Vladas Saulis

I remember the days when Dell was shipped with RH 6.1 preistalled. That was good and stable enough, and had very good support from DELL in [i]commercial[/i] cooperation with RedHat. RH and only RH could create regular updates for his Linux packages and releases, so customers were quite happy with this policy. With Ubuntu user now has an unlimited access to the untrusted (including World) repositories. Even worse that there exist full Ubunturelease updates (Gutsy and previuos) that brakes systems hard almosts at every second installation. This often happens if user had updated or installed some untrusted packages from worldwide repositories. Ubuntu (like all Debian) is an untrusted Linux distribution source. No one on the Planet could take any responsibility on careful tests and/or security, as well as support and maintenance in such conditions. I think, Dell just understood that it would be incapable to provide any good support or help on Ubuntu.

Dumphrey
Dumphrey

on Ubuntu security. The debate stems from the rampant use Ubuntu makes of the sudo command, it prompts you with a "run as administrator" option when access is needed, but it wants the current users password, not the root/administrator password. Ubuntu gives the first user created, during install, nearly complete root powers (they have to sudo to gain access). A single compromised password, for a normal daily user can compromise the entire machine. Subsequent users do not have full sudo privileges. (This is in Ubuntu 6.06 ie the stable version I will have to double check this in 7.04 and 7.10) Sudo can be restricted, and controlled, so that one user may only have sudo rights to mount hard drives, or update software, or just update the apt-cache. But managing sudo is an irritation, as once you limit the abilities, you have to explicitly state all commands you will allow. Sudo was originally intended for allowing limited access to one or two scripts/services that needed more then standard user privileges. http://www.softpanorama.org/Access_control/sudo.shtml Has a good over view of pros and cons. Debian, the Ubuntu base, asks you for the root (administrator)password if you need access to root powers, this is the basic Linux method. The two password system used by 99.9% of *.nix systems is generally considered safer (and I agree with this mode of thought, see the cons in the listed article for sudo). And the su (run as)command exists in all Linux systems to allow you to gain root access if needed (using the root password). MY problem with the Ubuntu security lies in its complete lack of a firewall and several unwanted services running by default. The firewall can be taken care of by straight command line (ACK! not for me yet, I am working on it though) or any of several gui tools to create the rule base for ipchains. The unwanted services (example a bittorrent service is enabled by default) can be turned off with the Services tab in administration, but this list is incomplete, thus requiring another option. The ncurses rcconf or the GUI tool BUM(boot up manager) are both in the synaptic gui or the apt-cache. To Recap: 1) A single password allows the initial (most likely to be used) account administrator privileges on the machine through the use of their password. 2) No firewall at all by default. 3) Several unwanted and exploitable services are enabled by default. If you are network savy, but not so much linux savy Bastille is a good package to help lock down a linux box. It is in the apt network for all Debian off-shoots, Gentoo has it, and I imagine all other major distros do as well. All this being said, Ubuntu is still safer after a clean install then XP SP2. but its only half as secure as say a default Red Hat or Suse install. But then if you are really paranoid about security you would be running a BSD anyway... Ubuntu is part of the security vs usability trade off in security, attempting to let people get their feet wet with Linux. ubuntu has vered to the side of improved usability

roy.evison
roy.evison

I tought unbuntu was only available at time of pc purchase in the us anyway. Maybe got the wrong end of the pole but would not buy a Dell computer, so no loss there.

Neon Samurai
Neon Samurai

The liveCD is the standard on my work issued notebook when not at work and it runs great. Have you installed from the DVD Free and had any issues? I keep getting missing packages until I can get past the first boot and add network repositories then urpmi them. (gnome mandriva theme pacakge, kde mandriva theme package and a package of icons with my minimal install selection) Hopefully the next build of the DVD ISO will correct the issue. I'm not complaining since it's a 2008 version available Sept (or Oct) of 2007. I'm just curious to understand if it's just me getting a bad DVD ISO or if other's have had the issue. I can't wait too cut my servers and workstation over to 2008 but servers won't be changed over until updates for 2007 stop coming through. I probably won't be able to hold off on the workstation once I see a clean install from the DVD Free ISO. That will also give the 2008 repositories a bit more time to bulk up.

catseverywhere
catseverywhere

Of course one can set a (new) root pass without knowing the previous one. Just exit out of lilo or grub graphic mode and boot the image adding "single" to the parameters. You come up with a kernel level shell as root. a quick "passwd" command and reboot, voila. New (and hopefully more secure) root pass word. And the beauty: anyone who doesn't know how to do this, shouldn't do this! For my tastes, I'd far prefer Mandriva 2008 over any other, I can't say enough good about this distro.

craiglarry
craiglarry

I think that guy who made this statement about unbuntu not mentioning password was testing the koolaid

craiglarry
craiglarry

Where did you get this ubuntu? kmart blue light special? Ubuntu always asks you to assign a password. What do you mean?

TechExec2
TechExec2

. Ubuntu works like Mac OS X and Windows Vista with respect to this. The root account does not have a password in the default Ubuntu install and it cannot be used. The password you enter during install only applies to the "administrator user" account you create. That account can use sudo to elevate privilege to root for a single command. And, it can cause a program "run as root" in the GUI (which uses sudo also). But, it cannot su to root because root is "disabled" (no password). For the full story: Don't fear the Ubuntu http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=243773&messageID=2356888

JCitizen
JCitizen

similar distro and I need to know about the security. It helps to be able to tell customers they can secure their system as well or better than Windows if that is important to them.. I like the forced loggon at boot up because I have had crackers blow past my PXE disable to start my machine when I am not there. They did this thru a totaly stealthed Netgear firewall so I must have caught a bot bug somehow. They got as far as enabling the unused local machine Administrator account to auto-logon so they could do their dirty work when I wasn't watching. Needless to say I wiped the drive and did a clean reinstall and trashed all previous passwords after that! I have learned to be eternally paranoid since!

yschoo1
yschoo1

I don't even know what are we ranting about Ubuntu security issues. It always asks for password. Log-in, update, even when I tried to move the RealPlayer icon from the desktop to other directory. If one needs to be real secure, maybe one should try to set up a password at BIOS level. Then you can always (I haven't tried it yet) reset the jumper in the machine within if you forget the "root" level password. Using password just to log in every time you turn on the machine can be a nuisance to say the least especially you have got nothing in it that is that important.

Deadly Ernest
Deadly Ernest

as most software is auto installed during the install, and then just works. Others are installed during regular updated through Adept. I find it no hassle.

Deadly Ernest
Deadly Ernest

What it does, is gets you to enter a password when you install it. It uses that password for your root access and your main user account. When you log on, it logs you in as the user, and when you want to do something as root, it asks for your password again. If you're one of those people who wants to have it do an auto initial log in, it can be readily set to do that, but you always still need your root password to be re-entered when you ask to do something that requires root access.

Tony Hopkinson
Tony Hopkinson

Default set up in Ubuntu is if you break my password, you have su is it not? Please correct me if I'm wrong.

Freebird54
Freebird54

You have a very strange view of security of you think that Ubuntu is crippled in this regard. Either kind of account is protected by a password - so ANY system depends on the strength of that password. If I have the root password on a system, there is nothing I can't do - if I don't, there isn't much I *CAN* do. Same with Ubuntu. The advantage (security-wise) of the Ubuntu method is that you CAN'T (by default) operate as root, and thus unintentionally expose the system to problems..... It is very easy to implement more layers if you want them.

JCitizen
JCitizen

as there is still a large body of consumers that probably don't care about security issues, or hope the obscurity concept will carry them along. If Ubuntu is at least as stable as Windows ME I would think there would be a lot of happy campers. I've only had one customer that didn't like alternatives; and that was Lindows. His mind may have been poisoned by using Windows too many years, or perhaps it wasn't as user friendly as even Linspire is now. I've never had the opportunity to get feed back from him yet. As far as Windows XP I have to loggon as administrator to install quite a few of the IE 7 and Firefox extensions; but then I have policy set that way on purpose.

Jaqui
Jaqui

most apps installed for multimedia content have a plugin for any browser. [ actually, it's a separate tool that turns any app into a plugin ] So it's only for flash or realmedia files they would be prompterd for software install. [ and Firefox can install to itself, like plugins and updates no password required ]

JCitizen
JCitizen

I'm sure Ubuntu's developers or the people distributing this version for Dell probably are doing the same thing. The only problem is, I would think Joe Sixpack would get mad having to put a password in every time he installs something. Maybe I'm wrong; the average user may only care about email and surfing. But just to gain the full web experience you have to constantly install some control to make the fancy shmancy web site work. I assume most would use Firefox; would they be putting in a password at every turn? Granted this pain would subside and slack off for a time as the user gained functionality.

Jaqui
Jaqui

They also allow runlevel 5 root login. [ which is never recommended ;) ] The *buntu distros are the only ones I have seen that disable the root password.

Neon Samurai
Neon Samurai

Ubuntu is not Linux.. it's one seporate OS and user apps wrapped around a Linux kernel. Each distribution is different with different goals so I wouldn't mistake Ubuntu for being representative of all other OS that happen to be based on the Linux kernel. There was also a lot of discussion over the sudo setup when Ubuntu was first released so it's not like "Linux didn't learn from what they said". Actually, reducing default security is the very reason many techies stick with there own prefered distrobution rather than switch to Ubuntu or they aproach it like Windows and do the hardening themselves. I just wanted to point that out before this degrades into an "Ubuntu reduced security so all Linux based OS must have reduced security." I think most people agree with your second point; security by default. An admin password should be setup during installation just like the user account and password is setup. Cononical, as is there right, chose to build there distribution this way so the community responded by posting howto information on correcting that security flaw.

Larry the Security Guy
Larry the Security Guy

Suse, Redhat, Debian, Slackware, Gentoo and (what else have I tested in the last year or two?) others all ask the installer to define the root password, then define a non-root user. Ubuntu doesn't ask you to set the root password, but it is not left blank. You cannot log in as root with a blank password. But once logged in as yourself, you only need your own password to perform any root-level operation. I believe PCLinuxOS might leave the root password blank. I used it only briefly to test, and remember logging in without a password. I can't remember if it was before, during or after the installation. "User-friendly software should always inform to the final user what it might happen if you don't give a secure password to the administrator users" As regards OS installers, they do. Ubuntu choose to skip any remarks about the root password during install. "and you can?t expect that final users (none technical) go to research for technical details and learn about" Most developers these days don't have that expectation. Most programs I install are done through a software manager (Yast, Synaptic, etc.), which has a graphic interface. If an end user wants to run a CLI-based program, he or she will need to do the research to learn how, or find a GUI alternative.

jlchavez
jlchavez

When Microsoft gives you FrontPage in IIS without protection, in the year 2000 or so, people criticized that Microsoft wasn't secure. Linux always said they were more secure, now they do things the way that Microsoft did in the past, so Linux didn't learned from what they said, and made the same old mistakes. Why should I change it, or why not at installation asks for a password? User-friendly software should always inform to the final user what it might happen if you don't give a secure password to the administrator users, and you can?t expect that final users (none technical) go to research for technical details and learn about ?How to enter to the shell?, ?What sudo is? etc, if the installer creates a password for the ?users?, why not creating a password for the root user? It?s the same stuff.

Tony Hopkinson
Tony Hopkinson

but I have definite issues with vendors who cripple security by default in order to make it easier to use. So I won't touch Ubuntu, if I want that sort of attitude, I mightb as well stick with windows.