0

as you may notice, I am new to Ubuntu (actually, Lubuntu). I have a question regarding security when installing software. When using Windows before, what most people do is to download a .exe, scan it with AV or similar, and if it was good, install. Now, in Ubuntu distros you just go "apt install XXX" or "snap intall XXX" or whatever. The question is: why and how is this safe? Is everything installed in that way secure? Everything that comes from apt or snap or others is safe and should only worry about 3rd party repos?

Thank you very in advance for making this clear!

nico_so
  • 71
  • https://help.ubuntu.com/community/Repositories/Ubuntu the highest security applies to 'main', with other repositories have lower levels of security, all 3rd party sources that are added by you to your system (no 3rd party exist on a fresh Ubuntu/Lubuntu install) are up to you and whatever security checks you do before adding them. Snaps & other package types I won't cover (they have different rules) – guiverc Mar 27 '21 at 12:24
  • FYI: Lubuntu is a community based system based on the main Ubuntu base ('main' packages have security checks by Canonical thus are found in 'main'; you didn't provide release details, but you can use ubuntu-support-status to get some detail on your actual system; ubuntu-security-status for later releases though it differs in some regards and ubuntu-support-status output is clearer in this case), with the Lubuntu packages (LXQt for modern Lubuntu) packaged by Lubuntu team & found in 'universe'; checks as per debian standards but no security audits as found in 'main' done by Canonical) – guiverc Mar 27 '21 at 12:29
  • For what it's worth, the "Windows way" was itself an illusion. Because in order to use antiviral software to detect a virus, the virus must have been previously known to the antiviral software. If it wasn't, then scanning it won't detect it. Your question is a good one, but don't forget the "basics". That is, whether the software is from a known, trusted source remains important for both Ubuntu and Windows. I think many people don't scrutinize Windows enough and assume an AV software is enough... – Ray Mar 27 '21 at 12:36
  • 1
    About flatpak and snap https://askubuntu.com/questions/1179175/are-snap-and-flatpak-apps-safe-to-install-are-they-official-approved-or-test – adasiko Mar 27 '21 at 12:40
  • 1
    Establishing trustworthiness has always been the human's responsibility. In the open-source community, you can download the (open) source, audit and compile and test it yourself, and share your results with everybody. Your Ubuntu system can ensure that software from any source you trust --wisely or unwisely-- is installed securely. Try a few episodes of the Ubuntu Security Podcast to learn how Ubuntu's professional security engineers treat this topic. – user535733 Mar 27 '21 at 12:44
  • As a regular everyday user would say that programs installed from the Ubuntu repositories are the most safe. Programs installed from PPAs and outside sites should be resourced and checked before installing. Browser extensions might be most dangerous, since they might be safe when installed, but stuff can happen after. – crip659 Mar 27 '21 at 13:06

0 Answers0