Linux based laptop or just a Windows based laptop formatted?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
bogleviewer
Posts: 347
Joined: Thu Aug 25, 2011 11:01 pm

Linux based laptop or just a Windows based laptop formatted?

Post by bogleviewer »

I've come to find that many BH's have an IT background or interest.

I'm in the market for a new laptop for basic activities (banking, web browsing, word documents, excel sheets, etc). For any applications only built for Windows I assume I can spin up a VM and use them on an as-needed basis.

With this being said and wanting to keep security in mind, I think it would be wise to venture off into a laptop that is Linux based or maybe, *gulp* even IOS.

However, I don't see any companies marketing laptops that are, by default, having a Linux flavor operating system. I don't want a chrome book. I'm looking for a laptop that is totally compatible with Ubuntu, CentOS, Mint or whatever flavor. Or am I over thinking this and any generally modern day Dell, HP, etc can be formatted and have linux installed? I'm a bit weary as I remember many years ago that drivers were a major issue with Linux and laptops.
ThriftyPhD
Posts: 870
Joined: Mon Jul 31, 2017 10:43 am

Re: Linux based laptop or just a Windows based laptop formatted?

Post by ThriftyPhD »

You can get laptops with Linux preinstalled from the big companies.

http://www.dell.com/learn/us/en/04/camp ... -laptop-us
https://support.lenovo.com/us/en/solutions/pd031426

As you mention, driver support can be the issue. If you get the laptop version that comes with linux, you're going to tend to get better driver support; after all, if dell sells it with linux, they've taken the time to get drivers for the hardware they use.

Another option is to check out the Linux distribution, and see what they support.

https://certification.ubuntu.com/desktop/

Finally, check out the companies that are focusing particularly on linux laptops.

https://system76.com/
MindBogler
Posts: 1446
Joined: Wed Apr 17, 2013 12:05 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by MindBogler »

bogleviewer wrote: Fri Dec 08, 2017 6:48 pmWith this being said and wanting to keep security in mind, I think it would be wise to venture off into a laptop that is Linux based or maybe, *gulp* even IOS.
The idea that a Linux machine is inherently more secure than Windows 10 is not based in reality. Unless you know what you're doing the truth is probably quite the opposite. All systems are vulnerable to intrusion. It is unpatched Linux distros that are running some of the most capable DDoS botnets! Linux itself is not a magic wand. If you buy a new laptop I'd suggest reloading it from an ISO, regardless. These manufacturers tend to install junk and so the first step should be a clean install whichever route you choose. The likelihood that you will find the drivers for your machine on Windows are 100%. The same cannot be said for Linux.
azurekep
Posts: 1179
Joined: Tue Jun 16, 2015 7:16 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by azurekep »

MindBogler wrote: Fri Dec 08, 2017 7:38 pm It is unpatched Linux distros that are running some of the most capable DDoS botnets!
DDos attacks are not usually the attacks individuals are worried about.

But let's say they are, if I'm reading this right, this sounds like a human problem, not something inherent to Linux.
XOR DDoS takes hold by cracking weak passwords used to protect the command shell of Linux computers. Once the attackers have logged in, they use root privileges to run a script that downloads and executes a malicious binary file. There's no evidence XOR DDoS infects computers by exploiting vulnerabilities in the Linux operating system itself.
https://arstechnica.com/information-tec ... s-attacks/

Of course, that's just one set of botnets, maybe there are others.

I usually hear that Win10 is less secure and that is why there (apparetnly) have been some massive security-related updates.

I download all the Linux security updates as they occur. I don't know how they compare to Windows patches in terms of number, size, frequency and degree of criticality. I believe, however, I once came across a table showing those factors for Windows patches. It's the "criticality" aspect that's most important. If the patches are for minor security problems, that's one thing. If they're for critical problems, that's another. That's how the two systems should ideally be compared. (Along with other security factors.)
azurekep
Posts: 1179
Joined: Tue Jun 16, 2015 7:16 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by azurekep »

ThriftyPhD wrote: Fri Dec 08, 2017 7:07 pm You can get laptops with Linux preinstalled from the big companies.

http://www.dell.com/learn/us/en/04/camp ... -laptop-us
https://support.lenovo.com/us/en/solutions/pd031426

As you mention, driver support can be the issue. If you get the laptop version that comes with linux, you're going to tend to get better driver support; after all, if dell sells it with linux, they've taken the time to get drivers for the hardware they use.

Another option is to check out the Linux distribution, and see what they support.

https://certification.ubuntu.com/desktop/

Finally, check out the companies that are focusing particularly on linux laptops.

https://system76.com/
I've always heard that Intel processors work well with Linux and that's one reason Dell is often recommended. Being lazy, I worked off that premise when getting my most recent laptop. That was verified when I went into Best Buy and "the Linux guy" confirmed that the Dell laptop I had chosen would work well with Linux.

There are a couple of sites that list laptops by model and whether they work well with Linux. I see a lot of links in this thread and maybe they have already been posted. If not, here is one of the main sites:

http://linux-laptop.net/
tibbitts
Posts: 23589
Joined: Tue Feb 27, 2007 5:50 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by tibbitts »

I don't understand the issue. I've used Linux for years on laptops and there are pros and cons to this day, but the all operatings systems have improved a lot and unless you have special needs any of them - Linux, Mac, Win10 - will do a good and secure job for you as long as you're careful and keep the software updated. Today I would only buy a laptop with Windows or MacOS, and then add Linux if you want, either as a VM or running from a separate partition. You can do a little research and increase your odds of finding a Linux-compatible laptop, but generally if you buy one that turns out not to be fully compatible (and many, many still aren't) your odds are still pretty good that you can run it in as a VM.
umk
Posts: 32
Joined: Sat Feb 20, 2016 9:37 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by umk »

I am a FLOSS supporter and buy my GNU/Linux laptop from https://system76.com
I have been very happy with them. Honestly I don't miss ANY software from Windows world (except turbo-tax software). :oops:
User avatar
Tycoon
Posts: 1625
Joined: Wed Mar 28, 2012 7:06 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by Tycoon »

MindBogler wrote: Fri Dec 08, 2017 7:38 pm The likelihood that you will find the drivers for your machine on Windows are 100%. The same cannot be said for Linux.
This has not been my experience.
Emotionless, prognostication free investing. Ignoring the noise and economists since 1979. Getting rich off of "smart people's" behavioral mistakes.
azurekep
Posts: 1179
Joined: Tue Jun 16, 2015 7:16 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by azurekep »

tibbitts wrote: Fri Dec 08, 2017 8:56 pm You can do a little research and increase your odds of finding a Linux-compatible laptop, but generally if you buy one that turns out not to be fully compatible (and many, many still aren't) your odds are still pretty good that you can run it in as a VM.
When I scan Linux forums, it seems lke 95% of the problems experienced with Linux have to do with Nvidia graphics cards. I don't know if this is limited to dual-boot users or straight Linux users, or wheter it affects VM users. All I know is anyone that runs into this problem can google their distro and likely find a fix.

But since you indicated a VM might be a workaround, I was wondering if you could explain how that works. As a non-technical user of both Linux and VMs, I would have thought that problems with a graphics card in a Linux-only or dual-boot machine would be likewise experienced in a VM. What does a VM do that makes the problem go away?
gips
Posts: 1752
Joined: Mon May 13, 2013 5:42 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by gips »

unless you understand how to secure a linux laptop, I suggest you purchase a windows laptop with good av, malware and firewall protection. I ran a linux laptop for a while since we were using linux for a client project. In the end, it was more work that it was worth and I went back to windows.
2comma
Posts: 1241
Joined: Thu Jul 15, 2010 11:37 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by 2comma »

Funny thing is I cut my baby teeth on Unix and programmed on and administered Unix/Linux machines my entire career. I was installing Linux on PC's when some things were very hard to do and stayed up all night researching and fighting to make things work. It's gotten a lot easier now but to tell the truth I just use a windows 10 laptop now a days. It does what I need, the OS is free and the security is pretty good. I fought the good fight, installed and used more than a few VM's at times just to keep up with the technology. If you want to get experience with different Linux distros then go for it. I do still install Cygwyn so I have the power of the Unix shell interface to do a find | grep > filename but really I'm usually just browsing, reading email and using word or excel and Windows/Linux/IOS can get me where I want to go.
If I am stupid I will pay.
User avatar
pondering
Posts: 1127
Joined: Fri Jan 30, 2015 10:04 pm
Location: 412-977-3526, originally 718-273-2422
Contact:

Re: Linux based laptop or just a Windows based laptop formatted?

Post by pondering »

The two things I use most on my windows computers that I am having trouble with on Linux is a replacement for Excel that works as well (I like the 20% of excel that few people use) and the windows file system, which has an excellent GUI and I'm familiar writing scripts for in the cmd shell.

What is the best way of learning a linux distribution that runs SQL Server 2017?
--Robert Sterbal | robert@sterbal.com | 412-977-3526
ThriftyPhD
Posts: 870
Joined: Mon Jul 31, 2017 10:43 am

Re: Linux based laptop or just a Windows based laptop formatted?

Post by ThriftyPhD »

azurekep wrote: Fri Dec 08, 2017 8:54 pm
ThriftyPhD wrote: Fri Dec 08, 2017 7:07 pm You can get laptops with Linux preinstalled from the big companies.

http://www.dell.com/learn/us/en/04/camp ... -laptop-us
https://support.lenovo.com/us/en/solutions/pd031426

As you mention, driver support can be the issue. If you get the laptop version that comes with linux, you're going to tend to get better driver support; after all, if dell sells it with linux, they've taken the time to get drivers for the hardware they use.

Another option is to check out the Linux distribution, and see what they support.

https://certification.ubuntu.com/desktop/

Finally, check out the companies that are focusing particularly on linux laptops.

https://system76.com/
I've always heard that Intel processors work well with Linux and that's one reason Dell is often recommended. Being lazy, I worked off that premise when getting my most recent laptop. That was verified when I went into Best Buy and "the Linux guy" confirmed that the Dell laptop I had chosen would work well with Linux.
The processor isn't an issue. Both Intel and AMD make CPUs, chipsets, and GPUs that work in linux. What tends to limit functionality is the fringe components. WIFI adapter, ethernet adapter, USB, sound, bluetooth. This has all come a long way, but since many laptops are using semi-custom parts, if the manufacturer or the component supplier doesn't provide a driver, these might not work correctly. If it's a very popular model of computer, the open source community may work on a driver for it, but even if this happened it would be stable long after the computer model was new.
tibbitts
Posts: 23589
Joined: Tue Feb 27, 2007 5:50 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by tibbitts »

azurekep wrote: Fri Dec 08, 2017 9:55 pm
tibbitts wrote: Fri Dec 08, 2017 8:56 pm You can do a little research and increase your odds of finding a Linux-compatible laptop, but generally if you buy one that turns out not to be fully compatible (and many, many still aren't) your odds are still pretty good that you can run it in as a VM.
When I scan Linux forums, it seems lke 95% of the problems experienced with Linux have to do with Nvidia graphics cards. I don't know if this is limited to dual-boot users or straight Linux users, or wheter it affects VM users. All I know is anyone that runs into this problem can google their distro and likely find a fix.

But since you indicated a VM might be a workaround, I was wondering if you could explain how that works. As a non-technical user of both Linux and VMs, I would have thought that problems with a graphics card in a Linux-only or dual-boot machine would be likewise experienced in a VM. What does a VM do that makes the problem go away?
It may not help if you are intending to get the most benefit out of a dedicated graphics card, but the VM layer can abstract the physical graphics card in your computer to fit a very generic model that will be compatible with almost any operating system, as long as the underlying operating system (typically Windows or Mac) can talk to the graphics card. So you won't necessarily get the performance benefits of a dedicated graphics card, but you're likely to get some basic level of functionality that doesn't leave half your display blank or flickering, either. The same is true for what I have found to be at least equally troublesome devices like network adapters. I have had problems similar to the situation you describe, and one problem with the fixes you find is that they often have to be re-applied following (frequent) updates. Yes, you may be able to script them (although that too may fail as the underlying code changes in even the slightest ways.) I have run Linux on dozens of laptop models since the mid 1990s and overall it's better than it was back then, but it's not the equivalent of Windows that the vendor adapts and tests on the hardware for you. A simple example from long ago: one of the top laptop manufacturers began selling its laptops with Linux installed, and part of my job was to test one. I connected an external monitor, and... nothing. So since Linux was a supported OS now, I contacted the vendor. "Yes, external video doesn't work on our Linux laptops." Huh? This was a multi-billion dollar company telling me they couldn't get video-out to work with Linux. Of course they could have if they'd wanted to and thrown resources at it, but they considered functionality with Linux to be adequate with that feature. The point is that although I owe my entire career to UNIX and Linux, I'm now resigned to the path of least resistance, which for a laptop is seldom Linux.
azurekep
Posts: 1179
Joined: Tue Jun 16, 2015 7:16 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by azurekep »

ThriftyPhD wrote: Sat Dec 09, 2017 8:57 am The processor isn't an issue. Both Intel and AMD make CPUs, chipsets, and GPUs that work in linux. What tends to limit functionality is the fringe components. WIFI adapter, ethernet adapter, USB, sound, bluetooth. This has all come a long way, but since many laptops are using semi-custom parts, if the manufacturer or the component supplier doesn't provide a driver, these might not work correctly. If it's a very popular model of computer, the open source community may work on a driver for it, but even if this happened it would be stable long after the computer model was new.
Yes, the wifi adapter is the second main source of problems after the graphics card that I've seen. (This is all unscientific, just based on my scan of Linux forums.) But a portable USB wifi adapter can generally work if no other solutions are available.

But I honestly have never seen any of the problems mentioned. Linux for me "just works".
azurekep
Posts: 1179
Joined: Tue Jun 16, 2015 7:16 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by azurekep »

tibbitts wrote: Sat Dec 09, 2017 9:19 am It may not help if you are intending to get the most benefit out of a dedicated graphics card, but the VM layer can abstract the physical graphics card in your computer to fit a very generic model that will be compatible with almost any operating system, as long as the underlying operating system (typically Windows or Mac) can talk to the graphics card. So you won't necessarily get the performance benefits of a dedicated graphics card, but you're likely to get some basic level of functionality that doesn't leave half your display blank or flickering, either.
Thanks for that. Given that many people use Linux VMs for basic purposes, not having ultra-fancy graphics available may not be a problem.
azurekep
Posts: 1179
Joined: Tue Jun 16, 2015 7:16 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by azurekep »

gips wrote: Fri Dec 08, 2017 10:10 pm unless you understand how to secure a linux laptop, I suggest you purchase a windows laptop with good av, malware and firewall protection. I ran a linux laptop for a while since we were using linux for a client project. In the end, it was more work that it was worth and I went back to windows.
Not sure I understand.

For the home user, Linux is blindingly simple to secure. Maybe you're thinking of more sophisticated applications where server software is installed.

For the home user, the general procedure is:
  1. During the install, you will be asked to create a username and password. This password, along with "sudo", will allow an elevation of privledges in the rare cases administrator privledges are needed.
  2. During the install, you will be asked if you want to encrypt the installation. This is optional.
  3. After Linux is installed, check to see if the built-in firewall is enabled. Believe it or not, this is considered an optional step as Linux has no ports open by default.

    This is a nice explanation:
    The only time you’d need a firewall is if you’re running some kind of server application on your system. This could be a web server, email server, game server, etc.

    If you aren’t running any server applications, then a firewall serves no purpose. If no servers are running, then your system isn’t listening for incoming connections, and if it isn’t listening for incoming connections, then nobody can connect.

    Most Linux desktops run zero server applications out of the box.

    http://www.makeuseof.com/tag/linux-antivirus-firewall/
  4. There is no need for an anti-virus program unless you are sharing files with Windows computers. AV programs are primarily designed against Windows exploits.
(The above rules assume a relatively mainstream distribution.)

There are a few oddities worth mentioning, however.

Last I heard, Puppy Linux (a very small distribution) is run as root. No one should run an operating system as root and Puppy Linux may be fun to try out but is not for normal usage.

In dual-boot Windows/Linux systems, when in Linux mode, one can access the Windows files...and actually read the text/pdf files and view the graphics. It doesn't matter that the two operating systems use different file systems. So, if you have sensitive material on the Windows side and you have given a friend access to your Linux installation, they can read those sensitive files unless they are encrypted. They can also copy Windows files over to the Linux side. This is just one reason why having a dedicated Linux installation or Linux in a VM is better than a dual-boot setup.
User avatar
stvyreb
Posts: 159
Joined: Sat Nov 05, 2016 8:57 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by stvyreb »

trouble is, win10 is only free if its preinstalled ..... if you had it on a USB drive I guess you could try both .... but most people will just default to having the win10 as the OS or dual boot ( which apparently diminishes overall security via secure boot process ) ,

or buy the win10 laptop and run an Ubuntu or Debian or Redhat off a USB drive .... which I believe one can do ; personally I find it hard to go back to win10 after using Linux because of the general bloaty nature of it :) ....... personally I like Qubes 3.2 OS
azurekep
Posts: 1179
Joined: Tue Jun 16, 2015 7:16 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by azurekep »

stvyreb wrote: Sun Dec 10, 2017 4:18 pm trouble is, win10 is only free if its preinstalled .....
That may not be the case.

You Don’t Need a Product Key to Install and Use Windows 10
After you’ve installed Windows 10 without a key, it won’t actually be activated. However, an unactivated version of Windows 10 doesn’t have many restrictions. [...] These days, Windows just complains at you in a few minor, cosmetic ways.
Aside from these basic limitations, your Windows 10 system will continue to work forever. There are no nag prompts aside from the watermark, you’ll get all the system updates, and everything else is completely functional. The only thing that could change this is a Windows 10 update, but Microsoft has become increasingly lenient since Windows 7.
FWIW, I did try this several months ago and created a Win10 VM. Trouble is, on a 4GB RAM machine, a Win10 VM runs a bit slow so I ended up deleting it. But it definitely seems worth a try for someone with a more powerful computer. The article was published in March 2017, so it's relatively recent.
MindBogler
Posts: 1446
Joined: Wed Apr 17, 2013 12:05 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by MindBogler »

pondering wrote: Sat Dec 09, 2017 6:15 am The two things I use most on my windows computers that I am having trouble with on Linux is a replacement for Excel that works as well (I like the 20% of excel that few people use) and the windows file system, which has an excellent GUI and I'm familiar writing scripts for in the cmd shell.

What is the best way of learning a linux distribution that runs SQL Server 2017?
You could purchase Office 365 for home and have access to Excel in the browser which works quite well. The other option is to just use Google sheets, which also works well enough.
MindBogler
Posts: 1446
Joined: Wed Apr 17, 2013 12:05 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by MindBogler »

azurekep wrote: Sat Dec 09, 2017 1:47 pm
gips wrote: Fri Dec 08, 2017 10:10 pm unless you understand how to secure a linux laptop, I suggest you purchase a windows laptop with good av, malware and firewall protection. I ran a linux laptop for a while since we were using linux for a client project. In the end, it was more work that it was worth and I went back to windows.
Not sure I understand.

For the home user, Linux is blindingly simple to secure. Maybe you're thinking of more sophisticated applications where server software is installed.

For the home user, the general procedure is:
  1. During the install, you will be asked to create a username and password. This password, along with "sudo", will allow an elevation of privledges in the rare cases administrator privledges are needed.
  2. During the install, you will be asked if you want to encrypt the installation. This is optional.
  3. After Linux is installed, check to see if the built-in firewall is enabled. Believe it or not, this is considered an optional step as Linux has no ports open by default.

    This is a nice explanation:
    The only time you’d need a firewall is if you’re running some kind of server application on your system. This could be a web server, email server, game server, etc.

    If you aren’t running any server applications, then a firewall serves no purpose. If no servers are running, then your system isn’t listening for incoming connections, and if it isn’t listening for incoming connections, then nobody can connect.

    Most Linux desktops run zero server applications out of the box.

    http://www.makeuseof.com/tag/linux-antivirus-firewall/
  4. There is no need for an anti-virus program unless you are sharing files with Windows computers. AV programs are primarily designed against Windows exploits.
(The above rules assume a relatively mainstream distribution.)

There are a few oddities worth mentioning, however.

Last I heard, Puppy Linux (a very small distribution) is run as root. No one should run an operating system as root and Puppy Linux may be fun to try out but is not for normal usage.

In dual-boot Windows/Linux systems, when in Linux mode, one can access the Windows files...and actually read the text/pdf files and view the graphics. It doesn't matter that the two operating systems use different file systems. So, if you have sensitive material on the Windows side and you have given a friend access to your Linux installation, they can read those sensitive files unless they are encrypted. They can also copy Windows files over to the Linux side. This is just one reason why having a dedicated Linux installation or Linux in a VM is better than a dual-boot setup.
Turning on bitlocker to encrypt your filesystem is blindlingly simple and should always be done. It's a lot easier to get Windows 10 pro and then run Linux inside of it if you need it rather than have to reboot. Alternatively, you can install Hyper-V and run a Linux VM.

The biggest security issues with Windows are due to users with administrator privileges. Unlike Linux, a Windows install for home starts with "sudo" privileges by default. This is the root cause of most issues Windows users experience (no pun intended). Browsing the web as an administrator is a huge no-no. On a Windows machine the first thing you should do is create a privileged user and then remove your account from the Administrators group. When software needs to be installed, you will automatically be prompted for this password.

Regarding your comment that a firewall is only for servers, that might be the worst piece of advice I've ever heard. A default firewall configuration that allows all outbound and blocks all inbound is recommended. If you ever connect to an unsecured network, this is basically required! A Windows machine's firewall will operate this way by default with no configuration.
User avatar
oldcomputerguy
Moderator
Posts: 17878
Joined: Sun Nov 22, 2015 5:50 am
Location: Tennessee

Re: Linux based laptop or just a Windows based laptop formatted?

Post by oldcomputerguy »

azurekep wrote: Fri Dec 08, 2017 9:55 pm
tibbitts wrote: Fri Dec 08, 2017 8:56 pm You can do a little research and increase your odds of finding a Linux-compatible laptop, but generally if you buy one that turns out not to be fully compatible (and many, many still aren't) your odds are still pretty good that you can run it in as a VM.
When I scan Linux forums, it seems lke 95% of the problems experienced with Linux have to do with Nvidia graphics cards.
Another source of difficulty in finding drivers for laptop hardware under Linux has occasionally been related to WiFi hardware. My older Compaq laptop is supported, don’t know firsthand if newer laptops’ WiFi hardware is. I had occasion recently to have to run my desktop machine over a USB wireless LAN stick, and had some trouble getting it to work under more recent versions of Mint. YMMV.
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
User avatar
oldcomputerguy
Moderator
Posts: 17878
Joined: Sun Nov 22, 2015 5:50 am
Location: Tennessee

Re: Linux based laptop or just a Windows based laptop formatted?

Post by oldcomputerguy »

MindBogler wrote: Sun Dec 10, 2017 5:32 pm
Regarding your comment that a firewall is only for servers, that might be the worst piece of advice I've ever heard.
+1. I run Mint at home, and not only do I have a software firewall enabled, i’m running behind a hardware firewall sitting between my network and the AT&T modem. Call me paranoid...
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
User avatar
oldcomputerguy
Moderator
Posts: 17878
Joined: Sun Nov 22, 2015 5:50 am
Location: Tennessee

Re: Linux based laptop or just a Windows based laptop formatted?

Post by oldcomputerguy »

MindBogler wrote: Sun Dec 10, 2017 5:23 pm
pondering wrote: Sat Dec 09, 2017 6:15 am The two things I use most on my windows computers that I am having trouble with on Linux is a replacement for Excel that works as well (I like the 20% of excel that few people use) and the windows file system, which has an excellent GUI and I'm familiar writing scripts for in the cmd shell.

What is the best way of learning a linux distribution that runs SQL Server 2017?
You could purchase Office 365 for home and have access to Excel in the browser which works quite well. The other option is to just use Google sheets, which also works well enough.
LibreOffice Calc also works pretty well, and there are native versions for both Linux and Windows.
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
User avatar
oldcomputerguy
Moderator
Posts: 17878
Joined: Sun Nov 22, 2015 5:50 am
Location: Tennessee

Re: Linux based laptop or just a Windows based laptop formatted?

Post by oldcomputerguy »

azurekep wrote: Sun Dec 10, 2017 5:19 pm FWIW, I did try this several months ago and created a Win10 VM. Trouble is, on a 4GB RAM machine, a Win10 VM runs a bit slow so I ended up deleting it.
Frankly, i’m surprised it worked at all. I had trouble even getting Win 7 to run in a usable state directly on bare metal with less than 16 gb.
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
fishboat
Posts: 508
Joined: Tue Oct 14, 2014 12:15 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by fishboat »

oldcomputerguy wrote: Mon Dec 11, 2017 5:29 am
azurekep wrote: Sun Dec 10, 2017 5:19 pm FWIW, I did try this several months ago and created a Win10 VM. Trouble is, on a 4GB RAM machine, a Win10 VM runs a bit slow so I ended up deleting it.
Frankly, i’m surprised it worked at all. I had trouble even getting Win 7 to run in a usable state directly on bare metal with less than 16 gb.
Yah..well..not in my experience. At work (now retired) I ran Win 7 laptops with resource-intensive apps and they ran fine. Would 8GB RAM machine run faster..sure, but for all but the most intensive work, 4GB of RAM was fine. I now run three different fully-updated Win 10 machines (internet surfing, spreadsheets, photo editing, wilderness mapping/navigating planning...no extensive movie or music processing or gaming) all having just 4 GB RAM, and at no time am I annoyed by a slow response. If I did detect any annoying response time I'd make changes to address it...faster isn't particularly expensive.

It would be interesting to run a poll here on BH to see what computing resources people use. I suspect people are doing quite well on OS's & machine-hardware combos that some suggest barely bootup, let alone use, daily, with few or no issues.
aristotelian
Posts: 12262
Joined: Wed Jan 11, 2017 7:05 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by aristotelian »

Honestly, for the basic applications you describe, Chromebook is the best bet. Cheap, secure, simple, and does everything on your list.
User avatar
JoMoney
Posts: 16260
Joined: Tue Jul 23, 2013 5:31 am

Re: Linux based laptop or just a Windows based laptop formatted?

Post by JoMoney »

aristotelian wrote: Mon Dec 11, 2017 10:28 am Honestly, for the basic applications you describe, Chromebook is the best bet. Cheap, secure, simple, and does everything on your list.
Including Chrome being a Linux based OS, and can run most Linux distros either by dual-booting, concurrently using 'Crouton' or just the Linux apps you want to use in Chrome:
http://www.tomshardware.com/news/linux- ... 28293.html
"To achieve satisfactory investment results is easier than most people realize; to achieve superior results is harder than it looks." - Benjamin Graham
azurekep
Posts: 1179
Joined: Tue Jun 16, 2015 7:16 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by azurekep »

MindBogler wrote: Sun Dec 10, 2017 5:32 pm Regarding your comment that a firewall is only for servers, that might be the worst piece of advice I've ever heard. A default firewall configuration that allows all outbound and blocks all inbound is recommended. If you ever connect to an unsecured network, this is basically required! A Windows machine's firewall will operate this way by default with no configuration.
This whole issue is fascinating. Ubuntu doesn't enable the firewall by default. Whereas Mint does enable the firewall by default.

You will find thousands of users who will say that the firewall does not have to be enabled. As a non-technical, ex-Windows user, I am definitely going to enable the firewall no matter what anyone says. :) But it is funny how there is such a strong opinion that it is not needed for a default installation that Ubuntu actually chooses to leave it disabled.

Note that I'm talking as a Lubuntu user, but the last time I read the official documentation for Ubuntu, it indicated UFW (uncomplicated firewall) was disabled by default and gave the reason why.
notinuse
Posts: 109
Joined: Sun May 29, 2011 7:11 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by notinuse »

azurekep wrote: Mon Dec 11, 2017 11:17 am
MindBogler wrote: Sun Dec 10, 2017 5:32 pm Regarding your comment that a firewall is only for servers, that might be the worst piece of advice I've ever heard. A default firewall configuration that allows all outbound and blocks all inbound is recommended. If you ever connect to an unsecured network, this is basically required! A Windows machine's firewall will operate this way by default with no configuration.
This whole issue is fascinating. Ubuntu doesn't enable the firewall by default. Whereas Mint does enable the firewall by default.

You will find thousands of users who will say that the firewall does not have to be enabled. As a non-technical, ex-Windows user, I am definitely going to enable the firewall no matter what anyone says. :) But it is funny how there is such a strong opinion that it is not needed for a default installation that Ubuntu actually chooses to leave it disabled.

Note that I'm talking as a Lubuntu user, but the last time I read the official documentation for Ubuntu, it indicated UFW (uncomplicated firewall) was disabled by default and gave the reason why.
If no daemons are listening, which is typical for a desktop Ubuntu installation, what purpose does the software firewall serve?
sschoe2
Posts: 792
Joined: Fri Feb 24, 2017 3:42 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by sschoe2 »

I've installed Linux on many PC's and have yet to encounter any issues with drivers. I occasionally have to use windows to use ODIN to send stuff to my android tablet, and to update the firmware on my Brother Printer. Those were the only times I have needed Windows.

Linux for me has always been plug and play (except for the printer which Brother makes an installer for).
deikel
Posts: 1615
Joined: Sat Jan 25, 2014 6:13 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by deikel »

Linux is not inherently safer than Windows, it just enjoys a smaller market share and hence is not an equally juicy target for hackers to bother end users.

As an operating system it makes much better use of the hardware components and hence runs 10x faster on older equipment, you simply do not need all the latest graphic nonsense that windows and its applications require these days. Linus will find drivers for older equipment easily (assuming its not a laptop configured for Windows which uses 'emulated' hardware, but real physical pieces inside).

Its applications also enjoy a community build attitude that prevents constant pop ups, add fly ins and scroll down and all the other commercial stuff that makes the internet such a pain these days.

W10 is a bad operating software.period. If you go with Windows, go with W7.

For the OPs simple applications, a Linux on an older laptop (read cheap) will do just fine. If you want to be more hip and reduce your service involvement, go with Apple ($$$)
Everything you read in this post is my personal opinion. If you disagree with this disclaimer, please un-read the text immediately and destroy any copy or remembrance of it.
azurekep
Posts: 1179
Joined: Tue Jun 16, 2015 7:16 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by azurekep »

notinuse wrote: Mon Dec 11, 2017 11:26 am
If no daemons are listening, which is typical for a desktop Ubuntu installation, what purpose does the software firewall serve?
I guess the logical question is what happens when server software is installed. Will the software installation automatically turn on the ifrewall and configure it properly?
tibbitts
Posts: 23589
Joined: Tue Feb 27, 2007 5:50 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by tibbitts »

MindBogler wrote: Sun Dec 10, 2017 5:23 pm
pondering wrote: Sat Dec 09, 2017 6:15 am The two things I use most on my windows computers that I am having trouble with on Linux is a replacement for Excel that works as well (I like the 20% of excel that few people use) and the windows file system, which has an excellent GUI and I'm familiar writing scripts for in the cmd shell.

What is the best way of learning a linux distribution that runs SQL Server 2017?
You could purchase Office 365 for home and have access to Excel in the browser which works quite well. The other option is to just use Google sheets, which also works well enough.
I'm pretty sure Google Sheets won't do the 20% of Excel that only pondering uses. Not just for Excel but for any of the office apps, there's the real thing, and then there's everything else.
notinuse
Posts: 109
Joined: Sun May 29, 2011 7:11 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by notinuse »

azurekep wrote: Mon Dec 11, 2017 6:41 pm
notinuse wrote: Mon Dec 11, 2017 11:26 am
If no daemons are listening, which is typical for a desktop Ubuntu installation, what purpose does the software firewall serve?
I guess the logical question is what happens when server software is installed. Will the software installation automatically turn on the ifrewall and configure it properly?
I don't know, but my question is still unanswered. What's the point of a firewall when there are no daemons listening?
azurekep
Posts: 1179
Joined: Tue Jun 16, 2015 7:16 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by azurekep »

notinuse wrote: Mon Dec 11, 2017 7:00 pm I don't know, but my question is still unanswered. What's the point of a firewall when there are no daemons listening?
As the sacrificial dunce, I'll raise my hand and say there would be no point.

Now I'll wait and see if anyone disagrees.

But here is some info I found earlier (see below). It basically says (I think) that you may have software that somehow gets compromised and it sets up a mini server that can allow data to be exfiltrated from your computer -- IF you don't have a firewall...and one that is properly set up. (It also lists another way for the data to get out.)

Now I don't know if that's actually what the passage says. It uses completely different words like socket, and makes no mention of common words like malware, keylogger or exfiltration, let alone the term I made up: "mini server".

But assuming I got this halfway right, it would suggest that the average Ubuntu user would not need a firewall. However, if you're sloppy in your web browsing and basic security habits, there may be an exploit where one of your applications gets compromised, which can allow outbound connections through makeshift ports.

Does that make sense? Since I halfway made it up, I don't know. But I hope someone knowledgable either corrects my interpretation or explains exactly what the following passage means in practical terms:
Some users assume that since you are running no [listening] services, a connection can not be made. So you do not need a firewall. If these were the only things you needed to think about, this would be perfectly acceptable. However, this is only part of the picture.

There are two additional factors that come into play there.

One, if you do not utilize a firewall on the basis that you have no open ports, you are crippling your own security because if an application that you do have is exploited and code execution occurs a new socket can be created and bound to an arbitrary port.

The other important factor here is that if you are not utilizing a firewall you also have no outbound traffic control whatsoever. In the wake of an exploited application, instead of a new socket being created and a port being bound, another alternative an attacker can utilize is to create a reverse connection back to a malicious machine. Without any firewall rules in place this connection will go through unhindered.

https://help.ubuntu.com/community/DoINeedAFirewall
notinuse
Posts: 109
Joined: Sun May 29, 2011 7:11 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by notinuse »

azurekep wrote: Mon Dec 11, 2017 9:08 pm
notinuse wrote: Mon Dec 11, 2017 7:00 pm I don't know, but my question is still unanswered. What's the point of a firewall when there are no daemons listening?
As the sacrificial dunce, I'll raise my hand and say there would be no point.

Now I'll wait and see if anyone disagrees.

But here is some info I found earlier (see below). It basically says (I think) that you may have software that somehow gets compromised and it sets up a mini server that can allow data to be exfiltrated from your computer -- IF you don't have a firewall...and one that is properly set up. (It also lists another way for the data to get out.)

Now I don't know if that's actually what the passage says. It uses completely different words like socket, and makes no mention of common words like malware, keylogger or exfiltration, let alone the term I made up: "mini server".

But assuming I got this halfway right, it would suggest that the average Ubuntu user would not need a firewall. However, if you're sloppy in your web browsing and basic security habits, there may be an exploit where one of your applications gets compromised, which can allow outbound connections through makeshift ports.

Does that make sense? Since I halfway made it up, I don't know. But I hope someone knowledgable either corrects my interpretation or explains exactly what the following passage means in practical terms:
Some users assume that since you are running no [listening] services, a connection can not be made. So you do not need a firewall. If these were the only things you needed to think about, this would be perfectly acceptable. However, this is only part of the picture.

There are two additional factors that come into play there.

One, if you do not utilize a firewall on the basis that you have no open ports, you are crippling your own security because if an application that you do have is exploited and code execution occurs a new socket can be created and bound to an arbitrary port.

The other important factor here is that if you are not utilizing a firewall you also have no outbound traffic control whatsoever. In the wake of an exploited application, instead of a new socket being created and a port being bound, another alternative an attacker can utilize is to create a reverse connection back to a malicious machine. Without any firewall rules in place this connection will go through unhindered.

https://help.ubuntu.com/community/DoINeedAFirewall
I agree, there is generally no point to a firewall with no listening services running. Yes, if you allow your computer to be compromised, a firewall may help mitigate outbound traffic. However, the malware causing the compromise can easily avoid the firewall in many cases. For example, ports 80 (unencrypted http) and 443 (https) are typically pretty open for outbound traffic, so those ports might be used by malware, even with a firewall unless the user sets the firewall permissions allowing traffic on a per application basis. Reverse connections are also relatively easy, even with a firewall in place. I used to use this technique frequently at work using ssh on port 443, instead of its usual port 22.
User avatar
Epsilon Delta
Posts: 8090
Joined: Thu Apr 28, 2011 7:00 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by Epsilon Delta »

tibbitts wrote: Mon Dec 11, 2017 6:51 pm I'm pretty sure Google Sheets won't do the 20% of Excel that only pondering uses. Not just for Excel but for any of the office apps, there's the real thing, and then there's everything else.
That 20% is usually things that shouldn't be done:

Image

Credit to Randall Munroe at www.xkcd.com
User avatar
McGilicutty
Posts: 349
Joined: Tue Dec 13, 2016 4:24 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by McGilicutty »

I bought a $300-or-so Windows 10, ASUS, Intel Pentium laptop from Wal-Mart and was able to configure it to dual-boot to Windows and Ubuntu Linux. I can't remember all the steps it took, but I do remember that I had to disable secure boot, burn Ubuntu onto a bootable USB stick, and then boot to the USB stick. By booting to USB, you can test out Linux without having to format your laptotp.

Once I tested that Ubuntu worked with my laptop by booting to the USB stick, if I recall correctly, Linux pretty much configured my laptop automatically (partitioning the hard drive and then installing Ubuntu on the blank partition). The only problem I had was that the clock gets messed up in Windows after booting to Linux and then back to Windows. Also, I have to leave secure boot disabled. Other than that, I haven't had any problems.
notinuse
Posts: 109
Joined: Sun May 29, 2011 7:11 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by notinuse »

McGilicutty wrote: Mon Dec 11, 2017 11:09 pm I bought a $300-or-so Windows 10, ASUS, Intel Pentium laptop from Wal-Mart and was able to configure it to dual-boot to Windows and Ubuntu Linux. I can't remember all the steps it took, but I do remember that I had to disable secure boot, burn Ubuntu onto a bootable USB stick, and then boot to the USB stick. By booting to USB, you can test out Linux without having to format your laptotp.

Once I tested that Ubuntu worked with my laptop by booting to the USB stick, if I recall correctly, Linux pretty much configured my laptop automatically (partitioning the hard drive and then installing Ubuntu on the blank partition). The only problem I had was that the clock gets messed up in Windows after booting to Linux and then back to Windows. Also, I have to leave secure boot disabled. Other than that, I haven't had any problems.
Ubuntu uses UTC to set the real time clock, and MS Windows uses local time. Here are instructions to help compensate for the difference. http://ubuntuhandbook.org/index.php/201 ... indows-10/
azurekep
Posts: 1179
Joined: Tue Jun 16, 2015 7:16 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by azurekep »

notinuse wrote: Mon Dec 11, 2017 9:38 pm
azurekep wrote: Mon Dec 11, 2017 9:08 pm
notinuse wrote: Mon Dec 11, 2017 7:00 pm I don't know, but my question is still unanswered. What's the point of a firewall when there are no daemons listening?
As the sacrificial dunce, I'll raise my hand and say there would be no point.

Now I'll wait and see if anyone disagrees.[...]
I agree, there is generally no point to a firewall with no listening services running. Yes, if you allow your computer to be compromised, a firewall may help mitigate outbound traffic. However, the malware causing the compromise can easily avoid the firewall in many cases. For example, ports 80 (unencrypted http) and 443 (https) are typically pretty open for outbound traffic, so those ports might be used by malware, even with a firewall unless the user sets the firewall permissions allowing traffic on a per application basis. Reverse connections are also relatively easy, even with a firewall in place. I used to use this technique frequently at work using ssh on port 443, instead of its usual port 22.
Thanks for that.

That's a great example of teaching a person to fish. Appreciated.
linenfort
Posts: 2241
Joined: Sat Sep 22, 2007 9:22 am
Location: #96151D

Re: Linux based laptop or just a Windows based laptop formatted?

Post by linenfort »

You can get linux laptops from Zareason or system76, but I don’t recommend that. I always like linux for about the first five days after installation. Then, linux brings the pain.
MindBogler
Posts: 1446
Joined: Wed Apr 17, 2013 12:05 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by MindBogler »

notinuse wrote: Mon Dec 11, 2017 7:00 pmI don't know, but my question is still unanswered. What's the point of a firewall when there are no daemons listening?
When through ignorance or malice a process begins to listen on a port without the courtesy of notifying you? How many people know how to identify which processes are listening on a TCP/UDP port? Do you check and re-check after every package install? Maybe I should flip this question around. What problem are you hoping to solve by not configuring a firewall that, at a minimum, drops all unsolicited inbound traffic? Do you connect to the Internet through a NAT firewall or plug right in to a bridged modem? :wink:
notinuse
Posts: 109
Joined: Sun May 29, 2011 7:11 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by notinuse »

MindBogler wrote: Tue Dec 12, 2017 2:53 pm
notinuse wrote: Mon Dec 11, 2017 7:00 pmI don't know, but my question is still unanswered. What's the point of a firewall when there are no daemons listening?
When through ignorance or malice a process begins to listen on a port without the courtesy of notifying you? How many people know how to identify which processes are listening on a TCP/UDP port? Do you check and re-check after every package install? Maybe I should flip this question around. What problem are you hoping to solve by not configuring a firewall that, at a minimum, drops all unsolicited inbound traffic? Do you connect to the Internet through a NAT firewall or plug right in to a bridged modem? :wink:
You changed the question to get the answer you wanted. Not gonna play that. :)
azurekep
Posts: 1179
Joined: Tue Jun 16, 2015 7:16 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by azurekep »

MindBogler wrote: Tue Dec 12, 2017 2:53 pm When through ignorance or malice a process begins to listen on a port without the courtesy of notifying you? How many people know how to identify which processes are listening on a TCP/UDP port? Do you check and re-check after every package install? Maybe I should flip this question around. What problem are you hoping to solve by not configuring a firewall that, at a minimum, drops all unsolicited inbound traffic? Do you connect to the Internet through a NAT firewall or plug right in to a bridged modem? :wink:
Let's assume a user is connected through a NAT firewall.

Two questions:

1. For an Ubuntu machine that doesn't have any known listening services or server applications installed, how would you configure uncomplicated firewall (ufw)? In particular, how would you configure ufw to cover the scenario described in your first sentence?

2. For a Windows user that doesn't have any known listening services or server applications installed, how does the Windows firewall handle the scenario described in your first sentence?

I'm assuming in both cases the user isn't constantly using Netstat or whatever it is that reveals listening services.

As a baselline, the default ufw configuration is:

Default: deny (incoming), allow (outgoing), disabled (routed)
MindBogler
Posts: 1446
Joined: Wed Apr 17, 2013 12:05 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by MindBogler »

azurekep wrote: Tue Dec 12, 2017 8:51 pm As a baselline, the default ufw configuration is:

Default: deny (incoming), allow (outgoing), disabled (routed)
Then the default is exactly how the firewall should be configured unless there are specific services you are looking to expose.
:sharebeer
MindBogler
Posts: 1446
Joined: Wed Apr 17, 2013 12:05 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by MindBogler »

notinuse wrote: Tue Dec 12, 2017 7:24 pm You changed the question to get the answer you wanted. Not gonna play that. :)
No, I'd legitimately like to understand what problem you think you're solving by not using one. Sometimes the best way to understand an opposing view is to flip the situation on it's head and approach it from another perspective. For a modern computer there is basically a negligible performance impact to running a personal firewall. Why wouldn't you? In security there is a concept of "defense in depth" which basically means creating as many layers of protection as possible. While its possible that your system has nothing listening today, that assumption could change without your knowledge. A firewall protects against that eventuality because it requires a positive action on the user's part to open ports. A firewall also allows you to obfuscate the type of your operating system from a would be attacker. Hacking begins with information. Using nmap to probe a system without a firewall can provide information you might not want to expose. The less you give your opponent willingly, the better.
Northern Flicker
Posts: 15289
Joined: Fri Apr 10, 2015 12:29 am

Re: Linux based laptop or just a Windows based laptop formatted?

Post by Northern Flicker »

I'm in the market for a new laptop for basic activities (banking, web browsing, word documents, excel sheets, etc). For any applications only built for Windows I assume I can spin up a VM and use them on an as-needed basis.
Then you can have all of the vulnerabilities of Linux, VMWare, and Windows bundled together in a single machine.
technovelist
Posts: 3611
Joined: Wed Dec 30, 2009 8:02 pm

Re: Linux based laptop or just a Windows based laptop formatted?

Post by technovelist »

fishboat wrote: Mon Dec 11, 2017 7:46 am
oldcomputerguy wrote: Mon Dec 11, 2017 5:29 am
azurekep wrote: Sun Dec 10, 2017 5:19 pm FWIW, I did try this several months ago and created a Win10 VM. Trouble is, on a 4GB RAM machine, a Win10 VM runs a bit slow so I ended up deleting it.
Frankly, i’m surprised it worked at all. I had trouble even getting Win 7 to run in a usable state directly on bare metal with less than 16 gb.
Yah..well..not in my experience. At work (now retired) I ran Win 7 laptops with resource-intensive apps and they ran fine. Would 8GB RAM machine run faster..sure, but for all but the most intensive work, 4GB of RAM was fine. I now run three different fully-updated Win 10 machines (internet surfing, spreadsheets, photo editing, wilderness mapping/navigating planning...no extensive movie or music processing or gaming) all having just 4 GB RAM, and at no time am I annoyed by a slow response. If I did detect any annoying response time I'd make changes to address it...faster isn't particularly expensive.

It would be interesting to run a poll here on BH to see what computing resources people use. I suspect people are doing quite well on OS's & machine-hardware combos that some suggest barely bootup, let alone use, daily, with few or no issues.
I have been running Windows 7 on machines with 4 GB of RAM for almost 10 years without too much trouble other than for very high memory usage programs like Photoshop. And even that runs okay on a four-year-old 4 GB Windows laptop.

I just built a new Windows 10 machine with 32 GB of RAM because one of my personal projects does a LOT of disk I/O and I wanted to be able to take maximal advantage of the speed of the new NVMe SSDs.

My program can now read or write more than 1 GB/sec in sequential access including all overhead, which is about 4x the speed of a SATA SSD.

This also helps with compiling and other resource-intensive operations. I haven't tried running Photoshop on the new machine yet; my wife is the photographer.

As to the security questions, here is a pretty good resource for testing some of your machine's Internet vulnerabilities: https://www.grc.com/x/ne.dll?bh0bkyd2
In theory, theory and practice are identical. In practice, they often differ.
Northern Flicker
Posts: 15289
Joined: Fri Apr 10, 2015 12:29 am

Re: Linux based laptop or just a Windows based laptop formatted?

Post by Northern Flicker »

I would add to the firewall discussion the following.

First, you would need root or administrator rights to change the internal firewall configuration, but not to start listening on a port >= 1024 (mapping ports less than 1024 requires root). Checking that no daemons are listening is insufficient as malware could only map the port at certain times and you might not "catch it in the act". The firewall essentially elevates the privilege needed to use TCP/IP ports >= 1024 to root instead of a normal user. You could potentially pick up malware running as a normal user just browsing the web or opening an email attachment, but it would not be able to map firewall ports unless it subsequently acquired root.

While directly running a firewall on a machine to be protected is a good idea, it should never be considered a substitute for running a firewall globally for the entire LAN. As long as OS sysadmin privileges are aggregated into a single account, as is typically true for a Unix, Linux, or Windows machine, when you provide root or administrator privileges to a software installation process, that process can also reconfigure the internal firewall. Thus, the internal firewall does not generally protect against port mapping by malicious software package installations.

A significant reason to use onboard firewalls is to have the combined effect of network and machine firewalls differ from machine to machine. For instance, if a particular port is opened in a personal/home network firewall to support a particular application, then that port may be opened on the firewall on the machine(s) on which the application will be run, but kept closed on other machines. This functionality may be available on the network firewall wherein a port is opened for mapping to a port on a particular machine.
Post Reply