It concerns me that turning on the firewall is not an included step in the Getting Started guide, as it is off by default. A lot of people are using Zorin as a beginner distro, so turning on the firewall may not even be something they know they should do. It's a big security risk, and I hope the Zorin team can make this seemingly simple change.
It actually is not.
By default, Most GnuLinux distros do not expose ports unless explicitly configured to do so. Even without UFW, a fresh install is not considered vulnerable.
What UFW does is add an additional layer of protection, generally applying mostly to advanced users that understand a direct need for port monitoring in their use case.
Zorin OS does not have listening services exposed to the internet. Unless you've installed a server (SSH, FTP, etc.), the system isn't accepting connections.
If you install Zorin OS to use in public access, server actions, etc., then you would clearly know the many steps to harden the system. Being as that Zorin OS is aimed toward the average casual home user, the safe practice is to reduce complexity.
Of course, any and all users can enable UFW on their system if they want that added layer of security, bearing in mind that this may necessitate configuring firewall rules on an as needed basis.
But it is not a security risk to have it disabled - primarily for the exact reason many of our migrants came from Windows OS:
It is not Windows OS.
It is a different system that is hardened right out of the box.
On Windows OS, in which the risk is very high of active ports listening to inbound connections; Then yes, having it disabled is a Big Security Risk on Windows OS.
6 Likes