Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I don't personally use an AntiVirus software on my workstation but if I did it would probably be AVG. As far as a firewall goes I always recommend iptables (it comes pre-installed on many distros or is in package management). iptables requires you to know a bit about networking so don't expect it to be pointy clicky user friendly like Windows Firewall. You didn't specify what distro you're using so there's not much more that can be said.
If you're not looking to run any hosted services or require other computers to connect to your system then here's a good iptables config which basically allows you to do your work and blocks everybody from your system.
Code:
#load firewall config with iptables-restore < iptables.rules
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
#The following rules required for normal communication
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
#allow incomming ping (optional, can be commented out)
-A INPUT -p icmp -m state --state NEW -m icmp --icmp-type 8 -j ACCEPT
#enable firewall denied connections logging
#keep rules commented unless troubleshooting
#-N LOGGING
#-A LOGGING -p tcp -m limit --limit 2/min -j LOG --log-prefix "iptables DROP: " --log-level 4
#-A LOGGING -j RETURN
#-A INPUT -j LOGGING
#-A FORWARD -j LOGGING
#Required, any traffic that is not allowed will be dropped by these rules
#Never comment these out unless you know what you're doing.
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
EDIT: Ubuntu comes with ufw firewall which is a wrapper for iptables.
Tricking users into installing traditional malware with their tell-tale signatures has been on the decline for some time, now. Keeping your system up-to-date is your best protection as vulnerabilities in the OS/software have been the main venue of late. Personally, I also use a router/firewall with default name/password changed as well as the Firefox browser with the Ad-Block Plus addon.
If you do feel the need to have AntiVirus, I've found ClamAV to be a good free product. However, I agree with the poster's above that it's generally not necessary on a Linux machine and may even lull one into a false sense of security. The only time I'd consider using it is on a server that serves files to Windows clients.
The firewall (iptables) is built-in. The only catch is that Debian-based distros usually have it turned off; no doubt they can explain that to their satisfaction. If you have something like Ubuntu, install gufw, run it, click on "unlock" and then on "on". You also need to switch it on with PCLinuxOS, but their tool is in the menu. If you have a distro with "point and click" firewall configuration (Fedora, CentOS, OpenSUSE, PCLinuxOS), just make sure no port is marked as open.
And please put your distro in your profile: it makes it so much easier to answer your questions!
if you dual boot with windows then ALSO use ClamAV in conjunction with Norton or McAfee
-- Clam will find things that norton and Mcafee mis
if you download files then share them with friends using WINDOWS then use ClamAV to scan them for WINDOWS viruses
( pdf's and tiff images are the new thing right now )
if you run a mail server and windows clients use it
run clamAV's mail deamon
I was little harsh there. But note that GNU/Linux doesn't need any antivirus by itself, you always install it because of the Windows. If you dualboot, it might be handy (though if you have one on Windows, it's kinda redundant), but would you add unnecessary bloat to your system because of people running unsafe OS?
My main concern is newcomers from Windows, who may install AV just because they had one on Windows and they might think it's normal to have it on any OS. No, you don't need it on Linux, it won't make your Linux system more secure.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.