Posted by Aaron Kelley

Several readers of our OSINT Techniques book and Online Video Training have expressed concern about Ubuntu's new Pro feature and update restrictions for those who do not subscribe to the service. Since we recommend Ubuntu for OSINT virtual machines, we should address the issue and offer some guidance. Let's start with addressing Ubuntu Pro. If you run 'sudo apt update' and 'sudo apt upgrade' within an Ubuntu Terminal, you will likely see something similar to the following.

This warning appears concerning as it insinuates that some updates are being withheld from your machine unless you subscribe to the Pro service. The following warning from Ubuntu's software updater is even more alarming.

This appears to present a lot of outdated software which we cannot update. However, looks can be deceiving. Click on any of these updates and look at the details pane. As one example, I clicked on Ffmpeg and observed the following.

The "Available version" is the exact same product as the currently installed software. The update does nothing. Running 'pro security-status' displays the following.

This confirms that our machine is receiving all Main/Restricted updates until 2027, at which time we would be using Ubuntu 26.04. We do not need extended updates until 2032 as offered through Ubuntu Pro. This makes Ubuntu Pro unnecessary for our needs. Opting to avoid Ubuntu Pro does not restrict your machine from the typical security updates which Ubuntu has always provided. The options available within Ubuntu Pro are enhancements to Ubuntu and no features have been removed from a typical Ubuntu installation. The focus of Ubuntu Pro is to extend the availability of updates from five to ten years, and provide some third-party security patches which may not be available otherwise. We should not be using old versions of Ubuntu for our VMs, so this does little for us within an investigative VM.

Ubuntu Pro is available for free for personal use, but it requires you to attach a unique license key to your Ubuntu installation, which will be tracked by Canonical. We do not recommend this. Instead, we encourage users to remove these unnecessary warnings with the following command.

mv /etc/apt/apt.conf.d/20apt-esm-hook.conf /etc/apt/apt.conf.d/20apt-esm-hook.conf.bak

After this command, which only renames the file responsible for this warning, updating through Terminal (and therefore the update script we provide within the VM), should appear as follows.

We feel that Ubuntu is being aggressively misleading with the rollout of Ubuntu Pro, and we do not recommend any OSINT users attach this service to their investigative VMs. We have not recommended Ubuntu as a host OS for some time.