Xandros Linux conquers a hostile Sony laptop

A little something for everyone

SANS - Survey on application security programs

OS Review I have an impressive talent for buying laptop computers hostile to Linux. Right now I'm using a Sony Vaio VGN-FS840/W, with more proprietary drivers than you can shake a stick at. It's so bad that even a retail edition of Windows XP won't run on it; you need the OEM Windows (and sure enough, Sony is too cheap to include the CD), or you need to go to the Sony support site, download all of the drivers, and make your own supplement CD.

As for Linux drivers, forget it. Sony has more important things to worry about, like recalling millions of inflammable batteries. So naturally, this machine represents quite a challenge for a Linux distro.

My personal favourite, SuSE, won't run on it without a tiring vi session, trying to edit xorg.conf to get a screen to appear. But Xandros Home Edition Premium ran fine right out of the box. Indeed, it has turned out more functional on this Linux-hating computer than even a vanilla Windows installation, which is not something one expects.

The installation routine will be familiar to any Windows user: you put in the disk, and click OK every now and then. It isn't possible to do much tweaking during the install, although I was able to re-partition my hard disk and set up my Linux filesystems as I saw fit. Otherwise, there isn't a great deal for an advanced user to do, except set up the network and printer towards the end.

The desktop system is KDE, nicely decorated to look like Windows XP. Actually, KDE is pretty Windowsey to begin with, but if one feels that Xandros has gone too far in that direction, it's easy enough to customise.

There have been some improvements since our last review, with KMail now serving as the default mail client, as it should. A packet filter is installed by default; the Gimp is installed by default; and KWrite is the default text editor. These are all good choices.

But KDE is an excellent desktop, not just a good one: far superior to Windows in its wealth of useful applications and utilities. It's a pity that Xandros has limited its KDE packages to those that a Windows user would expect to find. Thus we're missing the KBear FTP client, KGpg, KMplayer, Kaffeine, KPackage, the K3b CD utility, Ark, and many others.

The Xandros file manager has been designed to look and feel like Windows Explorer, and this is fine; but I wish Konqueror were included in the start menu so that users could find it easily and experiment with it. It's present, of course, but you have to hunt for it. Still, the Xandros file manager handles a number of tasks, including compression and archiving, FTP, CD creation, and file sharing between Windows and *nix networks. A great deal of work has gone into it, and it's clearly meant to replace a number of KDE utilities. Yet there's no need to hide or neglect to install them; it's always nice to have a choice.

The default browser is Firefox, not Mozilla as it previously had been. Firefox is a bit leaner and faster, although it has lagged behind Mozilla in a number of important security features. It has certainly not lived up to the hype surrounding it, at least until recently. At this point, though, it's nearly on an equal footing with Mozilla security-wise, and definitely more responsive. So I would call that a good choice.

Overall, Xandros's security is improving, but there are lapses. GnuPG is included, but the KGpg front end is not. Shred is included, but it's not integrated with the file manager. There do seem to be fewer networking daemons enabled by default than there had been when we first looked at Xandros, and this is quite encouraging. I had only to turn off NFS and Samba (file and print sharing was off by default). I couldn't find a way to turn off the portmap daemon via the rather limited admin interface in the KDE Control Centre, and had to do it manually. But that's about it.

These daemon processes are called "services" to conform to Windows parlance, and they include some surprising items. For example, there's remote desktop sharing (VNC), which, on home machines, makes me uncomfortable from a security point of view.

The company has taken great pains to look security conscious, in the way that Windows looks security conscious. This means that the panel is buzzing with little applets popping up and interrupting your work to warn you to scan for viruses and the like. They have icons shaped like little shields; they look like things you associate with Norton and McAfee, and the Microsoft "Security Centre".

Windows users expect this so, apparently, Xandros felt it ought to give the computing public what it's used to, whether it needs it or not. But unless you're running a mail or file server, you simply don't need a virus scanner on a Linux box. And there's no need to be so showy about the rest of it, either. The company should enable packet filtering by default, leave the networking daemons off unless they're needed, tighten up the file permissions, and leave it at that. Users can get behind a NAT box, and forget about all those threats that used to terrify them running Windows. It's ridiculous for Xandros to remind people of the horrors they've just escaped by switching to Linux; I say, let them enjoy their computers for a change, instead of worrying about them constantly. Bag those silly little security applets.

SANS - Survey on application security programs

More from The Register

next story
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
prev story


Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.