Linux Security Part 2

I already wrote about why I think Linux is the way to go, and why I consider Linux more secure than most commercial operating systems. But what if your favorite distribution gets hacked?

Exactly this happened a little more than a year ago, when the Linux Mint website – probably the most popular Linux distribution – got hacked. The hacker placed a backdoored version of the Linux Mint ISO onto the download page. The perpetrator was also successful in hacking into the forum and stealing all user data and passwords. The user data / passwords are still available for purchase on the dark net, anyone paying the requested amount can download it.

Today, a year later, the Linux Mint forum and community websites are down. In the meantime the site has come up – according to a admin note it was shutdown for maintenance.

Reading up on the incident a year go, I found this critical article by James Sanders at Techrepublic. Sanders argues that the Linux Mint hack is an indicator of a larger problem.

Linux Mint became popular due to their conservative desktop environment that is reminiscent of Microsoft Windows XP or Windows 7. When Ubuntu and some other distributions tried to reinvent the desktop, and subsequently released some immature versions of Unity or other desktop environments, users were displeased and moved to Linux Mint. Mint is also a very user friendly distribution. It comes ready with all the necessary software – including multimedia codecs – to get things up and running in no time. This is why I chose Linux Mint as my desktop of choice.

It seams that it comes with a hidden price. Unlike the more traditional distributions like Ubuntu, Fedora/Red Hat, Debian, and OpenSuse, to name a few, Linux Mint does not issue security advisories. Instead it refers to Ubuntu and Debian (its parents of sort). Sanders goes further and accuses the Linux Mint team of sometimes dropping important security updates to avoid compatibility issues. This is a serious accusation.

Sanders lists other distributions too and together refers to them as hobbyist projects, nothing more than “functionally technical demonstrations” that lack the resources to address security issues in a proper way.

While Linux Mint builds on Ubuntu and Debian, both solid distributions with their own security teams, Mint lives from donations and perhaps a little advertising revenue on their website. If you compare this to the Ubuntu, Red Hat, Debian, Suse etc. commercial offerings, one will easily recognize that they have vastly more resources in terms of money and manpower, as well as the motivation to satisfy their paying customers and deliver, as much as possible, a secure product.

As much as I like Linux Mint for its convenience, I might be looking at other distributions now.

Leave a Reply