| Autor |
Nachricht |
|
|
Titel: Online Security
 Verfasst am: 19.10.2006, 15:50 Uhr
|
|
Anmeldung: 13. Jun 2005
Beiträge: 44
|
|
Hello again
I am almost there and ready to use 2006 - 1 (when available). Other questions I've asked have been answered and as I have been playing with linux since 2005-4, I feel ready to jump.
However, I'd like to get some advice or opinion on security within linux and Kanotix in particular.
As a long term Windows user, I'm well used to locking every hole and protecting the PC with firewalls, antivirus and anti spy/malware utilities. The horror stories, even if they are half what the media paints, make such action necessary.
I'm also aware that Linux is not as vunerable to such attacks - presumably in part because of the relatively low numbers not making it worthwhile to attack.
This is good news in itself but should I still protect a PC running Linux in a similar way to that I am used to in WinXPand if so, which programs are recommended?
I am / will be running broadband via a Belkin router with the hardware firewall activated.
Thanks
Andy |
|
|
| |
|
|
|
 |
|
|
|
Titel: Online Security
Verfasst am: 19.10.2006, 16:17 Uhr
|
|
Anmeldung: 22. Jan 2006
Beiträge: 1296
Wohnort: Budapest
|
|
I use rkhunter as rootkit-detector and klamav as anti-virus software:
apt-get install rkhunter
apt-get install klamav
Further, I am connetcted to the internet through a router which also functions as firewall.
hubi |
_________________
|
| |
|
|
|
|
|
|
|
Titel: RE: Online Security
Verfasst am: 19.10.2006, 17:59 Uhr
|
|
Anmeldung: 08. Dez 2005
Beiträge: 300
|
|
| Also NEVER login as root. Create a standard user account and use that to login with. |
|
|
| |
|
|
|
|
|
|
|
Titel: RE: Online Security
Verfasst am: 19.10.2006, 20:29 Uhr
|
|
Anmeldung: 22. Jan 2006
Beiträge: 448
Wohnort: Dresden
|
|
| Virus scanner are on Linux systems completely unnecessary. You can use them to scan your Windows partitions for Viruses, but there is no sence to scan Linux partitions and most of the virus scanners for Linux are only for scanning Windows partitions if the Windows OS does not work because of any viruses. |
_________________
Scanmetender[Soft] - Tender security solutions for your computer.
Scanmetender Standard - It is free! For GNU/Linux and Windows(R).
http://www.scanmetender.com
|
| |
|
|
|
|
|
|
|
Titel: RE: Online Security
Verfasst am: 19.10.2006, 20:53 Uhr
|
|
Anmeldung: 05. Dez 2005
Beiträge: 414
Wohnort: Auckland, New Zealand
|
|
Linux is much safer, not only because it's less popular, but because it's designed with security in mind.
Also, if you don't have any services running (eg if you don't have a web server running, or ssh server, etc) then all packets initiated by the internet will not be listened to by your linux install (because no services are listening to them) and therefore those packets are dropped.
If you run closed-source software on your pc (eg nvidia 3D drivers, or the game "America's Army") then you are opening yourself up for abuse. It's up to you to decide what balance you want ... security versus multimedia.
Someone on this forum pointed me to this a while ago ... I think it's a good read:
http://linuxmafia.com/~rick/faq/index.p ... irus#virus
Now, please note that all my points are rules of thumb. Each of them can be broken, and any seft-respecting paranoid linux user will say that black hats can jump on you pc and do all sorts of things leaving no trace that they've ever been there. But in general, linux is much safer in several respects. |
_________________
Linux is evolution, not intelligent design - Linus Torvalds
|
| |
|
|
|
|
|
|
|
Titel: RE: Online Security
Verfasst am: 19.10.2006, 21:33 Uhr
|
|
Anmeldung: 12. Mar 2005
Beiträge: 1005
|
|
Short answer: when you use a hardware firewall like a router, that's about the end of the story for security.
This assumes you keep your key applications that interact with the internet up to date at all times, like firefox/iceweasel, thunderbird/icedove, konqueror, any servers that might be allowed to see the web [bad idea if youo don't know security however for anyone who is tempted to try to run their own web server without a grasp of security issues].
Just for fun, and to see how secure I can get the systems, I run firestarter firewall on my desktops, and if I ran a real server that was accessed over the web, I'd run guarddog firewall, which is far more aggressive than firestarter, but a pain to use on the desktop, pretty much not possible at all in fact if you listen to any kind of streaming media.
The real comparison is to other Operating systems. Like Linux, OS X has no known real viruses in the wilds. And like linux, if you allow any web access to your machine, at times worms can and do hit security holes in your system.
And then there's windows.... insecure by design, MSIE insecure by design, ActiveX radically insecure by design [I can no longer count the numbers of allegedly patched MSIEs that have been released to fix yet another activex security issue.] Windows itself, designed primarily as a single user, admin mode system. Anyone who has tried to run windows with any more restrictive permissions will soon see the problems emerge, all over the place.
So if you're behind a router, that's about it, assuming of course you aren't using the default password/username for your router, which an amazing number of people are doing. And that, if your router offers this option, you have turned off the ability to access the router itself from outside the LAN. And a few other common errors.
I disagree slightly with the author of the piece that swynndla linked to, he gives a slightly incorrect impression that you have to give a virus root access permissions all the time, this isn't right, some methods involve exploiting security holes in programs, causing buffer overflows that give the attacking item root control.
However, this is a fairly trivial instance, and as he correctly points out, it's not particularly common. In fact, one of the first instances of this happened on os x with jpg rendering I believe it was.
Basically, 99% of any potential security risk is totally eliminated by never viewing emails with html in html mode by default, instead use text viewing only. That applies to windows too. That leaves websites that try to exploit known or unknown issues through browser security gaps. Naturally, it is physically impossible to make outlook or outlook express not display html, which means they can simply never be trusted to be secure. The single reason I switched to thunderbird years ago was the first time I looked at it, I saw that I could turn off html viewing always. Kmail turns it off too, but has a nice feature where you can click a link to view the html content once you determine that the source is real and safe.
Another thing I'd not agree with in terms of the tone the author says: assuming patches will be released as your first defense is a bad defense. A very bad one. This is more and more the case today, where organized cracking groups discover unknown security holes, and do not go on irc or wherever to tell all their little friends, they simply begin exploiting the holes to make money. So don't ever rely on security patches, rely on common sense first, safe practices etc, then do your security updates.
But in no case is Linux even remotely as insecure as Windows, including a fully updated, high end antivirus running windows. What's extra funny about windows security is that the most common windows antivirus products are by far and away the worst performing, norton/mcafee are both terrible. Real av stuff that actually works, nod32 [0 infections total on systems I maintain since I've installed it], bit defender, these are actually functioning av products that almost no one knows about except network admins.
Remember, there is no such thing as spyware on a system that does not use active x, period. Spyware must have access to active x to install itself in almsot all cases. There are a few other ways, windows messenger is one that was used, that's not the chat thing, it's another thing that allows one windows to send another windows messages over a network. Again, once turned off, it's neutralized, but of course, MS releases it on by default, as usual. |
_________________
Read more on dist-upgrades using du-fixes-h2.sh script.
New: rdiff-backup script
|
| |
|
|
|
|
|
|
|
Titel: Re: Online Security
Verfasst am: 25.10.2006, 01:58 Uhr
|
|
Anmeldung: 17. Jul 2006
Beiträge: 23
|
|
|
hubi hat folgendes geschrieben::
I use rkhunter as rootkit-detector and klamav as anti-virus software:
apt-get install rkhunter
apt-get install klamav
Further, I am connetcted to the internet through a router which also functions as firewall.
hubi
I also have a hardware firewall with my Router I run firestarter and I just installed rkhunter thanks hubi  |
|
|
| |
|
|
|
|
|
|
|
|
|
|
