Announcement

Collapse
No announcement yet.

Is Ubuntu a Trojan Horse?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is Ubuntu a Trojan Horse?

    I ran into an interesting problem when I downloaded the new Ubuntu Live CD for 10.04 LTS / Lucid Lynx. As soon as I booted from the Install CD, the CD proceeded to mount my hard disks and tried to establish unauthorized outbound communication with Canonical Ltd at 91.189.90.132. All of this happened automatically, without any user options or menu selections being offered to the user. I don't like that.

    In a little more detail:

    I have a media center PC at home that I use for watching movies, playing music, etc. Its got an old version of Ubuntu on it that's so old that I can't update the system anymore. To update the box, my only option is to install a newer operating system.

    So today I downloaded the ISO image file for the Ubuntu 10.04 Desktop install CD. I burned it to a CD. Then I rebooted the computer to boot of the CD, so that I could use the "check CD for errors" menu option that's always on a linux Live CD. This time things didn't go as expected.

    When the CD booted, I got a blank screen. Nothing more. After quite a long time, I got the Ubuntu splash screen. But I never got any menu options or selections that allowed me to choose what options I wanted to perform. Instead, the CD just booted to load a Gnome desktop. When the Gnome desktop loaded, all of my hard disks were already mounted. I thought that was a little odd, but not anywhere near as odd as what I noticed next:

    While this boot cycle was happening, my network firewall started issuing alarms. It detected and blocked unauthorized outbound traffic originating from the PC that was running the Live CD. The firewall logs showed that the PC was attempting to make unauthorized outbound connections to Canonical Ltd at IP address 91.189.90.132.

    Luckily, my LAN sits behind a very secure firewall that locks down all inbound AND OUTBOUND traffic. Unlike most simple firewalls that are designed to protect you from bad guys trying to get into your system, our firewall also protects you from authorized traffic that's trying to leave your system. If the PC is trying to make a connection that its not explicitly been allowed to perform, the firewall won't route the packets. It rejects them, issues an error, and logs the results.

    Here's a snippet from my firewall logs: (my internal, non-routeable IP address has been replaced by XXX.XXX.X.X)

    Code:
    May  6 10:46:32 firewall Shorewall:loc2net:REJECT:IN=eth1 OUT=eth0 SRC=XXX.XXX.X.X DST=91.189.90.132 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=12620 DF PROTO=TCP SPT=43787 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
    The IP Address of 91.189.90.132 resolves to Canonical Ltd:

    Whois record for 91.189.90.132

    Code:
    IP Location:  	 United Kingdom  United Kingdom Canonical Ltd
    Resolve Host: 	rookery.canonical.com
    IP Address: 	91.189.90.132 [Whois] [Reverse-Ip] [Ping] [DNS Lookup] [Traceroute]
    inetnum:        91.189.88.0 - 91.189.95.255
    netname:        CANONICAL-CORE
    descr:          Canonical Ltd
    country:        GB
    org:            ORG-CAN1-RIPE
    admin-c:        CAN-RIPE
    tech-c:         CAN-RIPE
    status:         ASSIGNED PI
    mnt-by:         RIPE-NCC-HM-PI-MNT
    mnt-lower:      RIPE-NCC-HM-PI-MNT
    mnt-by:         CANONICAL-MNT
    mnt-routes:     CANONICAL-MNT
    mnt-domains:    CANONICAL-MNT
    remarks:        rev-srv:        ns1.canonical.com
    remarks:        rev-srv:        ns2.canonical.com
    remarks:        rev-srv:        ns3.canonical.com
    source:         RIPE # Filtered
    remarks:        rev-srv attribute deprecated by RIPE NCC on 02/09/2009
    
    organisation:   ORG-CAN1-RIPE
    org-name:       Canonical Ltd
    org-type:       OTHER
    address:        1 Circular Road
    address:        Douglas
    address:        Isle of Man
    address:        IM1 1AF
    address:        United Kingdom
    e-mail:         
    mnt-ref:        CANONICAL-MNT
    mnt-by:         CANONICAL-MNT
    source:         RIPE # Filtered
    
    role:           Canonical Ltd Admin
    address:        1 Circular Road
    address:        Douglas
    address:        Isle of Man
    address:        IM1 1AF
    e-mail:         
    admin-c:        LJ974-RIPE
    admin-c:        JT2256-RIPE
    admin-c:        NM1806-RIPE
    admin-c:        CJ1182-RIPE
    admin-c:        SS8542-RIPE
    tech-c:         LJ974-RIPE
    tech-c:         JT2256-RIPE
    tech-c:         NM1806-RIPE
    tech-c:         CJ1182-RIPE
    tech-c:         SS8542-RIPE
    nic-hdl:        CAN-RIPE
    mnt-by:         CANONICAL-MNT
    source:         RIPE # Filtered
    
    route:          91.189.88.0/21
    descr:          Canonical Route Object
    origin:         AS41231
    mnt-by:         CANONICAL-MNT
    source:         RIPE # Filtered

    Personally, I'm a bit concerned that any Linux distribution's live CD would mount your drives and automatically attempt to establish an outbound connection with a remote site, without even disclosing this attempted activity to you and without offering you the opportunity to either approve or disapprove of the action. I've observed this type of activity in both the Desktop and Server editions of Ubuntu Lucid Lynx / 10.04 LTS. To me, Ubuntu now represents a serious security threat.

    I just thought I'd pass this information along, because most people don't have the tools to detect this kind of activity going on during the boot-up cycle. I brought up these topics at the Ubuntu forums, but my concerns were being dismissed as those of an "alarmist." Apparently, everyone at the Ubuntu forums thinks that Canonical can do no wrong.

    If Microsoft were caught doing this sort of thing, people would be having a fit.
    "Stand back, I'm holding a calculator." - chinrest

    "I happen to have an original 1955 Stratocaster! The neck and body have been replaced with top quality Warmoth parts, I upgraded the hardware and put in custom, hand wound pickups. It's fabulous. There's nothing like that vintage tone or owning an original." - Chuck H

  • #2
    If I didn't know better, I'd say it was looking for automatic updates for the installer. This could be very useful for Canonical to deal with new installation issues as they come up in the field.

    Of course this is too dull to be a proper conspiracy theory, therefore what's REALLY happening is that Canonical are searching your hard drives for anything interesting they can sell to the NSA.
    "Enzo, I see that you replied parasitic oscillations. Is that a hypothesis? Or is that your amazing metal band I should check out?"

    Comment


    • #3
      You've got it right Steve, at one end of the spectrum is the alarmist conspiracy theorist who screams, "The sky is falling!", and at the other end of the spectrum is the totally complacent linux user who believes that linux can do no wrong, and automatically trusts anyone who has anything to do with linux.

      There's a wide space for middle ground between the paranoid and the naive.

      Suffice it to say though, that its inappropriate for any software to establish unauthorized contact with the outside world without first doing two things: a) disclosing that the contact is about to be made, and b) asking for your approval prior to performing the contact.

      Consider this -- I installed a copy of Ubuntu Server 10.04 on a testbed platform last week. I was considering using Ubuntu to set up an SMB server on a small LAN. During the course of the text mode install the software asked me what I wanted to do about updates. The choices were:

      a) fully automatic updates
      b) automatic security updates only
      c) no automatic updates / manual updates only

      I don't want my server performing any kind of unattended automatic updates, because I've had automatic updates break my server in the past. Its no fun having a server break for no obvious reason, and its not easy to trace the breakage to an automatic update. For reliability reasons, most IT people who set up a server follow the rule that says, "If its not broken, don't fix it." They won't tamper with them once they're up and running unless a problem crops up that needs to be addressed.

      I have a good firewall to protect me from the outside world, so automatic / unattended security updates don't seem necessary to me. I'm happy to review the updates and make my own decisions about them. For me, no automatic traffic corresponds to a much higher level of security than blindly trusting someone I don't even know to perform regular, unsupervised communication with my server.

      So I chose option (c), for fully manual, non-automatic updates. Having done that, I still caught the software trying to establish outbound connection with Canonical even though I told it never to update. My firewall logs for the server show the same type of entries that I posted above.

      I don't think that undisclosed communication with the outside world is acceptable, especially after you've chosen the option to prohibit that sort of activity, and the software has told you that it's going to honor your decision.

      Just to clarify the point that you were making about checking for automatic updates -- that's not what's happening. The Ubuntu CD is establishing contact with Canonical during the boot process -- at a time that this action cannot readily be detected, and prior to the time that it asks you whether you want to do a test drive or an install. Until you make the menu selection that says install, there's absolutely no reason for them to be "looking for updates" to the installer without asking your permission first.

      I guess this constitutes a philosophical difference in outlook between the average home user who is used to an insecure, desktop OS and the professional user who is used to working with a bona-fide secure system. The hobbyist / home user won't see a problem, where the professional IT user will see this as a deal-breaker when it comes to auditioning secure software platforms.

      I'm not trying to say that I'm a hardcore security nut, but I do have personal, non-public information on my hard disk that I don't want unauthorized people to be able to read. What's the point of encrypting a hard disk if a software vendor has complete access to your data once the OS is up and running? When that happens, your data isn't protected and you don't have security. You only have the illusion of security.
      Last edited by bob p; 05-06-2010, 06:32 PM.
      "Stand back, I'm holding a calculator." - chinrest

      "I happen to have an original 1955 Stratocaster! The neck and body have been replaced with top quality Warmoth parts, I upgraded the hardware and put in custom, hand wound pickups. It's fabulous. There's nothing like that vintage tone or owning an original." - Chuck H

      Comment


      • #4
        Originally posted by bob p View Post
        Suffice it to say though, that its inappropriate for any software to establish unauthorized contact with the outside world without first doing two things: a) disclosing that the contact is about to be made, and b) asking for your approval prior to performing the contact.
        Funny that you should say that. I was just installing the software for my new Epson computer. It told me to turn off my anti-virus software which I did. At the end of the installation process it went on-line to the Epson site so that I could register my scanner. Hello? Is anybody home?

        Thanks for the warning about Ubuntu. Have you posted your observation on any of the Ubunto forums? I think that the world needs to know!

        Steve Ahola
        The Blue Guitar
        www.blueguitar.org
        Some recordings:
        https://soundcloud.com/sssteeve/sets...e-blue-guitar/
        .

        Comment


        • #5
          Originally posted by Steve A. View Post
          Funny that you should say that. I was just installing the software for my new Epson computer. It told me to turn off my anti-virus software which I did. At the end of the installation process it went on-line to the Epson site so that I could register my scanner. Hello? Is anybody home?
          Its funny that they told you to turn off your antivirus software. That's a dead giveaway that they're going to do something you don't like! I can't understand how in the world they can justify doing something like that.

          When I built my own linux distribution and Live CD, I had thought about embedding a process to ping my server during the install process, just so I could get a feel for how many people were out there using the software. But I decided against it, as it was sure to be regarded as an invasion of peoples' privacy. So I never implemented any sort of tracking scheme. If I did it then I'm sure that my name would have become "Mudd" in the software community.

          Funny thing is that Ubuntu is doing at least as much as I had decided not to do, and probably more.

          Thanks for the warning about Ubuntu. Have you posted your observation on any of the Ubunto forums? I think that the world needs to know!

          Steve Ahola
          I did post my concerns on the Ubuntu boards. I was called an "alarmist":

          Ubuntu Server 10.04 LTS:
          [ubuntu] Server 10.04: How to Eradicate the MOTD System? - Ubuntu Forums

          I just noticed the same problem in the "Desktop" version:
          [ubuntu] Lucid Lynx 10.04 Live CD -- No Boot Menus? - Ubuntu Forums

          The funny thing Steve, is that I don't imagine this will go anywhere. People are either too trusting to care, too apathetic to care, or too unaware of the risks to care about backdoors being written into an operating system. Here's an interesting statistic: 1 in 3 Linux users is running Ubuntu. Its widely regarded as Linux for Dummies. My personal opinion is that it it an operating system that has been rendered insecure by intentional design.
          "Stand back, I'm holding a calculator." - chinrest

          "I happen to have an original 1955 Stratocaster! The neck and body have been replaced with top quality Warmoth parts, I upgraded the hardware and put in custom, hand wound pickups. It's fabulous. There's nothing like that vintage tone or owning an original." - Chuck H

          Comment


          • #6
            Its funny that they told you to turn off your antivirus software. That's a dead giveaway that they're going to do something you don't like! I can't understand how in the world they can justify doing something like that.
            I usually like when the software I'm installing actually installs. I guess to each his own.

            Oftentimes antivirus software will restrict other software from writing to certain directories and/or the registry. It's pretty common place to have to disable antivirus software when installing.
            -Mike

            Comment


            • #7
              Originally posted by bob p View Post

              If Microsoft were caught doing this sort of thing, people would be having a fit.
              don't MS OS "phone home" when you boot (if you are online)? They have a bunch of info don't they? From hotmail, sign-on IPs, date, time. Not just them but google, yahoo must have mountains.

              Comment


              • #8
                Ubuntu has a way of shipping/using broken packages. I have a friend that's responsible for a LOT of machines and when Ubuntu started doing that he went to Fedora. No problems since then!

                jamie

                Comment


                • #9
                  Originally posted by bob p View Post
                  The funny thing Steve, is that I don't imagine this will go anywhere. People are either too trusting to care, too apathetic to care, or too unaware of the risks to care
                  You're right. I'm certainly too trusting to care and too apathetic to care. Ubuntu is still my favourite distro. (Well, my second favourite after MacOS ) Canonical are commercially sponsored, so there'll be a strong incentive for them to collect usage statistics: that's a second possible explanation.

                  If you want it to go somewhere, then instead of doing a Chicken Little, I suggest you use Wireshark to capture and analyze what is actually getting sent back to the mothership, and post the results for us, and the rest of the blogosphere, to see. Maybe you'll find something interesting and catch Canonical with their pants down.
                  Last edited by Steve Conner; 05-07-2010, 10:29 AM.
                  "Enzo, I see that you replied parasitic oscillations. Is that a hypothesis? Or is that your amazing metal band I should check out?"

                  Comment


                  • #10
                    Steve, my curiosity got the better of me and I wasted a lot of time trying to determine how to disable canonical's MOTD functionality, just so I wouldn't have to deal with the SPAM messages that get printed onscreen every time that he performs a TTY logon. If you're an X user you'd never see them; they would just add to your boot-up time. If you're a console user you get spammed with an ad for canonical services every time that you log on.

                    Its annoying. Every time that a user logs onto the system via the console or via SSH there is a SPAM advertisement for canonical. On my boxes it causes an 8-second pause between the time that you enter the password and the time that you get to the command line. On every other distro I've ever used, there has been zero lag between password and command prompt. The lag in logon time is very annoying.

                    Just about every other distribution uses a user-configurable text file (such as /etc/motd) to display the message of the day. If you don't want an MOTD you just erase the text file. the Ubuntu system is quite different. Its very complex. There are a series of nested scripts that get executed every single time that a user logs onto the system. This happens regardless of whether the user logs onto a console (runlevel 3) or via a GUI (runlevel 5).

                    the problem is that none of this functionality can be disabled by the system administrator. its hard-coded into the system. these scripts will run and there is nothing that an ubuntu user can to do stop them, short of removing the offending source code and recompiling. instead of just putting the content into /etc/motd, the ubuntu system is so obfuscated that there's no practical way for a user to stop what's happening. essentially, you're given the choice of doing it canonical's way and liking it, or going somewhere else.

                    from a perspective of fundamental respect for the user, that's just plain wrong. linux is about choice, isn't it? with ubuntu the user isn't offered any choice about what happens on his computer, canonical's phoning home just happens whehter he likes it or not, and it happens in the dark, behind the user's back. the problem isn't so much that this is happening -- the problem is that this activity goes on behind the user's back with no disclosure. to be fair, ubuntu should disclose to the user that his computer is going to be used to disclose information to the outside world, and he should be given the opportunity to opt-in or to opt-out.

                    i can understand complacency among desktop users. normally this wouldn't be a big deal, but life is very different on a desktop OS than it is on a server OS. i first encountered this problem when i was performing a proof of concept test install for ubuntu server 10.04. i had set up a number of different server distros side by side to see which one we were going to deploy. only in troubleshooting this problem with 10.04 did i come to realize that this has been going on in ubuntu desktop for a long time.

                    more...
                    "Stand back, I'm holding a calculator." - chinrest

                    "I happen to have an original 1955 Stratocaster! The neck and body have been replaced with top quality Warmoth parts, I upgraded the hardware and put in custom, hand wound pickups. It's fabulous. There's nothing like that vintage tone or owning an original." - Chuck H

                    Comment


                    • #11
                      another problem is that the OS is forced to execute a non-essential disk bound process every time that any user logs on. having a unix-type system force itself into a disk-bound process every time that a user logs on is inherently dangerous from the standpoint of system reliability. it takes fault tolerance to an all-time low.

                      suppose that your server is acting up and the sysadmin has to log on from remote to diagnose the problem. then he can correct a software error remotely or dispatch the hardware team to go to the data center. the sysadmin makes a remote logon via a VPN or SSH... and before he gets taken to the command line, ubuntu proceeds to execute a number of disk-bound script processes. these processes don't have anything to do with server maintenance, they just collect statistical information for canonical. because one of the hard disks is down on this machine, the logon process fails on the disk bound scripting task. the sysadmin can't log on from remote and someone has to make a trip into the datacenter. all of this happens only because the server is performing non-essential tasks in collecting statistical data for canonical. of course, this kind of system failure is a disaster for everyone involved, except for the company that bills for the trip in to fix the system.

                      this wouldn't be a big problem if this kind of script execution only happened for the superuser. but these scripts get executed every time that ANY USER logs onto the system. this kind of setup is inherently unstable and just isn't tolerable in a linux distro that's attempting to market itself as an enterprise class server.

                      ubuntu's stand on this is that the MOTD system is there for the convenience of the sysadmin. during every logon, the system checks for updates and provides up-to-date statistics for review. as a sysadmin, I don't want to see update info every time that i log onto a box. and i certainly don't want to have to wait for an update check every time that i log onto a box. that's just a waste of my time that happens over and over and over again. i don't want to wait 8 seconds every time that i perform a logon. over the course of years, that wastes a lot of time. even worse is that in addition to doing this for the superuser, the system does this for every user account. there's just no need to look for updates every time that any user logs onto the system. its a waste of time. And there's no reason to present this kind of system information to every non-privileged user. what's the point of telling users that an update is available if they're not authorized to perform them? its a waste of user time. computers are supposed to work for us and make out lives easier. instead of having machines wait on (serve) people, now we've got people waiting on machines -- to perform tasks that should be done in the background. what a stoopid design.

                      more
                      "Stand back, I'm holding a calculator." - chinrest

                      "I happen to have an original 1955 Stratocaster! The neck and body have been replaced with top quality Warmoth parts, I upgraded the hardware and put in custom, hand wound pickups. It's fabulous. There's nothing like that vintage tone or owning an original." - Chuck H

                      Comment


                      • #12
                        your wireshark idea is a good one. but i'm not going to put in the effort as a crusader for the blogosphere, and our ubuntu installations have already been purged. unfortunately, i let my curiosity get the better of me, and i wasted a lot of time troubleshooting an installation that just wasn't suitable for deployment. rather than wasting more time polishing a turd, i chose the easy way out -- i gave Ubuntu Server a FAIL and went with a real enterprise-class system instead.

                        this is not to say that i'm down on ubuntu -- they are pushing linux development forward (sort of) and they make a really nice desktop setup and it makes linux very accessible to the n00b. unfortunately their support of the "Long Term Support" versions is a joke. there's a problem in the LTS version of the desktop that causes lockups on shutdown if you've got mounted samba shares. they found the problem and rather than fixing the code in the LTS release, they just fixed it in the STS release and advised everyone to migrate to the short term release. such failure to fix problems in an LTS release just isn't acceptable, and it indicates that even ubuntu's LTS offerings are nothing more than an amateur/hobbyist OS that can't be deemed as reliable for serious use.

                        i only mention this phoning home problem in relation to the desktop distro because i think its important for people to know what's going on behind their backs so that they can make an informed decision about their software choice.

                        ubuntu's server distribution just isn't an enterprise class offering. it turns out that this is a pretty well-recognized fact in the IT industry. other people here have suggested fedora. if you're willing to commit to a desktop OS that's so bleeding edge that it forces you into a 6 month lifecycle, its a good option. for deployment servers that are expected to run with 100% reliability for years, there's a reason that everyone prefers RHEL / CentOS.
                        Last edited by bob p; 05-16-2010, 06:46 PM.
                        "Stand back, I'm holding a calculator." - chinrest

                        "I happen to have an original 1955 Stratocaster! The neck and body have been replaced with top quality Warmoth parts, I upgraded the hardware and put in custom, hand wound pickups. It's fabulous. There's nothing like that vintage tone or owning an original." - Chuck H

                        Comment


                        • #13
                          Yeek! OK Bob, you win. I didn't know any of that

                          The last time I installed Ubuntu Server was 8.x and they hadn't started the Spam Of The Day console thing.

                          At my old university research group, they started to embrace Linux about the time I joined. By the time I left, they were installing Red Hat on the Sun workstations to avoid paying the Solaris maintenance contract.
                          "Enzo, I see that you replied parasitic oscillations. Is that a hypothesis? Or is that your amazing metal band I should check out?"

                          Comment


                          • #14
                            Its just about what works best for your personal preferences. I'm just trying to find a tool that makes the job easy, does what I want it to do, and doesn't do anything that I don't want it to do.

                            To be fair, I have to admit that I'd been using Ubuntu on the desktop for several years, ever since I stopped using Gentoo. Ubuntu did offer lots of functionality, ease of use, and not that many headaches. It was a welcome change after years with Gentoo.

                            For me Ubuntu has some deal breakers that made me want to look elsewhere -- like the lack of centralized control over developers and the crappy support for LTS releases. I'm willing to trade off the bells and whistles that come with a bleeding edge distro in order to obtain stability. Right now RHEL/Centos is looking really good from the stability standpoint. For servers its great, For the desktop its good, though its not bleeding edge like Fedora.

                            Personally, I spend too much time maintaining stuff to be able to tolerate high maintenance installations. I'm just looking for stuff that you can install and let it run for years without any problems. To me, there's a lot to be said for an OS that is stable, doesn't require frequent updates, and will be fully supported for 5-7 years.
                            "Stand back, I'm holding a calculator." - chinrest

                            "I happen to have an original 1955 Stratocaster! The neck and body have been replaced with top quality Warmoth parts, I upgraded the hardware and put in custom, hand wound pickups. It's fabulous. There's nothing like that vintage tone or owning an original." - Chuck H

                            Comment


                            • #15
                              Originally posted by bob p View Post
                              Personally, I spend too much time maintaining stuff to be able to tolerate high maintenance installations. I'm just looking for stuff that you can install and let it run for years without any problems.
                              In that case I strongly recommend that you try out Vista.

                              Steve Ahola
                              The Blue Guitar
                              www.blueguitar.org
                              Some recordings:
                              https://soundcloud.com/sssteeve/sets...e-blue-guitar/
                              .

                              Comment

                              Working...
                              X