Choose style:

Author Topic: Peppermint and Ubuntu: security comparison?  (Read 747 times)

0 Members and 1 Guest are viewing this topic.

Offline N

  • Jr. Member
  • **
  • Posts: 86
  • Karma: 8
  • New Forum User
    • View Profile
  • Peppermint version(s): 8
Peppermint and Ubuntu: security comparison?
« on: September 10, 2017, 02:36:26 pm »
I've been looking into making my computer and those of a couple of family/ friends more secure. This led me to read a few things, including the security section of Ubuntu's Wikipedia entry, and security-related pages and wikis on their website. I learned that Ubuntu and its official flavours benefit from a dedicated security team, and that packages in the main and restricted repositories are supported by this team. The packages in the universe and multiverse repositories are community supported. All of this led me to think that a default installation of Ubuntu/ an official flavour provides a reasonable amount of security for a regular desktop user who would struggle with more advanced security-oriented operating systems or setups.

How does Peppermint compare? Purely from a security perspective, is a default installation of Peppermint identical to that of Ubuntu, or are there differences? Do Peppermint developers change anything overall that would affect security for the better or worse? Peppermint uses additional software sources; do these receive any security-related scrutiny? Does the Peppermint team have any members whose primary focus/ expertise is security?

I hope it's okay to ask this here, and thanks in advance to anyone who takes the time to reply!

For anyone interested, here are some of the pages I read (or tried to read):
https://wiki.ubuntu.com/SecurityTeam/FAQ
https://wiki.ubuntu.com/SecurityTeam/Policies
https://en.wikipedia.org/wiki/Ubuntu_(operating_system)#Security

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25456
  • Karma: 2799
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Peppermint and Ubuntu: security comparison?
« Reply #1 on: September 10, 2017, 03:46:19 pm »
There's very little (if anything) in the Peppermint specific repos that would cause any security concerns.

The correct answer would probably be, we don't have a team specifically for security, not do we have any kind of security tracking system, but we do keep an eye on security advisories and patch if and when something becomes necessary .. on occasion we've patched sooner than upstream, as with the Heap out-of-bound read in ParseJSS VLC exploit (CVE-2017-8312).

99.9% of Peppermint is directly from the upstream Ubuntu repos, so is covered by their security patches .. the other 0.1% is mainly graphics, config files, and some python scripts, etc. so is of little risk security wise.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline acer

  • Member
  • ***
  • Posts: 240
  • Karma: 28
    • View Profile
  • Peppermint version(s): Peppermint 8 64bit
Re: Peppermint and Ubuntu: security comparison?
« Reply #2 on: September 10, 2017, 04:18:16 pm »
@ N, I was initially concerned when I first made the jump from M$ to GNU/Linux, the great thing is, there's NOTHING to be worried about!
Been using Peppermint OS from v5 and still happily on v8 over the last few years and never had a security issue (that's without an Antivirus may I add)

Security patches come from repo's pretty damned quick upon detection and kernel updates normally include further security integrated fixes also AFAIK
Hope this helps ease your security worries  ;)

Offline N

  • Jr. Member
  • **
  • Posts: 86
  • Karma: 8
  • New Forum User
    • View Profile
  • Peppermint version(s): 8
Re: Peppermint and Ubuntu: security comparison?
« Reply #3 on: September 11, 2017, 04:19:11 am »
Thanks for your reply, PCNetSpec. I'm actually less concerned about those kinds of vulnerabilities and security patches per se; it seems to me that these are generally rectified quickly on distributions that are very large (like Debian or Ubuntu) and ones based on them, and if they've to do with the kernel itself.

My understanding of the subject is extremely limited, but from what I've been reading it looks to me like I should be concerned about these:
- How secure is a default installation?
- How secure are the things being added? The 0.1% in this case: could these possibly introduce points of weakness?
- What are the chances of these being misused by someone else while they're being downloaded? *

* Here's is what got me thinking about this, from https://wiki.ubuntu.com/SecurityTeam/FAQ#Unofficial_Software:
Quote
Software installation tools that come bundled with Ubuntu, such as the Ubuntu Software Centre and Update Manager, validate packages when they are installed to make sure they are secure and have not been manipulated or trojaned during their download.
And
Quote
Packages installed from a properly configured PPA benefits from signature verification, so they cannot be manipulated by a malicious third-party while they are being downloaded.

Once again, thanks for your patience with these questions!

acer, thanks for your reply. I've been using a Linux-based OS for years, and I know some things are more secure by default than in Windows. I wouldn't say there's nothing to worry about at all, though! If there's a computer that's on and connected to the internet, there's a risk. The size and complexity of the digital world is such that a regular person such as myself may be compromised without even realising it. Hence the extra caution.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25456
  • Karma: 2799
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Peppermint and Ubuntu: security comparison?
« Reply #4 on: September 11, 2017, 09:01:45 am »
Our update manager (borrowed from Mint) is just another ffront end for the exact same backend as the Ubuntu update manager uses so yes it verifies the signatures as part of the process.

And everything in the Peppermint PPA is also digitally signed.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline N

  • Jr. Member
  • **
  • Posts: 86
  • Karma: 8
  • New Forum User
    • View Profile
  • Peppermint version(s): 8
Re: Peppermint and Ubuntu: security comparison?
« Reply #5 on: September 12, 2017, 04:42:51 am »
Thanks PCNetSpec, that clears up a few points.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25456
  • Karma: 2799
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Peppermint and Ubuntu: security comparison?
« Reply #6 on: September 12, 2017, 10:34:44 am »
You're most welcome :)
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec