Ubuntu security vs Linux Mint security?
 

For various reasons, I am considering a change from Ubuntu to Linux Mint, however the one thing that is still making me "um" and "ah" is security - Ubuntu may not be the most secure Linux-based operating system out there, but when it comes to Linux-based operating systems targetting "everyday" users, it famously sits pretty high on the list with regards to security.

I already know that Linux Mint does not use App Armour - but what about the rest of the security in Linux Mint?

* Does Linux Mint run with low-level privileges by default, and is Polkit implemented at all?
* Ubuntu comes with a firewall pre-installed and configured (with the GUI part being optionally installed by the user) - does Linux Mint do the same?
* Are there any extra steps that Linux Mint take to "harden" its operating system or packages, like Canonical does (by using things such as buffer overflow protection when compiling packages)?
* How about encryption? Is there support for full-disk encryption within Linux Mint?

I found numerous articles that were critical of Linux Mint's security - but all of them were from several years ago, at which time Linux Mint were vowing to focus on enhancing security with the operating system... I was not able to find anything about Linux Mint's security which is recent-ish.

Yes I know that both Ubuntu and Linux Mint have their own forums, but I thought I'd ask over here and hopefully get some neutral answers, rather than those without bias...

Looking forward to hearing people's thoughts.

Linux Mint is 99% Ubuntu, using the Ubuntu LTS repos, while adding some utilities, design, themes etc. of its own.

I am running Mint 19.1 and apparmor is included in the distro.

sudo apparmor_status gives me:

So, I'd be really interested where you got your "I already know that Linux Mint does not use App Armour" statement from. ;)

Oh, and yes, polkit is implemented, the firewall comes configured and gufw is included (but you have to switch it on after installing), you can have full disk encryption, etc. etc.

To be honest with you, I am quite amazed that you haven't asked on the Mint forums due to your perception of "bias" - a fact is a fact no matter where it comes from, and the folk at the Linux Mint forums will have greater knowledge of their system and what it does and doesn't contain.

If memory serves me correctly, it was in a couple of forum threads on different sites that I saw this...


Perhaps they were discussing an older version of Linux Mint?

I can relate to this phrase:

As an "everyday" user I find the security in Ubuntu 18.04 fine for my needs "at the present time".

I added "at the present time" on purpose. As I learn more, I am being more security conscious to my computer operations and possible limitations to any OS in this age of hacking, government surveillance, nefarious business models, malicious coding, and computer OS internal operations. The latest episode of Firefox is troubling for several reasons.

Must have been. Seriously, also ask your specific questions on the Mint forums, as they relate to the current Mint 19.x. I too would be interested in the replies. For example, I don't know if Mint take any steps over and beyond the ones that Ubuntu takes in order to harden their distro. Given that Mint relies extensively on the Ubuntu repositories, such further hardening would probably be based around configuration rather than in the packages themselves.

Just re-reading your post, the root user (as I think it also does in Ubuntu) is set by default as having no password and being locked so that the password never matches. Normal operations are done on the user level and sudo is used to gain admin privileges, with polkit support built into some packages.

Anyway, do let us know what you find out.

IMO both fall under questionable with regards to Security. Ubuntu is a little better, Mint a little worse, both on the questionable side of the scale. Mint has improved some over the last few releases, but the "some" is marginal. Keep in mind, I think both are better at security then Windows.

Do a DuckDuck search for Mint + Security concerns then do another for Ubuntu + Security concerns then Ubuntu + Privacy concerns. Then have fun reading with your favorite beverage. I'm having Chrysanthemum tea at the moment.

Care to elucidate on any of these points?

Second part of post...DuckDuck

That's lazy though. If you have points to make about the level of security of the current versions of Ubuntu and Mint then surely you should enumerate them here rather than make hazy claims and ask other folk to search the web (and probably get confused with the myriad of search results that refer to the security of the unrelated mint.com). You probably have valid points to make, but better to actually list them here and let them be debated.

Some of the incidents are in the past, however, they were enough to lose trust over. I know some things have improved but still...What's that song, once bitten twice shy?
https://www.techrepublic.com/article...arger-problem/
https://www.reddit.com/r/linuxmint/c...ng_the_kernel/
https://www.eff.org/deeplinks/2012/1...and-data-leaks
https://www.howtogeek.com/349844/how...about-your-pc/

Privacy and Security go hand in hand and it boils down to trust. Linux Mint (not so much LMDE) inherits all of the flaws from Ubuntu, custom patches, over patches adnauseum. Each custom patch that is distro specific creates holes that the original developers have no clue about nor how to patch it. Its best to stay as close to upstream as possible. With Ubuntu, they inherit Debian's flaws, then build flaws on top of it, Linux mint inherits Debian and Ubuntu then adds flaws to it. Often in the name of convenience and being user friendly.

People often forget that the more user friendly something is the easier it is to hack/crack/break open etc... There is a reason safes are not user friendly, locks on doors are not very user friendly and at times damn inconvenient, of course crooks would prefer the most user friendly of all....open door, or no door, or better yet, Windows that are wide open. ;).

Just some rambling thoughts.....Guess it boils down to when a person started using *nix, if their first use was Ubuntu then all of the above is moot, if it was Debian then some concerns are raised, if Slackware or Unix or BSD then even more concerns come up... :jawa:

PS: with that said, its nice to see Mint made some changes and they should continue to do so. Sacrificing security for convenience is generally bad policy.

Cheers ChuangTzu.

Referring to the two Mint-related articles, Mint updates the kernel through the GUI Update Manager, and has done for some time now. The default setting is for all available updates to be listed and updated, so there is also no delay for any packages in the Ubuntu repos reaching a Mint system.

Even before the Update Manager was improved: https://distrowatch.com/weekly.php?issue=20170320#myth

That's a good change then. :) Don't mind my occassional crankiness. :hattip:

PS: how long is the sync delay between Ubuntu and Mint updates, hours, days?

Gimme a break!

One of those articles relates to a website hack from the years ago (which is unrelated to the distro itself), and one of those articles refers to "the Amazon thing", which only applied if you made searches from the (Unity) Dash - not to mention the fact that Canonical addressed this about five years ago and it is no longer relevant considering GNOME is used these days.

Ubuntu collecting data about your PC? Pfft.

I was using Ubuntu when they made the change (back to) to GNOME and since Day 1 (of the post-Unity Ubuntu) they have made it abundantly clear how to disable this!

The only argument you have made which is actually worth listening to - though it is troubling enough to overshadow all of your other comments (in my opinion) - is Linux Mint's policy of only updating the kernel via manual Terminal commands... It's not a big issue for me personally as I use terminal a lot (including for regularly checking of updates), but it does look rather bad for Linux Mint as a distro and thus, I will be looking into whether this policy is still in place.

There is no delay. Mint uses the Ubuntu repos in /etc/apt/sources.list.d/official-package-repositories.list. As soon as a package changes in the Ubuntu repos, it is available to Mint users.

This is no longer the case, as I mentioned above, and hasn't been for a while. The kernel is updated through the GUI Update Manager in the same way as application packages.