I glanced through that book a couple years ago. Most of it is now hopelessly out of date, just like Rute.pdf is becoming.

Although it is time for me to build another machine, I have to move soon (to another city close by) and that costs money so unfortunately, it won't be for a while, until after I am settled in, possibly this winter. What pisses me off is I was looking at a possible new mobo last night and it has UEFI, is Kubuntu going to load on that?

Edit: Researched UEFI, if I can't shut it off, no buy mobo, that simple.

UEFI is actually pretty cool, don't dismiss a product just because it has that. BTW, almost all new products now have UEFI -- BIOS is being phased out.

What you should look for is the ability to disable secure boot in the UEFI settings. A mechanism to do that is supposed to be there. If you disable secure boot, you eliminate all the issues you've recently been reading about. I am not as convinced as Matthew Garrett that an ordinary user needs secure boot, so don't worry about potentially opening your computer to attack. Secure boot protects against a very specific kind of threat, one that remains uncommon.

Check this out... http://www.phoronix.com/scan.php?pag...i7_3960x&num=1
Ubuntu on the X79 chipset (socket 2011), running Kubuntu should NOT be a problem.

@Steve, yeah, I know, researched it, meant to say secure boot, or if you put on your Microsoft decoder ring: sleazy way to thwart newbies from escaping our evil grasp, lol. Btw, Microsoft has pushed some vendors to NOT include secure boot shut off, apparently ARM based devices, you CAN'T already.

For manufacturers of ARM-based devices that want to issue hardware with the Windows 8 certification logo, your statement is correct. However, a sufficently technically adept person could replace the firmware in such a device, much the same way people flash alternate builds of Android.

Please see this KFN thread for updated UEFI info, including a bit where I quote from the Windows 8 certification requirements.

The motherboard in my machine (Gigabyte GA-H61M-SP2V rev2) has UEFI firmware. Installing Kubuntu on it was straightforward; disabling secure boot wasn't an issue, as the firmware for that model motherboard apparently doesn't even have secure boot functionality.

Not every UEFI motherboard has the secure boot 'feature'. As I understand it, only motherboards certified for Win 8 will be required to support secure boot. Of the UEFI motherboards that aren't Win 8 certified, some may have secure boot and some may not.

As Steve mentioned, it shouldn't be a problem even if you choose a UEFI motherboard that has secure boot, as there should be a simple way of disabling it in the firmware setup.

True, but that fact puts Linux back to pre-LiveCD, when only "sufficiently technically adept" people could install Linux. Today, because of LiveCD, almost anyone could install Linux, either in dual boot or standalone, which explains its 10+% and growing desktop market share.

I still cannot escape the conclusion that UEFI has more to do with blocking the installation of Linux rather than trying to block MBR Trojans or other boot infections. Why? Because after the boot process is complete one is faced with a Windows OS which is just as insecure as it was before UEFI. It will still have ActiveX controls and vulnerability to email payloads, drive-by URL infections, etc...

My hope is that some OEMs will see a market for Linux and sell their hardware without UEFI, or with it disabled by default. And, perhaps, even sans OS.

ARM-based machines are not built to be general-purpose computers, thus my comparison to flashing alternate Android ROMs. But in general I agree with you in that the trend toward making it more difficult for people to do what they want, with hardware purchased on their own volition, is troubling.

UEFI is a massive undertaking, and it does solve the technical problems that plague BIOS and MBR. So I'm not ready -- yet -- to ascribe all that work to what amounts to a motive. Core Boot also solves the BIOS/MBR technical problems. But it lacks a secure boot mechanism, which Microsoft seems to feel is of urgent importance. That's the part I disagree with. It would probably be good for us to keep our focus on that: the abuse of the secure boot feature to favor one OS over another, and the design choice that limits storing a single signing key in drivers and hardware modules. Not all of UEFI is bad: just this one part.

Agreed, old schoolers like me for instance aren't too fond of change, but nothing ever really does stay the same, years from now UEFI will be replaced, computers will probably come with OS ROMs, which we will have to hack or swap out for something more palatable.

That's pretty much what ARM-based machines already do.

Before I stopped doing Windows, all the Windows I was repairing were infected by MBR Trojans combined with an infection in the hidden drive containing the backup copy of Windows. Removing that infection combination was next to impossible without reformatting the whole drive, then you couldn't re-install Windows. That's what finally tipped me over the edge to refusing to clean up any Windows boxes.

Originally posted by SteveRiley View Post

That's

True, that and it seems that everyone whose tried to create their own UEFI work-around has thrown in the towel and bought a Windows certification for the OS and stuff. That puts Microsoft in the cat bird seat. They can remove anything they grant.

This whole situation is what prompted me to by this Acer last January, before UEFI became the coin of the realm.

Did you mean low-level format? And why couldn't you re-install? Low-level (FULL zero out of the drive) is the only thing that truly gets rid of ALL pesky Win-DOHs viruses, otherwise the 'file(s)' are still there, they are just not 'visible' because of the new file allocation table, and yes, they do crop back up, persistent buggers. Bin dair, dun dat.

Sadly, I became quite proficient at identify and having to manually remove viruses because so-called 3rd party anti-virus suites pretty much just sucked, they were better at identifying than removing (partly because some viruses are written so they can not be removed when booted in to the 'host' Win-DOHs, no matter what 'anti-virus program' you used, that's where a LIVE LINUX CD/DVD COMES IN, identify, shutdown, boot with Linux optical disk, delete offending files). I once spent 8 hours doing a friends computer (heavily infested Win-DOHs 2000, porn sites, betting sites, infested emails, etc), saved his ass but boy, was I fed up!

My attitude is, there is a 'workaround' for EVERYTHING!

This is partly why I HATE Win-DOHs so much, cost of ownership (or should I say renter-ship, lol) is ridiculous and the maintenance is out of this world.

A 2011 report and infographic from Symantec makes the case that such infections are one the rise. Hm...

I REALLY don't miss all that, just made my head spin looking at it.

Edit: as a matter of fact, I would bet there is a pimply faced 12 year old out there writing something for Linux as we speak, that being said, am going to install an anti-virus package, any recommendations? One that runs in the background, full time?

I'm not aware of any Linux anti-virus package that meets the specifications you've stated. All of the ones I've heard of only scan for windows viruses, and few if any of them run constantly in the background. Even ignoring all that, no antivirus for any OS provides adequate protection for the scenario you outlined (a newly written "0-day" virus).

If you want to have a Linux anti-virus package regardless, then according to TechRadar's review, Avast! and BitDefender seem like the best ones.