You seem to be comparing hardened Linux to deliberately weakened configurations of Windows, and hypothetical scenarions where Windows has been either misconfigured or deliberately configured to be insecure.

Instead be fair and compare default Ubuntu to default Windows. Maybe you refuse to do that because it doesn't fit your fanboy agenda.

Its not in fact fair to compare that way. Enterprise installs of Ubuntu use custom installers. These custom installers include hardening.

Something to consider here I install a Windows server it screw up it active directory I have to put in a live cd to alter core file so I can get a cmd prompt instead of login screen to fix the active directory issue. Linux is a server os as well as a desktop one particular items like Ubuntu.

There is a double sided sword to that require password to run anything. When installing the system the ability to bi pass the login system is a good thing particular if the login system completely goofs up.



Ubuntu has documentation on how to shut that door. Should it be a nice gui option I would say that would be better.

Sorry the scenarios I gave are not hypothetical they are ones I have seen real world. Of course you are not covering that the ability to run what ever without entering a username and password under Linux can be in fact closed if user chooses to.

Question here when should you shut off the ability to run what ever without without logging in. Ideal is after person installing the system has confirmed it working right?

Remember Windows is lacking a editor in the boot loader and the ablity to run programs without being logged in out the box now you are installing a custom gina and the result is login failure you are kind of hosed right. Have you ever looked inside Linux PAM uid313.

There are a lot of things with Linux you can change with the login system that in the installation stages could see you hosed at login into the system.

Ubuntu can do the same as windows that you have to login to run anything. Out the box Ubuntu gives you in packaging more items like pgina that you can install that could totally hose your login process.

Yes my example of needing to access shell with a windows server to fix a ads issue I can mirror on Ubuntu where you have samba ads running and you have confirmed PAM that all logins have to come from the ADS and you screw that up under Linux if you have not locked the boot loader yet getting in to fix that goof is fairly simple under windows its a up hill battle.

You are correct oiaohm.

You can run whatever you want on Windows before user login. That ctl+alt+del screen is FAKE SECURITY.

It does NOT prevent network login (you can just log in via powershell over ssh)
It does NOT prevent services from starting
It does NOT prevent scheduled tasks
It does NOT prevent applications running
It does NOT prevent file access (or remote registry access)
It does NOT prevent key loggers

I can't really see a positive thing that it adds. It came out around Windows 2000 era and maybe it's intended to show someone you are using genuine windows and not some fake OS made up to look like it, but even then a fake OS could mimic the login. I'm not sure it ever did much that was actually positive or improved security. One thing it can do is display a message from the system admin on corporate login.. so maybe that has some value in proving it's genuine.

I'm a sysadmin and been doing security work for 30 years. My opinion, it's worthless.

Sorry, I don't get this answer.
Anyhow, Ubuntu is not used by "every" Linux user by a long shot (the statement that I answered..).

How do you determine that a majority of desktop users is using ubuntu?

Just by looking at distrowatch that is unlikely... Maybe all debian based distros combined exceeding 50%.

Ubuntu has the highest userbase. Easiest way to tell is by looking at commercial support and Steam usage stats.

Distrowatch is obviously shit and those stats are meaningless since they are very incorrect.
Everyone knows Ubuntu is the most popular distribution, and that sites show MX Linux which nobody even heard about on the top, and it shows Pop!_OS above Ubuntu even though its only used on computers sold by System76. Bullshit stats.

Desktop Linux has like a 1% market share, and probably like 97% of that 1% is Ubuntu.

Ok, let's go by statement. Ubuntu has ...
"high userbase": sure
"highest userbase": maybe if you count strictly desktop use (but how do you split debian or redhat users into server, desktop, etc?)
"more than 50% userbase": I don't think that is true unless you add derivatives such as Mint or refer to all Debian based distros. However, if you have numbers, I'd love to have a look.
"Ubuntu is the only or almost only desktop distro": seriously?

Mr/s uid313 , I call BS. Kindly (i) define what Desktop Linux is and (ii) provide references to substantiate your claimed numbers.