Just wondering if Linux Mint has had any spyware issues like Ubuntu has/had. Also, has Ubuntu been the only Linux OS that has had spyware issues or were there there others as well that had spyware issues?
so ubuntu is not the only Linux Distro to have spyware issues, Every Linux Distro has 1 fatal security flaw.... The User... let me explain a little bit, if a user adds external repositories (like PPA's) and external .deb files they may contain malware. or when users install addons in browsers, when users use sudo unnecessarily with third party programs. all are results of actions the user takes. However there are situations where Distros come with trusted spyware, like flash for example.
1 Like
That's not what I was getting at. I meant spyware like the issue that Ubuntu had with Amazon.
The advantage of having a Linux system, is that you can easily remove those things completely from the OS. Is it an issue that they did this? To some "Yes", but it's more so an inconvenience to the User since it can be removed. As for other Linux distros with these types of tactics... Not that I am aware of
oh ok... not to my knowledge, but i would not rule out that another major distro is doing the same thing as canonical. Not a big issue since it has opt-out for old releases and is turned off in new releases after 16.04 LTS.. thats the power of Linux if there is any security flaws they usually get spotted by many users quickly and are usually fixed/changed/removed, unlike windows OS.
To answer your actual question no. Only Unity in Ubuntu had the amazon search. Even if you used ubuntu with an other DE you would be amazon search free. And actually now it is not an issue any more as far as i know. From 16.04 the search is by default off.
1 Like
can confirm that. using 16.04 Unity.
Mint hasn't has any spyware type applications installed by Mint developers, but they are downstream from Ubuntu (this means they use Ubuntu packages for their base OS and Ubuntu patches, then apply their own patches where needed to them as well).
Ubuntu do say what they add so Mint can fix/remove what they want.
Saying that Mints security is still not great. They've had issues in the past where there ISOs were compromised, but I don't think anyone's reported being infected by the compromised ISOs. It does a lot of other things fairly well though.
Fuck. Well, For now I'll probably try out Mint then.
Any Linux OSes that don't have/haven't had security issues like that?
Fedora (I am biased, but id also say its true)
It has good security practices, is well polished and stays close to upstream meaning they try to minimise unneeded patching of the software.
If your new to Linux and want things like nvidia drivers and encumbered codecs (mp3 etc) try Korora https://kororaproject.org/ its essentially Fedora with a few extra repositories already installed. If you dont mind adding the repos yourself (its super easy) go for Fedora actual. https://getfedora.org/
1 Like
This does not have to do with vulnerabilities on OS itself. The Mint ISO was not compromised...It was the website link got redirected to a different server. Their website was compromised. This had to do with website security that they coped with by outsourcing their web security to a security company (SUCURI). We have to be careful on how we describe that so that we do not give the wrong impression. The details can be confusing.
Whatever security practice issues might be there on the actual OS would be the lack of publishing CVE issues on pure Mint packages. Anything coming from Ubunutu (8/10 packages or sth ) should have the same security as ubuntu.
1 Like
Do not know if this is off topic, just wondering.
I am on Manjaro, and if I just use the package manager to download programs, is there programs that can be download that are malware or major security problems.
The wording is not coming out the way I would like it.
If you only get programs for the package manager and aur, are you safe from malware and other problems, or is there still programs that are a problem.
If you only use the default repositories very unlikely. The distro devs should make sure that these are fully clean. If you have added your own repositories then depends on how much you trust the people that maintain the said repositories...
EDIT: Of cource nothing is full proof. But the only way to get malware from the official repos would be is someone directly managing to infect the distro official servers...
Everything you said is entirely accurate. That still means some people may have downloaded a compromised ISO. I do think they have work to do in a few places, but that doesnt meant its not a decent OS, people like Arch, and its just as bad in certain areas (I could argue its security is worse).
1 Like
What program should I use to scan my system for malware and virus then.
Well if you have not notice anything specific it is highly unlikely you have an issue. But any antivurus program that you trust and has a linux version would do...I am afraid i have not used an antivirus program in Linux for years so i cannot suggest anything specific that is recent. Maybe someone else here has any suggestions?
Antivirus isn't the most effective things against malware. It generally only detects known common threats. (you can use clamav which will look for known malware, mainly windows though)
The issue with Arch based distros is theres only around 5000 official packages, the rest are made by the community, and although there is a trust based system around who can add packages to the community repos im unsure if they do any other formal testing at all.
You then have the aur which is inherently untrustworthy as it doesnt take much to get packages on there, its why your told (your suposed to be told) to check the pkgbuild before using it.
Arch has made steps to improve this, packages can now be signed ensuring it comes from a specific owner, but aur packages arent binary so you cant always know, it depends where they pull the source from and what the package build does. In general though i've not heard any any major issues with Arch in regards to security incidents.
Debian does some interesting things security wise for packages. And things like AppArmour and SELinux as good steps in securing your OS.
ClamAv is the old faithful nothing wrong with it apart from active prevention and analysis of emerging threats, but if you want to give control to someone else Sophos and F-Secure are what comes to mind at first, both secure wide areas of the net behind the curtains. E.g. (iirc) Sophos secures governmental servers in Denmark, and Facebook runs F-Sec on their servers.
Ofc there's other providers also, those are just what popped to mind
2 Likes
Is there a web site to show me what I should be looking for in pkgbuild so I can edit it and remove the problem, or just not use the program
Thanks again for the help