Some moderators control the uploaded packages somewhat, and those moderators are also 3rd party in a sense (AUR), so to add to the Arch DIY mentality if you want to be 100% sure of an applications function, you need to audit the PKGBUILD by yourself. No one can exactly say what you should look for since there's so many variables. Either you have to understand code or just trust the reviews.
One application I know of with major security issues would be Skype.
Ubuntu did not have a spyware problem, they were very unwise to enable Amazon Lens search. This was Ubuntu 12.10 - 4 years ago. Would be interesting to contrast this with how many known threats and security applied to windows for last 4 years, hundreds?
Any proprietary OS could have major ongoing security problems, no way to know when code is hidden and private
As far as i know only Ubuntu had amazon search intergrated in the past.
But this was only the official Ubuntu Unity version, not the other flavors.
But i do think that @Eden has a good point about Fedora and Korora.
I personaly have played arround with manny distro´s, and i do start to getting interested to play a bit more with those distro´s.
The only thing i dont like about Korora is that they dont host their own iso´s.
But rather offer them via SourceForge.
I personaly run windows7 as my host OS which does not have a checksum checker for iso´s standard, so i´m a bit hassitating to download iso´s from Sourceforge.
I still need to find a good checksum checker for windows that doesnt contain any crap ware.
There will always be vulnerabilities in all software. check out this link and you will find canonical has many security flaws just like windows and apple..
http://www.cvedetails.com/top-50-products.php?year=2016
@MisteryAngel I thought certUtil.exe (that is built in to Windows 7) had a function that could do that???
Any other problems with Mint? Was it just the ISOs?
xD I'm interested to read his answer. As far as I know, there's nothing significant. But all distros have their flaws..
Exactly... but why do this? Stick to the official repos and check the software out and they'll be fine
Oh dear god... Please don't recommend using SELinux... AppArmor, sure... but not SELinux... Great point on Arch though. Back before I used SUSE, I used Arch and you had to be careful when using the AUR. I only used the excellent Linux-CK kernel... Man do I miss BFS on SUSE :)
Why not? I have SELinux on enforcing mode and have for a year without issue
2 Likes
Only the ISO and only for the day it was online until the breach was noticed.
The only other issue (in my opinion) with mint is that they do not audit and do not publish CVEs for the pure mint packages they develop. It is not a vulnerability per se but is it a non-ideal developer practice when it comes to security. Any other packages on Mint though (taken from Debian or ubuntu which is most) have published CVEs made directly by ubuntu or debian.