ubuntu
@com.br
| Ubuntu - Security Suggestions?
after having been a windows user for a long time, i finally decided to give ubuntu a try.
it was a hard decision because i know the ins and outs of windows well, and over the years, i've come to find a balance between security and usability that i like; in terms of av, antispyware, firewall, anti keylogger, hips, etc.
with the move to ubuntu, a lot of things are uncertain. despite many assurances that antivirus and antispyware are virtually nonexistent on linux, i admit i feel a bit nervous. the one threat i haven't been able to find much information on is also the only threat i care about at all: keyloggers (and whatever else can help one get on my system).
is there such a thing as a hips for linux?
i am worried because i could find no information on keyloggers at all, much less countermeasures. i do a lot of banking on my pc, as well as other activities that could reveal my personal data. does anybody have any suggestions as to how i should secure my ubuntu system? i am only knowledgeable in terms of xp security, but totally ignorant when it comes to linux security. please help! |
|
JohnInSJ
Premium
join:2003-09-22
San Jose, CA
 ·SONIC.NET
| You'd likely only find keylogger-type exploits as part of rootkits.
Unlike windows, its a lot hard to install stuff on your ubuntu box without you doing it, and installing stuff at the level needed to really give away the store needs you typing in your password for the sudo...
So, pretty much, unless you decide to shoot yourself in the foot, you're (reasonably) safe. |
|
SUMware
Premium
join:2002-05-21
edit:
October 7th, @10:32AM
| reply to ubuntu
said by ubuntu :
after having been a windows user for a long time, i finally decided to give ubuntu a try. Good for you.  said by ubuntu :
antivirus and antispyware are virtually nonexistent on linux, i admit i feel a bit nervous. Understandable, MS has users well brainwashed. Vulnerable MS OSes need third party protection. Linux does not. AV/AS software are completely unneeded and unnecessary with Linux desktops.said by ubuntu :
the one threat i haven't been able to find much information on is also the only threat i care about at all: keyloggers (and whatever else can help one get on my system). is there such a thing as a hips for linux? Install your software from official repositories. Don't run as root. Nothing (rootkits, keyloggers, etc.) can be installed into your system without root permission. So don't give them permission.  Keep yourself patched with appropriate updates. You'll have little to worry about. Linux is not vulnerable to the "horrors" that constantly plague MS.
Enjoy Ubuntu. There is lots of help (should you need any) at the Ubuntu forums. |
|
ravencajun
Premium
join:2004-08-12
Wylie, TX | reply to ubuntu
welcome to the wonderful world of linux!
you might want to visit the forum here also
»All Things Unix
enjoy! |
|
tls66
join:2008-08-07
Revelstoke, BC
·TELUS
| reply to ubuntu
If you really want a form of psuedo(not sudo) protection just use clam av its in the ubuntu repositories, or you can do as I have, and install avast 4 for linux, mind you I only have it on my ubuntu box not for its protection for that I use chkrookit and rkhunter, I use avast for the checking of files I send to my windows computers, or my friends computers |
|
AA12345
@rr.com
| reply to ubuntu
I can sympathize with you. When I first used Ubuntu, after years of reading dslreports, the lack of anti-this, anti-that, anti-whatever in Linux Distros concerned me. Read this article on the Ubuntu forum about security. »ubuntuforums.org/showthread.php?t=510812 |
|
linuxsecurity
@inehome-server.com
| reply to ubuntu
Like leaving your front door unlocked in a safe neighborhood
I'm also migrating from Microsoft Windows to Linux. I also have been concerned about the security issue; it seems everyone is saying you don't need it (that is antivirus or antispyware) because no such malicious programs are written for the Linux environment. That's great, but this sounds like if you live in a very safe neighborhood then you don't need to lock your doors. I'm sure those of you living in safe places are still locking your doors.
If I were one of those Russian/Romania/Ukrainian/Chinese hackers/fraudsters/criminals/losers writing these damn programs, I might as well write a virus for Linux since Linux users are lax on security. It's easier to burglarize the house that isn't locked. |
|
Googlefreak9
join:2008-04-11
Etobicoke, ON
·TekSavvy Solutions..
| I use Mike's host file to block most spyware. Viruses are rare. There is somewhere around 80 I read but I'm sure there's more but they don't run in the wild like windows does.
The only real concern is root kits.
I use Fedora 9 with SElinux how is that lax security? |
|
jimkyle
Btrieve Guy
Premium
join:2002-10-20
Oklahoma City, OK
·AT&T Southwest
| reply to ubuntu
Re: Ubuntu - Security Suggestions?
Check "man iptables" to find out more than you may want to know about the firewall that's built into the Linux kernel, and controlled by rules that you define. It allows you to lock down your net access even more tightly than any of the popular Windows firewalls. Then search Google for "portsentry" to learn about an intrusion detection program that can alert you when any part of your system changes (it currently checks over 15,000 parts of my system every morning at 4 a.m.; it's been months since anything changed, and all of the changes detected in the past several years have been made by me).
These two can give you essentially total protection against any sort of intruder, including other family members who might want to do illegal downloading. And as other posters have mentioned, programs to detect rootkits are available also -- although if you keep the doors locked down tight and don't blindly install questionable stuff, there's really no way for one to get in.
--
Jim Kyle |
|
z0ned
join:2002-07-27
Los Angeles, CA
| reply to ubuntu
As some other posters have already pointed out, Ubuntu security is hugely different than Windows security because of that fact that Linux enforces least privilege by default. Only the root user can affect system components, and you dont run day to day as root. For that reason, a resident antivirus is usually not needed. Some people like to run one anyway.
Network intrusion protection considerations however still do apply. Are you facing any services to the wide area network, or are you fully hidden behind NAT?
I face SSH out, so I run the add-on fail2ban package which interoperates with syslog and iptables to lock out SSH dictionary attack intrusion attempts after several failures. Default Ubuntu will let SSH dictionary attacks run all the way through.
Use strong login passwords that are not vulnerable to dictionary attacks in the first place, but run fail2ban just because its an important countermeasure to have.
Fail2ban has an annoying problem with creating its /var/run/fail2ban/ directory on startup, so be aware of that.
Sometimes I face HTTP out. I have basic http authentication configured in Apache to prevent any snooping eyes from snooping around. It's not superior security but just a deterrent.
One of the most important things you have to do is keep your system patched up to date, as important security fixes come out routinely. If these are remotely exploitable and you don't patch them, you're asking for trouble. So make a habit of running apt-get update and apt-get upgrade daily or as close to daily as you can. You have to run these with sudo (or "sudo su -" to get into a root shell first). If you're running the desktop flavor of Ubuntu I believe there is a widget that monitors available packages (alike to wuauclt.exe in windows).
There is probably more I could think of, maybe I will add here. I imagine I'm going to draw a lot of ire from people even for what I've said because it's extensive and it gets anal retentive around here. |
|
KodiacZiller
join:2008-09-04
73368
| reply to linuxsecurity
Re: Like leaving your front door unlocked in a safe neighborhood
said by linuxsecurity :
I'm also migrating from Microsoft Windows to Linux. I also have been concerned about the security issue; it seems everyone is saying you don't need it (that is antivirus or antispyware) because no such malicious programs are written for the Linux environment. That's great, but this sounds like if you live in a very safe neighborhood then you don't need to lock your doors. I'm sure those of you living in safe places are still locking your doors.
If I were one of those Russian/Romania/Ukrainian/Chinese hackers/fraudsters/criminals/losers writing these damn programs, I might as well write a virus for Linux since Linux users are lax on security. It's easier to burglarize the house that isn't locked.
The problem with this idea is how would these criminals get these viruses installed on a Linux box to begin with? The virus cannot do anything to your system unless YOU ALLOW IT TO. Yes, there are Linux viruses, but there are none in the wild doing any damage right now that anyone knows about. They aren't out there because they just aren't viable. It is a pain to get them to spread.
Secondly, the house IS locked with Linux automatically. That's the difference in it and Windows. With Windows you need to take several steps and install various apps to even begin making it secure. With *nix all you need to know is to NEVER run as root, never install outside repositories, and to turn on a firewall which comes with it. |
|
