Linux recommendation for some old laptop

[Dat Guy]

Just now, Zando Bob said:

IDK what SSH is

 

ps aux | grep ssh

 

Just now, Zando Bob said:

and those exploits won't really hurt your computer as long as you are smart and keep it up to date

 

... after a patch has been issued (could be a decade or more after the problem was introduced) - which is: after the bad boys know that you're vulnerable.

 

Do not underestimate the black market. Daily is too late.

 

Just now, Zando Bob said:

Though OpenBSD looks pretty cool... will it run in VirtualBox? 

 

It will.

[Zando_]

1 minute ago, Dat Guy said:

It will.

Goody! Though it looks like it's nowhere near as user friendly as Ubuntu or it's variants. There isn't a download button or anything as far as I can see. 

[Dat Guy]

It might not take your hand, but it "just works". 

 

Download details:

https://www.openbsd.org/faq/faq4.html#Download

[ringo]

So what is the conclusion? Windows, Linux or OpenBSD? I already installed Xubuntu (no antivirus, I will install some security extensions in browser), shall I leave it or to reinstall something else?

[DnFx91]

lol just got back from work, this thread still hasnt gotten anywhere useful. OP just use linux, it's fine, lubuntu, rasbpian whatever. 

[DnFx91]

4 minutes ago, ringo said:

So what is the conclusion? Windows, Linux or Ubuntu? I already installed Xubuntu (no antivirus, I will install some security extensions in browser), shall I leave it or to reinstall something else?

by the way, linux covers a bunch of OS's including Ubuntu, if someone says linux they mean one of about 50 OS's  but mainly ubuntu, debian, mint and a few others.

 

In the spirit of forums, i'll say give BSD a try like @Dat Guy says, but the consensus is clearly that you should get a lightweight linux OS, and ignore people who just want to talk about their area of expertise.

[Dat Guy]

So ignore people who keep talking about Linux.

The consensus is that you should use what does the job best. For old hardware, that rules out Windows and most Linuces. 

[noahdvs]

8 hours ago, ringo said:

So I should put amd64 version because laptop have 4GB ram?

Not necessarily. A 32 bit system can also use 4GB of RAM, but no more than that. You should find out what your CPU is and if necessary, search for information about it if you still don't know if it's 64 bit or 32 bit.

[noahdvs]

If you're comfortable with trying it, OpenBSD is a good OS, but you should be aware that Linux isn't as bad as what Dat Guy says and it'll be easier to get help for Linux since the Linux community is much larger. He's a smart guy, but he's a bit of a fanatic when it comes to his opinions on some things (I'd say no offense, but I don't know if that's worth anything since I just called Dat Guy a fanatic). Linux is fine. The problem with systemd is that it does more than what an init system should do (it doesn't follow the Unix philosophy), but you're not likely to notice it, especially as a newbie. It did solve some real problems which is why it's being used, but it brought some of its own with it. There are Linux distros that don't use systemd (Alpine Linux, Devuan Linux, Gentoo, Void Linux), but most major distros and most of their derivatives, all use systemd. If you already have Xubuntu installed, just stick with it. Learn to use it and some of those skills should be transferable to any other Unix-like OS you choose to use.

[TheLagDidIt]

10 hours ago, ringo said:

I will try  Does OpenBSD have good protection against viruses like Linux? 

linux doesn't have protection, it is just safer because so few people write malware for desktop linux. it is the same reason macs are particularly vulnerable to attack 

[Dat Guy]

1 hour ago, TheLagDidIt said:

it is just safer because so few people write malware for desktop linux.

With Linux being on a majority of web servers, it has become a worthy target.

[noahdvs]

2 hours ago, Dat Guy said:

With Linux being on a majority of web servers, it has become a worthy target.

Yes, servers are a worthy target, but Linux PCs are not. Most of the packages users will install come from the distro's default repositories which are tested. For any software not in the default repositories, you do have to take a bit of risk, but the risk is still very low. That doesn't mean it couldn't happen, but the OP would probably have to search for a Linux virus and intentionally install it to get infected. Rather than continue speculating about the likeliness of an infection, I think it would be more helpful for me to actually provide information about Linux malware.

 

https://help.ubuntu.com/community/Linuxvirus

Keep in mind this was last edited on 2011-04-09

 

https://en.wikipedia.org/wiki/Linux_malware

 

Here are some basic security tips for new Linux users, but they are useful in general:

https://wiki.ubuntu.com/BasicSecurity

[Dat Guy]

Here's recent Linux non-server malware news:

 

http://www.zdnet.com/article/linux-malware-enslaves-raspberry-pi-to-mine-cryptocurrency/

https://www.scmagazine.com/linux-malware-gaining-favor-among-cybercriminals/article/671935/

http://www.pcworld.com/article/3199106/linux/the-sambacry-scare-gives-linux-users-a-taste-of-wannacry-petya-problems.html

[noahdvs]

You're right, I forgot about IoT, but that's another point of interest for people making Linux malware. I'd like to point out a few things though...

1 hour ago, Dat Guy said:

Here's recent Linux non-server malware news:

 

http://www.zdnet.com/article/linux-malware-enslaves-raspberry-pi-to-mine-cryptocurrency/

Quote

Older Raspberry Pi devices, such as this Raspberry Pi 2, may be more vulnerable to the malware if they haven't been updated in a while.

 

It targets Raspberry Pi boards with the default login and password, which are 'pi' and 'raspberry', respectively.

IoT, not Linux PCs. Not surprising that not getting security updates leads to vulnerability. Also not surprising that using a weak password leads to vulnerability.

Quote

https://www.scmagazine.com/linux-malware-gaining-favor-among-cybercriminals/article/671935/

Quote

“Linux attacks and malware are on the rise. We believe this is because systematic weaknesses in IoT devices, paired with their rapid growth, are steering botnet authors towards the Linux platform,” the report stated.

 

The report noted that 99.99 percent of all Linux malware was delivered over the web during the first quarter, with only eight of 419,367 coming in via email or by FTP. This is due to the majority of attacks hitting IoT devices, which rarely have access to email, but are always connected to the web.

However, despite the growing usage of Linux, this threat vector was supplanted as the most frequently used threat vector being replaced by FakeAlert, which literally issues fake alerts to its victims to entice them to click on a malicious link.

Aimed at IoT devices, not Linux PCs. As for the last bit, the way to protect against infection via social engineering is education and getting into good habits. An uninformed user can be as bad as an actual virus for their PC.

Quote

http://www.pcworld.com/article/3199106/linux/the-sambacry-scare-gives-linux-users-a-taste-of-wannacry-petya-problems.html

Quote

SabmaCry is not malware like WannaCry or Petya. Instead, it is considered a vulnerability, which presents malware with a possible avenue for attack. The vulnerability–officially called CVE-2017-7494–was named SambaCry due to similarities to the vulnerabilities that WannaCry took advantage of.

Not actual malware, just a vulnerability, though that's not an excuse for the fact that it existed. If you don't use Samba, you're not going to be infected.

 

[Dat Guy]

Pretty sure that malware won't check if it infected a PC or an "embedded device" before unwrapping its payload.

[noahdvs]

9 minutes ago, Dat Guy said:

Pretty sure that malware won't check if it infected a PC or an "embedded device" before unwrapping its payload.

It's not about which system it's running on, it's about what system it will actually reach and what people actually want to target. You can't even run software compiled for ARM processors on AMD64 processors without using a vm or emulator. Linux PCs aren't even run the same way as IoT devices. They don't have the same systematic weaknesses that IoT devices may have. Linux PCs have lots of security features integrated (unless you chose not to use them like Arch or Gentoo users might). IoT devices need their software to be as light as possible.