Linux Secure

 Now that I've been back in the Linux fold for a few weeks, I'm coming to recognize a sense of comfort—comfort that the operating system is fast, stable, and surprisingly user friendly, but also that it is very secure. In fact, desktop Linux distributions are among the most secure operating systems out there, and many users don't feel the need for antivirus or anti-malware software, and with several good reasons:

Small market share—The largest target for malware is, not surprisingly, the  largest desktop operating system by market share. Windows attracts the lion's share of  malware attacks, but what's engineered to infect Windows machines will not necessarily have any effect on an identical piece of hardware running Linux. Thinking like a malware writer for a moment, it's easy to see that if one wishes to do the most damage, Windows would be the target of choice. And not only is the desktop Linux market share infinitesimally smaller than that of Windows, it is also far more fragmented. Not every desktop Linux user runs the same distribution, and what might potentially affect one distribution might not affect another, so many malware authors will simply not see it as worthwhile. But small market share does not necessarily make an operating system inherently more secure.

Safer protocols—Desktop Linux distributions are also safer because of their operating protocols. First and foremost is that most desktop Linux users do not routinely stay signed into a root (administrator) account by default. If they need to perform an operation that requires root access, they sign in and then sign back out. Windows and Mac OS, by comparison leave users permanently signed into administrator accounts by default. Although they can—and should—create an additional non-administrator account for daily use, most Windows and Mac OS users do not bother to do this because it is less convenient. What users do not realize is that by doing this, they leave their computers more open malware attacks, designed to exploit administrator/root privileges.

Another de facto safety measure is how desktop Linux users acquire their software. Because most Linux software is free, most end users never look beyond the software repositories provided by their Linux distribution. Since all the software there has been vetted by those who maintain it, one can generally rely on it to be safe. By comparison, many Windows and Mac OS users will download software from less legitimate sources in search of a deal. This increases the chance of ending up with an infected copy. 

Linux is bigger than you think—While the desktop Linux market share is very tiny, and divided up between a number of different distributions, Linux itself is surprisingly pervasive. From large server farms to smart phones and appliances we may not even consider to be computers, Linux is everywhere in various forms. As a result, malware actors may be more likely to target large Web servers running on Linux than they would individual users. It also means operators of large server complexes, whether they are fueling eCommerce, hosting Websites or email, or supplying desktop Linux users with software, are going to necessarily exercise greater caution. 

Where individual users are more likely to run into malware attacks is on devices they don't even know are running Linux, including Android phones and tablets, smart TVs and set-top boxes. Unfortunately, there is little that end users can do to protect against such attacks, other than to make sure such devices are kept updated.

Also potentially a growing target is Chromebooks, which run a highly customized version of Debian Linux, and can run both Android and Linux apps, in addition to its own native version of the Chrome browser. This may become an increasingly attractive target for malware actors, given that the Chrome OS market share surpassed Mac OS during the COVID pandemic.  

Is antivirus/anti-malware software necessary on Linux?—This is a simple question with a complex 'yes and no' answer. If you're running a Linux-based server farm, then the answer would be a definitive yes. Those servers need to be protected. Meanwhile, individual users are reasonably safe—not completely immune, but reasonably safe—from malware attacks. That said, a little caution never hurts to exercise a little caution. There are free antivirus packages, like ClamAV, that can help with this effort, but just as importantly, users should keep their software updated to minimize vulnerabilities, and make sure only install software from trusted sources.

It's a dangerous world out there for Internet-connected computers, but as operating systems go, most desktop Linux distributions—I'm using Linux Mint on two laptops—are about as safe as it gets, which is yet another reason to consider upgrading from Windows.

A Unifying Experience

I am a pretty easy going individual, and there are few things I am truly picky about, but one of these things is computer input devices. For a long time, I mainly used whatever came with the computer, but that has changed over time. The first revelation came almost 25 years ago, when I purchased a PowerMac G4, and instantly came to hate the truly awful hockey puck-shaped mouse. The day the computer arrived, I ran to Office Depot and picked up a Logitech Marble Mouse trackball. It was an ergonomic wonder and worked nicely with my small desk space, since I didn't have to physically shift it around to move the pointer on the screen. I still have that mouse and all these years later, it still works flawlessly. I will say that I did eventually make peace with that hockey puck mouse by attaching a snap-on cover that gave it a more conventional, albeit chunky shape, but by that time, I had fallen in love with the trackball.

Since that time, I've become increasingly loyal to Logitech input devices, because keyboards and mice form the connection between the computer and my brain, so it is vital that they are comfortable and robust. It may sound like circular logic, but I have come to rely on them precisely because they are highly reliable—well built and thoughtfully designed. Another feature that makes them my go-to brand is the Unifying Receiver, identified with an asterisk logo, which allows multiple Logitech devices, similarly marked with an asterisk, to connect to a single receiver, leaving other USB ports open. This ecosystem is also useful because in the event that a keyboard or mouse fails, the receiver is most often still good. This makes it feasible to pick up compatible second-hand input devices on the cheap at thrift stores, etc. Sometimes they come with a receiver and sometimes they don't, but the Unifying Receiver makes that almost irrelevant—and equally easy to forget about.

My most recent Logitech acquisition is an MK270 keyboard and mouse combo, which I picked up at a thrift shop in its original box for about the price of a fast food meal. A check on Logitech's Web site shows this to be a price leader package, retailing for about $28, so I found this one for a little less than half price. The package included a K270 full size wireless keyboard, an M135 compact wireless mouse, and a USB receiver, paired with both devices. The keyboard is nicely designed, very quiet and comfortable to use, with a pleasant, soft touch on the keys and minimal clacking. Some people love noisy mechanical keyboards, but honestly, I don't need my computer to sound like a manual typewriter. The only feature I see that it lacks is a PC lock key. Other than that, it has everything I could want in a keyboard. The mouse is a compact, 'portable' model, not quite as comfortable to use a full size mouse like the M310 or M510, but it's all that not bad, either. I've definitely used much worse. 

The biggest disappointment of this package is the USB receiver, which is not marked with an asterisk and is thus not of the Unifying variety.  That said, both the keyboard and mouse are paired with it, and thus, it satisfies my needs for my work laptop. In the office, the computer is connected via a USB-C cable to a full size monitor with a built-in docking station, which also acts as a charger for the laptop and provides wired Ethernet and video connections. Also connected to the laptop is a wired Logitech Trackman Wheel trackball device. I have the keyboard and mouse connected directly to the laptop via their shared USB receiver, but I seldom use both devices simultaneously. I use the keyboard when I'm at my desk and I use the mouse with the laptop when I have it away from my desk. This will continue to be a useful combination, despite the lack of a Unifying Receiver system. The only thing that could undermine that functionality is if one of the paired devices were to become lost or damaged.

While this is not the dream combo I might have hoped for, it gets the job done despite its shortcomings.

Coming Home to Linux

After more than two years of playing with Chromebooks and trying to make them behave like Linux computers, I finally came to the acceptance that what I really wanted was a true Linux computer. Yes, ChromeOS is based on Debian Linux, which is why it wasn't too hard for the folks at Google to create a Linux "developer environment", called Crostini, on which to run Debian Linux applications. That has actually become one of my favorite aspects of ChromeOS. But at the end of the day, it just doesn't quite get the job done. Linux apps run in their own 'walled garden' and they take up an inordinate amount of system resources on notoriously scantily equipped machines. 

I have used various Linux distributions in the past, on decrepit hardware that was just a step or two away from e-waste, but the Chromebook experience got me to wondering what it might be like to run Linux on reasonably up-to-date hardware. I recently took the opportunity to find out by purchasing Dell Latitude 7490 notebook computer with Linux Mint installed. This computer is a few years old, but was a fairly high-end machine when it was new, equipped with 16GB of RAM, 1TB solid state drive, and an Intel Core i5 eighth generation processor. and is still fairly respectable today, so the Linux experience on it is a revelation, to say the least. 

I’d had the same model computer on my desk at work for a few years and liked it. Even running a ridiculously locked down version of Windows 10, it was a very quick and capable machine. Running Linux Mint 21, which puts much lighter demands on the hardware, it is closer to amazing.

Even in the short time I’ve had this machine, I’ve been very favorably impressed with its performance, and it has made me realize that some of my former frustrations with Linux have had more to do with the hardware I was running it on than with the operating system itself. I have also been pleasantly surprised with how user friendly Linux Mint has become over the years. In some ways, it matches or surpasses even Windows or Mac OS. Case in point—the minute I logged this computer onto my home WiFi network, it automatically detected both of my networked printers and installed their drivers. This is a far cry from my first Linux experiences, where almost every function had to be manually configured from the terminal. 

The only legitimate concern one might have about Mint, or any other flavor of Linux, might be the lack of availability of commercial software like M$ Office, but the truth is there are equivalents readily available like LibreOffice, and even a Web apps like Micro$oft 365 and Google apps make the chasm between Linux and other proprietary operating systems much smaller than it used to be. The truth is, the more I use this Linux Mint-equipped Dell, the more I become convinced that desktop Linux far more ready for prime time than ever before. Of course, I also acknowledge that my much more favorable impression of Linux Mint may also be a result of the struggles I have recently experienced, trying to make a Chromebook behave like it's running a desktop Linux distro, a task at which it is doomed to fall short.

In fact, I was so impressed with Mint on the Dell that I used the USB recovery flash drive that came with the computer to install Mint on an older HP laptop that came with Windows 10 and does not meet the minimum specs to upgrade to Windows 11. I'd had it in mind to put Linux on it when support for Win10 ends two years from now in October 2025, but this experience prompted me to accelerate that timetable and set it up as a dual-boot system. The curious thing has Windows fought me every step of the way. 

On the first installation attempt, I rebooted the computer to complete the process and Windows disabled Linux Mint. I thought it had been removed, but when I attempted to reinstall it, I found Linux was still present, so I went into BIOS, disabled Secure Boot to prevent the system from ‘defending’ itself against Linux. I have the dual boot working, although the process is a bit convoluted. The laptop still boots into Windows by default, without presenting an option to choose Linux Mint, but I can choose the alternative system by holding down the F10 key at startup to access a boot options menu, in which Linux Mint (curiously identified as Ubuntu) is the second option on the menu. The final challenge to making the HP a Linux laptop was to move "Ubuntu" to the top of the boot list, which required another trip into BIOS. The system now presents the boot options menu on startup by default, and the first choice on the list is now "Ubuntu", aka Linux Mint. It took a few tries, but I finally won the battle.

Linux Mint has breathed new life into that old HP laptop, and while it’s not quite as good as it is on the Dell, the machine does not bog down the way it does under Windows. Since a Windows 11 upgrade will never happen on my HP laptop, the time will eventually come when it and Windows will need to part ways entirely, making Linux the obvious upgrade path beyond Windows 10’s October 2025 expiration date. Realistically, that day may be coming sooner, rather than later. I’ve begun what I anticipate to be an extended test of Linux Mint on that HP laptop, and I have no doubt I will be able to get a few extra years of use from it as Linux device, and likely enjoy it more than I did when it was running Win10. 

Update (four months later):  Now that I have been using Linux Mint again for a third of a year, something unexpected has happened. I had expected the Dell Latitude 4790 laptop running Linux Mint to be a secondary machine supplanting the Chromebooks mentioned above, and that my daily driver, an aging MacBook Pro, would continue to be my primary machine. This is not exactly what happened. Surprisingly, the Dell has largely supplanted the MacBook Pro to become my de facto daily driver. 

Also along the way, the aforementioned HP laptop has been retired in favor of a second Dell Latitude 7490. The experience with the first one was so good positive, I opted for another one.

The Linux Mint user experience has always been a good one, but in its most recent iterations, it has become so intuitive and user friendly that for me, it rivals Mac OS in many ways, and far exceeds that of Windows. In fact, I seldom even consider what operating system I'm using. The novelty of using Linux has largely worn off, leaving in its place a sense of comfort and familiarity that allows me to be far more productive. 

A Self-Starter

 My daily driver car is a 2013 Buick LaCrosse with 2.4 liter eAssist hybrid engine. It wears no "Hybrid" badging, and the only way to distinguish it from the more common variant, which has a 300hp 3.6 liter V6 under the hood, is the rear bumper, which lacks the dual exhaust cutouts the V6 models sport.

In the almost four years I've had this car, I've come to call it a joke of a hybrid, because what GM did was to add an induction motor that functions as a combination starter, alternator, and auxiliary drive motor to an existing four-cylinder EcoTec engine. It never completely takes over from the gasoline motor; it just makes that wimpy four-banger a little less wimpy by adding an extra 15 horsepower to make a total of around 185hp. To do this, of course, it has the requisite 115v lithium ion battery pack taking up space in the trunk, along with a recursive braking system to charge it and an utterly useless 'ECO' gauge in place of a far more useful temperature gauge. 

Although the six-speed transmission helps get the most out of this not-so-powerful power plant, it's an okay cruiser, despite the fact that the car is arguably too heavy for a four-cylinder engine. The automotive press generously calls this a "mild hybrid" setup, but General Motors didn't even call it a hybrid at all. Their marketing materials just said it "uses hybrid technology" to produce more power without using more gas. And to be fair, it does get decent gas mileage for its size, although not what one might normally expect from a hybrid. You'll never see 50 mpg in this car. The best it will do on the highway, downhill, with a tailwind, and not running the air conditioner, is about 36 mpg. Normal in-town driving with the AC running is closer to 26. Those numbers are only about four miles per gallon less than what the car I had before it, a similarly sized 2011 Chevy Impala with a 3.5 liter V6, would do. 

I really don't grouse much about the car, because despite being a fairly unimpressive hybrid, the LaCrosse is still a comfortable, yet economical car, albeit with a puny trunk, thanks to the aforementioned 115v battery pack, which lives back there. But I can't complain too much about that, because it holds a secret super power. Ironically, I discovered this secret super power a few days too late to take advantage of it. 

In addition to the battery pack, the car has a conventional 12v battery under the hood to start the engine and run the myriad 12v systems the hybrids share in common with more traditionally powered Buicks, and like 12v batteries in most cars, they eventually go out. Mine started to show signs of weakness over the past month or so with erratic behavior messages on the driver information screen, located between the speedometer and tachometer. 

Annoying as that was, the problem soon escalated to the point where the car failed to start twice in the space of a week. The first time, I was at church and a friend was parked close by with some jumper cables and we quickly got it started. The same thing happened a week later, but it was late in the evening, and I was alone in a parking lot, so I had to summon another friend to bring cables. The next day, I bought a new battery.

On both occasions, I found myself thinking how nice it would be if I could somehow use the 115v battery pack to jump-start the car. I since have read that few hybrids are set up this way, but guess what? It turns out my LaCrosse is a rare exception to the rule. It has a little-publicized feature by which it can indeed jump-start itself, giving a whole new dimension to the idea of a self-starter, the name by which electric starters on cars were known a century ago. Better yet, it does so without the need for jumper cables and you don't even need to leave the driver's seat!

According to the owner's manual, this feature is accessed via a couple of switches on the turn signal lever. First, press the "Menu" button on the side of the lever to bring up the Vehicle Information menu on the aforementioned information screen. Then, using the up/down switch to the left of the menu button, find the "Jump Start" screen, press the button set into the end of the turn signal lever, and wait for the prompt to start the car.

I haven't yet tried this feature, since I didn't know it existed until after I had already bought and installed a new battery, but if it works as advertised, it would be a real life saver. And that makes me wonder why in the world GM didn't publicize this onboard-jump-starting feature as a significant selling point for the cars that were thus equipped. The only thing I can figure is that the eAssist hybrid was the base engine configuration for the LaCrosse, along with several of its other Epsilon platform siblings, such as the Chevy Impala and Malibu, and GM was more interested in up-selling customers to the 3.6 liter V6. Of course, it's kind of a moot point now, given that the eAssist system was discontinued a couple of years before the LaCrosse itself. Be that as it may, I'm glad my car has this particular 'super power'.