Is there anything to be gained in having Linux run in UEFI mode?

[m654321]

I am curious to have your opinions (with reasons) on whether you think there is anything to be gained (or not) by having Linux run in UEFI mode in modern PCs, either alone or within a Windows dual-boot, assuming the PC has the facility to select between either BIOS (CMS) or UEFI mode. 

I myself am unsure and feel a bit inexperienced to have any firm opinion on this.  I had always assumed that having a signed Windows OS made it at least a bit more secure, particularly against potential malware attacks to the registery (though I suspect that Microsoft may possibly have exaggerated their claims for UEFI's protective effect as part of their marketing).

Quidsup, a network security analyst by profession, who posts regularly on his YouTube channel at https://www.youtube.com/user/quidsup,  estimates that antivirus/malware software is only 20% effective at most.  Apparently, malware in applications such as flashplayer is immune to antivirus software.  Incidentally, he describes Adobe Flashplayer as "having more security holes than a collander" for which his solution is simply to remove it  from your PC whether you have Windows or Linux...

Linux seems fairly robust against malware, though of course it's not entirely immune - I have had one incident of  malware infection (see https://www.freecinema2022.gq/forums/other...0/#msg4960).  In a dual-boot set-up, could some Windows malware crossover and infect Linux, e.g. through file-sharing - I have heard this might be the case and some malware can infect both platforms? Could UEFI have some beneficial effect here for Linux, in protecting the registry, as with Windows OS?

Many thanks for your views...
Mike 

[Kyle]

I don't think having UEFI enabled will provide a huge benefit, in fact, the beneficial results are questionable. However, I am not very experienced in the UEFI field of things... But, I can tell you that Linux has impeccable security compared to Windows. If you are a heavy downloader (like myself) and you are downloading content (videos, games, etc.) you should look into getting a anti-virus but the chances of getting infected on a Linux system, even without protection is slim to none. Nonetheless, should you feel a need to have an anti-virus, ClamAV is generally recommended for Linux systems as it is open-source and has been around for some time... If you don't like working with the command line (which is required to use ClamAV) you can always resort to using ClamTk. ClamTk is an open-source GUI for ClamAV which gives you the ability to manage all of the functions of ClamAV from a nice looking GUI that is semi-regularly updated.

[m654321]

I don't think having UEFI enabled will provide a huge benefit

Any thoughts on why you think that or is it just an intuitive gut feeling?  I am particularly interested to know if there is any concrete benefit to be gained from an antivirus/malware/general security perspective ...

Nonetheless, should you feel a need to have an anti-virus, ClamAV is generally recommended for Linux systems as it is open-source and has been around for some time...

I have always used a proprietry antivirus for both Linux and Windows on my main PC (the 1st set-up mentioned in the footnote below), purchased from ESET, though have also used the ClamAV.  ESET AV appears to do it's job in warning & blocking my access to potentially risky sites though, like any AV, I don't really know how effective it really is.  Even if AV software is only 20% effective (as mentioned by Quidsup on Youtube), I personally think that's still worth it. I think the rest is down to sensible housekeeping, i.e: avoid suspicious websites, be careful where you download files or apps from,  delete suspicious e-mails & don't click on their links, avoid software that's malware-infected (Adobe Flashplayer), etc.  I wondered if UEFI might be one more tool in the armoury for protection against any kind of malware...??

Mike

[Kyle]

Any thoughts on why you think that or is it just an intuitive gut feeling?  I am particularly interested to know if there is any concrete benefit to be gained from an antivirus/malware/general security perspective ...

I have had some friends, with newer machines, have issues with UEFI, but I have read that if you are able to get it to work it may or may not be beneficial against protecting against rootkits. Generally, such issues aren't common, especially since you seem to be a knowledgeable computer guy.

I have always used a proprietry antivirus for both Linux and Windows on my main PC (the 1st set-up mentioned in the footnote below), purchased from ESET, though have also used the ClamAV.  ESET AV appears to do it's job in warning & blocking my access to potentially risky sites though, like any AV, I don't really know how effective it really is.  Even if AV software is only 20% effective (as mentioned by Quidsup on Youtube), I personally think that's still worth it. I think the rest is down to sensible housekeeping, i.e: avoid suspicious websites, be careful where you download files or apps from,  delete suspicious e-mails & don't click on their links, avoid software that's malware-infected (Adobe Flashplayer), etc.  I wondered if UEFI might be one more tool in the armoury for protection against any kind of malware...??

I don't think UEFI helps in terms of viruses/malware, maybe rootkits, but not viruses/malware. And the only reason I suggest ClamAV/ClamTk is because it is free and open-source which many of us, Linux users, prefer. For extra protection (for your browser) use Firefox and use some tools such as Disconnect, uBlock Origin, Self-Destructing Cookies and HTTPS Everywhere. This will usually protect your browser enough to not even need ESET. I personally ran without a anti-virus for a little while and I do download files in video format without an issue, even though it is possible to get a virus from some video formats, I have not encountered an issue. It may be a smart thing to run certain things Sandboxed like your browser or IRC client (for example).

[m654321]

You've given me food for thought - I'm learning something new here every day...
Thanks Kyle.

Cheers
Mike

[N4RPS]

Hello!

For ME, the benefit is NOT having to switch the BIOS settings back and forth between Legacy and UEFI all the time...

73 DE N4RPS
Rob

[m654321]

Hello!
For ME, the benefit is NOT having to switch the BIOS settings back and forth between Legacy and UEFI all the time...
73 DE N4RPS
Rob

Yep - that is certainly a benefit - I'm definitely with you on that one! 
But is anything significant lost by running in CMS mode on an UEFI computer?  :-\

Mike

[trinidad]

The most common attacks against Debian are brute force root attacks from bots linked to worms present all over the Internet, common to all commercial sites. Look in... /var/log/messages at how many failed root logins are there. Ubuntu may be .../var/log/auth.log if log setting are verbose. Java sped up internet development but of course left millions of opportunity for information exploitation. The most important setting in Debian is...
# Authentication:
PermitRootLogin no
StrictModes yes
... which is why Debian installs that way to begin with. Sudo user access, with non-root password cannot remotely usurp the system in the same way, and not without being noticeable as it happens. Brute force attempts can be site identified and blocked using SSH access tools. Ubuntu is essentially less secure than pure Debian only in the sense that it is more user enterprise friendly, more exposed to Java applications etc. There is no real security benefit to Debian in having UEFI, but some arguable authentication benefits for windows.

UEFI only really evolved because of the growth in disk size beyond 2T, again a problem which Debian could have solved in another way, but the consumer market, and the random top heavy programming style of windows caused its commercial inevitability. The rush of CPU power, and huge disk size in the consumer market is close to its apex now, mainly due to internal CPU instability, and home PC's are losing ground to tablets and netbooks and cell phones. UEFI is here to stay for windows only because BIOS systems are essentially obsolete for powerful home use windows machines. OEM CSM's are disappearing as I write.

That said I would add, that windows cloud systems are really a take on the old mainframe / terminal emulator workstation office systems of the eighties. Tablet devices fit very nicely into this future though anachronistic MS model. Soon (less than ten years) windows consumer computing products will be in the $50 to $500 range, and the money will be made on monthly cloud service computing charges much like the cell phone industry model. The cloud server will do the work, and the storage, and the windows home device will pay for time for program application activation and usage as a cloud service, and the computing power will be just as robust, and even more cloying of your private information. Buying and selling on the Internet is about making money. Information spying will return to in house MS propriety where it began in the first place. I cannot see any future scenario that allows Ubuntu to remain free of proprietary and/or governmental encumbrances. Viruses, bots, worms, mal-ware, spy-ware, etc. are all the product of information gathering, here to stay, and hardly outside the fundamental philosophy of computing in general, which is essentially learning more about ourselves and our world. We are going to know each other a lot more intimately than perhaps we want to in the future, but it is certain we will... PermitRootLogin...no. for now I guess. Enterprise built the WWW, not Debian, and MS essentially ignored the cell phone market for a reason.

Build a false information node for your SSH remote connections, and collect your own data from brute force attackers. Turnabout is fair play, and even free enterprise within the MS paradigm. Finally UEFI adds no security to base Debian whatsoever, just an awkward OEM polluted way of GUID handling. The U stands for any hope of a consumer/home free Linux future in the MS world. It is ridiculous to believe that OEM CPU's, mobo's, and SSD's cannot be built to deny the use of Linux with them. Of course they can. The market is not ready for that yet, but it will be. It's business friends, and it drives our future, whether we want it to or not. We are entering the age of petaflops. Information security will inevitably become the purview of corporate entities, and governments only, and simply passe, and/or impossible for the home computer.

Trinidad     

 





   

[Dookus]

From what I've found the technology ultimately gives little security to the OS, it is used by some manufacturers to lock out the option of installing another OS, and M$ use it to stop pirated versions of their products being used, it can in some cases help stop rootkits, but it has been overcome by phreakers already, personally I don't have a use for it

[N4RPS]

Hello!

and M$ use it to stop pirated versions of their products being used,

If that was truly M$'s attempt, then they've failed miserably...

73 DE N4RPS
Rob