Analysis: Red Hat, Canonical and Novell are enhancing the security features in their Fedora, Ubuntu and OpenSUSE Linux distributions, which are all slated for release later in 2008.
Linux-based operating systems are built on an open-development model, which
can afford organizations an early view of-and an opportunity to influence-the
technologies and implementations that will eventually work their way into these
What's more, these early looks extend beyond points on a presentation slide to
comprise run-able code that's gathered into fast-moving, community-supported
Linux distributions that administrators can begin testing in advance of the
long-lived, enterprise-oriented releases to come.
I examined the principal security-related developments in three such
vanguard Linux distributions, Canonical's Ubuntu Linux 8.10,
and Red Hat's
Fedora 10, all of which are now available in beta form.
Ubuntu Linux 8.10, which is slated for release at the end of October, ships
with an encrypted private directory feature that enables users to store
sensitive data securely without incurring the performance overhead of
here to read about Microsoft's October patches and its new Exploitability Index.
In my own tests with full-volume encryption in previous Ubuntu versions,
I've noted processor overhead of about 20 to 30 percent during disk-intensive
processes such as virtual machine image creation.
What's more, full-disk encryption, unlocked by a single pass key, poses
problems for multiuser machines, in which the disk unlocking is an
all-or-nothing proposition, as opposed to a user-by-user measure.
As implemented in Ubuntu 8.10, the encrypted private directory feature
creates a folder-labeled "Private"-in users' home directories. The
system automatically encrypts files placed in this directory and unlocks the
directory upon user log-on.
In my tests, I could broaden the range of home directory folders that the
system protected by copying the folders to the Private location and leaving a
symlink behind to allow my applications to continue accessing the protected
files at their previous addresses.
As this feature now stands, it's too roughly implemented to supplant
full-volume encryption entirely-there's no user interface at this point, and
there's the possibility that sensitive data could be pulled from a system's
unencrypted swap partition. I hope to see Ubuntu's encryption feature set
firmed up to include full-volume, Private folder and home directory encryption
in time for the distribution's next LTS (Long
Term Support) release, which is currently scheduled for April 2010.