Is that true? Can Ubuntu download and install and run new code without me doing anything? I am not sure that's the case.
Of course every time I run an update, they can install whatever. But that's different from what Windows is doing as I understand it...
"Ubuntu will apply security updates automatically, without user interaction. This is done via the unattended-upgrades package, which is installed by default."
https://documentation.ubuntu.com/server/how-to/software/auto...
Right, but it's a minor annoyance, get rid of it with:
(doesn't trigger removal of anything else, and you'll enjoy 420kb of additional disk space).OTOH the real issue with Ubuntu is snap(d). Snap packages definitely do auto-update. You may want to uninstall the whole snap system - it's (still?) perfectly possible, if a little bit convoluted, due to some infamous snaps like firefox, thunderbird, chromium, or eg. certbot on servers
Or just use Debian or any snap-free fork for the matter.
Edit: fixed