Safety of Linux Mint

Questions about the project and the distribution - obviously no support questions here please
Post Reply
User avatar
Sereiya
Level 1
Level 1
Posts: 4
Joined: Mon Apr 15, 2019 5:50 pm
Location: Hamburg, Germany
Contact:

Safety of Linux Mint

Post by Sereiya » Mon Apr 15, 2019 7:20 pm

Hello there,

I'm currently trying out several distro's to determine what I like most and want to switch, because Windows is... well, Windows. Since I already used Linux Mint some years ago (should be when version 14 was around) and really like it I'd love to use it as my daily driver, but I'm concerned about its security.
As far as I know, Mint is based on Ubuntu, including their repos and bunch of their software. My information about Ubuntu and Canonical is that they broke with the open-source premise at some point, including closed code into their distro. Which obviously means that, theoretically, software from Canonical can't be checked for backdoors and such stuff.
I don't know how much of what software Mint is using and either software specifically developed for Mint is closed too, so my question is, how safe is Linux Mint in terms of software security and protection against compromised code? What's the dev's standpoint on this topic?

- Luna

gm10
Level 17
Level 17
Posts: 7152
Joined: Thu Jun 21, 2018 5:11 pm

Re: Safety of Linux Mint

Post by gm10 » Mon Apr 15, 2019 7:48 pm

Closed-source software like Adobe's flash player only gets installed when you specifically ask for it.

RIH
Level 4
Level 4
Posts: 257
Joined: Sat Aug 22, 2015 3:47 am

Re: Safety of Linux Mint

Post by RIH » Mon Apr 15, 2019 8:30 pm

If you like Mint but don't trust Canonical then you should try LMDE-3 instead.
It does tend to lag behind on package updates & you cannot add PPAs but that is a small price to pay..
Aspire-TC-705 Kernel: 4.15.0-54-generic x86_64 bits: 64
compiler: gcc v: 7.3.0 Desktop: Cinnamon 4.0.10
Distro: Linux Mint 19.1

User avatar
Sereiya
Level 1
Level 1
Posts: 4
Joined: Mon Apr 15, 2019 5:50 pm
Location: Hamburg, Germany
Contact:

Re: Safety of Linux Mint

Post by Sereiya » Mon Apr 15, 2019 10:10 pm

Oh, you're right. Didn't noticed it as an own distro, thought it'd be just another desktop manager... :roll: Thanks for the hint.

Well, technically you probably can add PPAs, it's just always complaining after doing so like Debian I guess?

User avatar
Arch_Enemy
Level 6
Level 6
Posts: 1353
Joined: Tue Apr 26, 2016 3:28 pm

Re: Safety of Linux Mint

Post by Arch_Enemy » Mon Apr 15, 2019 11:05 pm

Sereiya wrote:
Mon Apr 15, 2019 10:10 pm
Oh, you're right. Didn't noticed it as an own distro, thought it'd be just another desktop manager... :roll: Thanks for the hint.

Well, technically you probably can add PPAs, it's just always complaining after doing so like Debian I guess?
I have had far, far more issues adding PPAs than anything else I have done with Mint. PPAs are run by individuals who have taken a package Ubuntu doesn't support and massaged them so they work. Most of the time. Not always. But, if you're worried about security, you really don't want to add PPAs by default. And, unless you're trying to get something specific working, like your &^*&#@*! CANON PRINTER running, or some photo or video software that's not supported, you really don't need them. Most PPAs have some sort of documentation that offers whatever is was the maintainer had to load to get the final product to work, so you can just follow their recommendations and try to find .debs (Using Gdebi to install the final program), or compile it yourself. And it has become far, far easier to do so than in the old days!

And another caveat about PPAs is, sometimes they are abandoned, but never taken down.

And, you CANNOT at PPAs to LMDE. Doesn't work.
I have travelled 35629424162.9 miles in my lifetime

One thing I would suggest, create a partition a ~28G partition as /. Partition the rest as /Home.
When the system fails, reinstall and use the exact same username and all your 'stuff' comes back to you.

User avatar
Pierre
Level 18
Level 18
Posts: 8572
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: Safety of Linux Mint

Post by Pierre » Mon Apr 15, 2019 11:16 pm

the LinuxMint Project is based upon the Ubuntu Project,
& which in turn is based upon the Debian Project.

the Team.LinuxMint then applies it's own modifications to obtain,
it's own product & which is then released to the General public.

thus the Main Issues, that do arise - - are usually occurring from the UP-stream product.
ie: not that many issues can be resolved at the LinuxMint level.

NB: the LinuxMint Project Does Not Include much propriety products,
as an rule in it's base installation - - most of those do have to be approved by the End User,
- after the Operating System has been installed.
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.

Smeejo1
Level 1
Level 1
Posts: 18
Joined: Sun Nov 25, 2018 12:28 am

Re: Safety of Linux Mint

Post by Smeejo1 » Mon Apr 15, 2019 11:22 pm

I can't seem to find the post now but there was one from the Mint devs awhile back where they said if the upstream products (Ubuntu or Debian) add things that breach user privacy or security they would patch it, remove it, or find a way around it before releasing it to us. So far they have kept their word to my knowledge so software security should be fine.

User avatar
Arch_Enemy
Level 6
Level 6
Posts: 1353
Joined: Tue Apr 26, 2016 3:28 pm

Re: Safety of Linux Mint

Post by Arch_Enemy » Tue Apr 16, 2019 1:25 am

And, I think UFW is installed by default. If you want to "see" what you're doing you can install GUFW for a graphical interface, and with a small amount of reading can lock in or out anything you want to.


Caveat: one setting in GUFW, when selected, will lock out port 8080, and there goes your web browsing!
I have travelled 35629424162.9 miles in my lifetime

One thing I would suggest, create a partition a ~28G partition as /. Partition the rest as /Home.
When the system fails, reinstall and use the exact same username and all your 'stuff' comes back to you.

User avatar
Pjotr
Level 20
Level 20
Posts: 12409
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Safety of Linux Mint

Post by Pjotr » Tue Apr 16, 2019 4:54 am

Linux Mint is very secure. Even though it may contain some closed code, just like any other Linux distribution that's "halbwegs brauchbar" (of any use).

You'll never be able to achieve 100 % security. Not in real life and not in the digital world. Not even when your computer is running Linux.

You should always use your common sense. And even then it can go wrong. A certain amount of risk, however small, is unavoidable. A Frenchman would say: c'est la vie.
Tip: 10 things to do after installing Linux Mint 19.1 Tessa
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

Hoser Rob
Level 14
Level 14
Posts: 5173
Joined: Sat Dec 15, 2012 8:57 am

Re: Safety of Linux Mint

Post by Hoser Rob » Tue Apr 16, 2019 8:00 am

Sereiya wrote:
Mon Apr 15, 2019 10:10 pm
Oh, you're right. Didn't noticed it as an own distro, thought it'd be just another desktop manager... :roll: Thanks for the hint.

Well, technically you probably can add PPAs, it's just always complaining after doing so like Debian I guess?
If you're that concerned with security ppas are the last thing you want.

pjotr's right, you can't make a useable distro without cllosed source code. Just as a start, 100% FOSS browsers just aren't going to be useable by the vast majority of people because HTML5 has embedded DRM. And that's closed source by definition.

You also can't assume that open source software is more secure. There was a Linux security bug found in encryption software a cuple of years ago that was over 20 years old. It was hiding in plain sight ... encryption algorithms often use advanced number theory. Which almost no one can undersdtand. Which makes the fact that anyone can read the source almost meaningless.

There's no such thing as a 100% safe OS but Linux is very, very good. I've taken some ridiculous liberties, like reinstalling Linux on my netbook (which only gets used out and about in hotspots) and forgetting to turn on the firewall. For a montth. Not recommending anyone else do that, but I never got hacked.

User avatar
Sereiya
Level 1
Level 1
Posts: 4
Joined: Mon Apr 15, 2019 5:50 pm
Location: Hamburg, Germany
Contact:

Re: Safety of Linux Mint

Post by Sereiya » Tue Apr 16, 2019 10:38 am

Thank you for all the answers!

Of course I'm aware there's no such thing as perfect security. I just try to figure out where the greatest impacts are to estimate the best way to go, and since I heard a lot of bad stuff about Canonical and their way for Ubuntu it worried me the most. Don't want to move from one questionable corporation to the next.

If the Mint devs got enough resources to have an eye on the security topic, like Smeejo suggested, I think I can live with it. In the end it's probably far more safe than Windows, and it's too much to ask for a jack of all trades. Sadly, most distro's just can't compete with Mint in terms of easy usability (even using the same Cinnamon version like Antergos, they're missing options and that smooth polishing Mint seems to enjoy).
Arch_Enemy wrote:
Mon Apr 15, 2019 11:05 pm
I have had far, far more issues adding PPAs than anything else I have done with Mint.
Just tried it in Virtualbox. I see what you meant... ^^
Arch_Enemy wrote:
Tue Apr 16, 2019 1:25 am
And, I think UFW is installed by default. If you want to "see" what you're doing you can install GUFW for a graphical interface, and with a small amount of reading can lock in or out anything you want to.
Saw that too. Nice to have a small but proper firewall, tho' I'm interested in a little bit more information about the kind of that network activity I see. :wink: I've heard about nethogs and will dig into that later this day.

User avatar
phd21
Level 18
Level 18
Posts: 8722
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Safety of Linux Mint

Post by phd21 » Tue Apr 16, 2019 12:08 pm

Hi Sereiya (Luna),

Welcome to the wonderful world of Linux Mint and its excellent forum!

I just read your post and the good replies to it. Here are my thoughts on this as well.
Sereiya wrote:I'm currently trying out several distro's to determine what I like most and want to switch, because Windows is... well, Windows. Since I already used Linux Mint some years ago (should be when version 14 was around) and really like it I'd love to use it as my daily driver, but I'm concerned about its security.
Linux Mint is an excellent choice for an operating system. And it is more secure than MS Windows or Mac.

It would help to know more about your system setup. If you run "inxi -Fxzd" and "lsusb" from the console terminal prompt, highlight the results, copy and paste them back here, that should provide enough information. You can add somoe of this information to your forum signature as well.

There are additional procedures that Linux Mint users can do to make sure they are even more secure and there are many posts already in this forum on this topic.
- Enable the Linux software firewall (gufw)
- Use "firejail" sandboxing for all applications that access the Internet
- Add browser extension add-ons related to security (an ad blocker like "ublock origin", privacy protector plus or privacy badger, fingerprint blocker or masker, disconnect, etc...)
- Use good passwords (17-20+ mixed characters, with some numbers, and some symbols) NEVER store important secure passwords in your browsers, use a good password manager (keepassxc, etc...)
- Never open attachments in emails or browsers that you did not ask for (request) or do not know what it is.
- Change your default ISP connection's DNS server IP addresses to those from a secure DNS provider like Cloudflare. Recommend DNS over TLS as well.
- Use a VPN provider's servers for anonymity and encrypted Internet activity.
Sereiya wrote:As far as I know, Mint is based on Ubuntu, including their repos and bunch of their software. My information about Ubuntu and Canonical is that they broke with the open-source premise at some point, including closed code into their distro. Which obviously means that, theoretically, software from Canonical can't be checked for backdoors and such stuff.
I don't know how much of what software Mint is using and either software specifically developed for Mint is closed too, so my question is, how safe is Linux Mint in terms of software security and protection against compromised code? What's the dev's standpoint on this topic?- Luna
Using a sandboxing application like Firejail with applications accessing the Internet will prevent damage to the rest of your system including Adobe Flash and other potential threats. Updating your system with security updates, Linux Kernel updates, and application updates will usually protect you and your computer from known issues. I am very impressed with how quick Canonical and Ubuntu and other software developers come out with security updates when issues arise. FYI: Because there are still websites using Adobe Flash, I still have it installed but I make sure the browser settings are set to ask first before allowing Flash content (default settings in most browser now) except on websites where I have already given permission to allow flash to run automatically.

As for installing software, always look for additional software to install first from the Mint software repositories (Software Manager or Synaptic Package Manager (SPM)), then from other sources. Because Linux Mint is free and open source, in order to use some closed source software for added capabilities, Linux users must install those manually like when checking to install 3rd party software during installation.

If there is software that you want and it is not in the Mint software repositories, or there are newer versions available that have features and or bugfixes you want or need, then try to make sure it is from a reliable source.

Although I do not have the same aversion to PPA's as others do, I totally agree that everyone should be very careful when adding PPA's that they are from reliable sources or use the Linux deb files from the PPA. PPA's from the software developers are usually safe to install and use. Once in a while I have run into issues using PPA's, or adding software repositories, that have multiple software packages they did not create but maintain or offer that did conflict with other software. Anyone can always remove a PPA whenever they want. If you are unsure, ask here before adding them or search this forum and the Internet.

And, obviously backup or at least take a snapshot before installing anything that could have system wide ramifications, so that if anything does go wrong, you can restore.


Hope this helps ...
Phd21: Mint KDE 18.3 & 19, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
Arch_Enemy
Level 6
Level 6
Posts: 1353
Joined: Tue Apr 26, 2016 3:28 pm

Re: Safety of Linux Mint

Post by Arch_Enemy » Tue Apr 16, 2019 9:38 pm

Sereiya wrote:
Tue Apr 16, 2019 10:38 am
Arch_Enemy wrote:
Tue Apr 16, 2019 1:25 am
And, I think UFW is installed by default. If you want to "see" what you're doing you can install GUFW for a graphical interface, and with a small amount of reading can lock in or out anything you want to.
Saw that too. Nice to have a small but proper firewall, tho' I'm interested in a little bit more information about the kind of that network activity I see. :wink: I've heard about nethogs and will dig into that later this day.
A quick read through the different ports available and what they are used for will help, and you can create rules in UFW that will deny access. I use DROP rather than Refuse, because if someone is knocking and they see a "Connection Refused" notification, they will keep pounding away until they might find a vulnerability.
DENY does not send a response (DROP) is another term used, so they send a 'bullet" and get no response. Usually after a few times they move on to lower-hanging fruit.

Likewise learn what you can about SSH, and if you don't need it (to connect to an external machine, or to connect to yours remotely) you can disable it to stop another back door for travellers to come in. Same with SAMBA and file sharing. If you don't need them, turn them off.
Last edited by Moem on Thu May 30, 2019 7:43 am, edited 1 time in total.
Reason: Trimmed a quote
I have travelled 35629424162.9 miles in my lifetime

One thing I would suggest, create a partition a ~28G partition as /. Partition the rest as /Home.
When the system fails, reinstall and use the exact same username and all your 'stuff' comes back to you.

hcentaur13
Level 4
Level 4
Posts: 458
Joined: Sat May 18, 2013 5:13 pm

Re: Safety of Linux Mint

Post by hcentaur13 » Wed Apr 17, 2019 10:58 am

The reporitories of Mint contains some closed source AKA mcommercial software - but nothing of them gets installed magically. YOU have to install them explicity by software manager, synaptic or driver manager to get them installed. The installer is the first instance that lets YOU select some non free codecs installed.

Nothing you downloads from internet will be runable. It is on you to give it the right toi execute it by CPU or interpreter. filename extensions gives NO right for that. It is on YOU to give the eXecute right to the file.

Accessr ights are bounded to user groups and the ownership to files and groups. This is something windows has no knowledge about and can't handled by ntfs and (ex)FAT and other DOS filesystems.

Petermint
Level 5
Level 5
Posts: 590
Joined: Tue Feb 16, 2016 3:12 am

Re: Safety of Linux Mint

Post by Petermint » Tue May 14, 2019 8:35 pm

The question asks about security but the heading says "safety". Safety concerns that may or may not affect security:
* How easy is it to remove something bad?
* How easy is it to restore your system after something bad happens?
* How fast can the developers react to something bad?
* Will you lose your data?
Linux Mint has more care put into it, reducing the number of bad things. More of the proprietary "must haves" that most people do not need are optional installs, not something thrown in by the developer. Timeshift and other developments help you recover from anything bad. Of all the operating systems with a decent GUI, LM is the best and most stable, the one with the least down time and the most reliable updates.

Usage is also a factor. For a major upgrade, say from LM 18 to LM 19, I do a clean install to clear out all the old junk I may have not deleted or updated. I use NoScript, Firejail, etc, to reduce the way bad things can enter my computer.

User avatar
Greencedar
Level 3
Level 3
Posts: 100
Joined: Thu Jan 31, 2019 8:29 pm
Location: Missouri and Taiwan.
Contact:

Re: Safety of Linux Mint

Post by Greencedar » Thu May 30, 2019 7:42 am

Concerning safety and security issues, in computing OS's, from my experience, even with the issues involved, from a practical standpoint, it's hard to beat any Linux - Ubuntu OS's.
Greencedar

User avatar
Crippled
Level 3
Level 3
Posts: 144
Joined: Sat May 25, 2019 1:57 am
Location: U.S.A.

Re: Safety of Linux Mint

Post by Crippled » Thu May 30, 2019 8:14 pm

If there were any security issues in Ubuntu or Ubintu based distros this gentlemen would of had posted about it since his job is computer security. https://www.youtube.com/user/quidsup/videos What you should be more worried about is browser security. https://restoreprivacy.com/firefox-privacy/
I am command line illiterate. I am using Linux mint 19.1 Xfce 64 bit. I concur with this gentleman. https://www.youtube.com/watch?v=mKY40fRXKZs

User avatar
zcot
Level 4
Level 4
Posts: 296
Joined: Wed Oct 19, 2016 6:08 pm

Re: Safety of Linux Mint

Post by zcot » Thu May 30, 2019 10:09 pm

Sereiya wrote:
Mon Apr 15, 2019 7:20 pm
My information about Ubuntu and Canonical is that they broke with the open-source premise at some point, including closed code into their distro. Which obviously means that, theoretically, software from Canonical can't be checked for backdoors and such stuff.
"closed source" doesn't really mean that nobody can gleen how it works and that it is most likely out to get us and spy on us.

it probably more means there are "not-open" copyright licenses, even whether or not source code is available and viewable. You could see source code from a variety of "closed source" or "not open source" codecs and you can even use it, but it doesn't mean you can build a product or embed it and try to sell it on the market as your own. There's a good bit of hidden detail involved in the stuff that we don't typically see as dumb desktop users but there's probably an amount of involvement of the systems of capitalism.

My take is that anything Ubuntu is putting out can and is checked for backdoors and such stuff, absolutely.

User avatar
lsemmens
Level 8
Level 8
Posts: 2061
Joined: Wed Sep 10, 2014 9:07 pm
Location: Rural South Australia

Re: Safety of Linux Mint

Post by lsemmens » Sat Jun 01, 2019 7:07 am

Any time on the computer, especially when in Internet land is only as secure as you make it. If you publish your name, and all of your personal details (read: FACEACHE, TWITter, etc) Don't be surprised if someone picks up on your info. :D If you walk down a street alone at night in the seedy part of town looking like you've got more money than you can count, don't be surprised if you get held up (at the least).
Kernel: 4.15.0-46-generic x86_64 bits
Desktop: Cinnamon 3.8.9
Distro: Linux Mint 19 Tara

Laptop HP-ProBook-470-G2 8Gb RAM SSD
Server AMD Phenom 9650 - GEForce 9400GT 6Gb RAM
+ three other Mint machines
Out of my mind - please leave a message

Post Reply

Return to “Non-technical Questions”