Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Up to date Windows XP with an up to date anti-virus running in the background and a firewall or Linux with a firewall script and no real time anti-virus protection.
For surfing the net and online banking which is the smarter choice?
I know it's a pretty general question but I am happy to hear any answers.
Last edited by mortal; 01-21-2008 at 07:20 PM.
Reason: spellsing airrors
Well thinking about it as general websurfing... With Linux you won't have to worry about any spyware, trojans or any other viruses getting onto your system and compromising any information you may have.
As far as a hacker infiltrating, thats possible with every system, but less damage can be done in linux because they probably won't have root privelidges on your system.
Windows is probably something that is more targeted as well. I'm not an expert in this area but this is my general understanding. I mean you can use windows... you just have to be smart about. A lot of people have dumb surfing habits, downloading and listening to whatever a popup tells them... or using IE.
for general surfing the web, i would go with linux since viruses that are snuck onto your computer are not given executable permissions therefore you would have to go find it any launch it. For online banking, i really don't think there is much difference between the security of the 2 OS's
There's no such thing as "up-to-date Windows". It takes Microsoft [months,years] to release patches. Sometimes they never do, trying to force consumers to buy the next version.
If the admin is savvy enough, I'd say both machines can be good.
I've both Windows machines on my LAN and Linux machines (with a few BSD mixed in). I can't remember the last time I had virii on Windows (knock on wood). As with Linux, there are certain things you should do to harden a Windows box. Regular user accounts can have non-admin privs and still be usable, for instance...that way, executable code can't be run with admin privs right off the bat.
Depends on the user(s). You will have heard of PEBKAC.
Windows XP with an up to date decent Antivirus (Avast or AVG, but not Norton or Mcafee), and a decent firewall (Comodo Pro with all things Internet Explorer, Outlook, Windows Explorer blocked), and you forgot Spybot S&D and Firefox with Noscript, would be a pretty good combination. Add on a good hosts file, and Peerguardian2 with the ads, trojans, level1 and level2 lists and you are now heading towards fairly secure. But dont forget also to make sure your user account is set as a user account and not Administrator, so should the worst happen, you dont lose much, and your system is probably still intact.
The problem isnt the software, its the person using it. If you have a total dumbass piloting the computer then it is most likely going to get hacked to hell and back. If on the other hand you have a reasonably savvy user, then it would probably be ok.
Still i'd pick Linux anyday, just because its what i use all the time. Windows is for Games, Linux is for everything else.
The problem isnt the software, its the person using it.
Mostly I agree with you. But ... do you consider it normal if I cannot visit websites I want to? if I'm afraid to open emails? etc? The entire situation with desktop security (considering Windows domination) reminds me plaque or war. Dead bodies lying around - and everybody takes it for normal. Well, it is not. Try thinking outside of box. Fresh XP install that gets infected before you can download security updates, operating system which cannot be secured to a level where it could be safe enough to go online without worrying about malicious sites - this is not normal. This is BS.
Mostly I agree with you. But ... do you consider it normal if I cannot visit websites I want to?
Firefox works pretty well.
Quote:
if I'm afraid to open emails?
Gmail works well also.
Quote:
Originally Posted by Emerson
etc?
For every problem, there are possible solutions.
Quote:
The entire situation with desktop security (considering Windows domination) reminds me plaque or war. Dead bodies lying around - and everybody takes it for normal. Well, it is not. Try thinking outside of box. Fresh XP install that gets infected before you can download security updates, operating system which cannot be secured to a level where it could be safe enough to go online without worrying about malicious sites - this is not normal. This is BS.
I swear, I have no issues with the same things you've mentioned...not when I use third-party e-mail and browsers. This may be more of an issue of "the cup is half-full/half-empty". Every time I post here, I'm thinking outside of the box. If there's any attack out there, nine out of 10 times, there is usually a remedy. I don't see why updates bother some people, because all of the big Linux distros out there do the same exact thing...they all provide updates, security or otherwise.
If you're that afraid, set up a Linux box in front of your Windows machine that will filter badness...many people do this. Or, just don't run Windows (and don't fault others for using it).
I run Windows XP for gaming (real gaming, not some tetris clone and not something being run in a virtual environment). The wife uses it for ease of use and I'm certainly not going to force Linux on her. I'm more comfortable with *nix, but lets face the facts...Linux ain't there yet in meeting EVERY need.
All I can say is, if you don't like it, don't use it, but you can hardly refute good admins who apply good security in layers that account for the swiss-cheese-like product called Windows. When I sit in on interviews with my manager and the interviewee, we're looking for a well-rounded security guy who knows how to solidify any host and will chose this person over a guy who just knows Linux. That being said, any bright guy who can admin a Linux box should have NO problem administrating a Windows machine. In the end, its the same crap but a different stink. Refusal to use it is one thing (we all have ideals)...learning to live with it, especially if you've little to no choice, has some gains.
If the admin is savvy enough, I'd say both machines can be good.
I've both Windows machines on my LAN and Linux machines (with a few BSD mixed in). I can't remember the last time I had virii on Windows (knock on wood). As with Linux, there are certain things you should do to harden a Windows box. Regular user accounts can have non-admin privs and still be usable, for instance...that way, executable code can't be run with admin privs right off the bat.
I have to agree with this. The OP didn't mention downloading, but specifically mentioned banking as an example of internet use. It seems to me the OS is less of a concern in such cases. How is the OP connecting to the 'net? Wired or wireless, from home or public access workstation?
After securing the OS, and assuming phishing emails are being blocked or deleted, there are still external threats to consider: a wardriver or neighbor with a packet sniffer(wireless threat), data encryption - be absolutely certain that you enter your information in an https page and that the site you're on is stamped by Verisign, the other end - can you be certain that the computers you're sending information to are secure?
Maybe everybody who tells Windows can be secure online is right. Can I visit with a well-secured Windows box "security sites" like astalavista.box.sk? I don't know. And luckily enough, this is not my problem. I know I can point my browser everywhere I like to, I can open every single attachment in my mailbox even if it is obvious another friend has got infected and a virus is spreading itself using his/her Windows.
Maybe everybody who tells Windows can be secure online is right. Can I visit with a well-secured Windows box "security sites" like astalavista.box.sk? I don't know. And luckily enough, this is not my problem. I know I can point my browser everywhere I like to, I can open every single attachment in my mailbox even if it is obvious another friend has got infected and a virus is spreading itself using his/her Windows.
Going to that site is asking for trouble. The average user probably won't go to that site, most likely, and if they do they will soon learn how to harden a box. For those who want a challenge, they may not have a problem, but then again, those are most likely not average users.
BTW, I don't typically open attachments unless the sender is trustworthy and only when I KNOW they are sending me something (otherwise I wait until I can contact them, before detaching their attachment).
If you go there, run in very silent mode, and make damned sure you arent using Internet Explorer.
I know people who run proper trojan and hacks from within that domain aimed specifically at dumb windows users who enter it running any Microsoft browser and insecure system. If you want to get into that scene, dont run windows. Linux is where its at. But thats another topic entirely.
Dont go near the box.sk domain unless you are 100% sure of your box, and 100% sure its secure, or its fairly likely the police will come knocking at your door asking why you took part in the DoS of some random person, or your isp will cut you off for hacking.
I think the most important and most-overlooked feature is: have a current backup. Microsoft, for example, ships an automated backup tool with every copy of Windows-XP (Pro, at least). This system can, if properly set up, back up all changed files every day and put them into an NTFS external-drive such that the backups can't be directly touched.
Unfortunately, as you'll see from (highly recommended!) white-hat sites like http://sla.ckers.org and http://www.0x000000.com, "security" is never actually going to be something that can be automated -- not by any anti-virus tool or otherwise. (Those sites will scare the pants off of you.)
But it is still going to be pretty much "a crime of opportunity." If you have your pants (back) on and zipped up, in other words, and you've checked to make sure of that before wandering out into a public place then you are in a vastly better position than most people out there.
The problem here isn't Windows, and the salvation here isn't Linux or OS/X! It's really a matter of how those systems have historically been set-up by default. Until Vista, security on millions of Windows systems was (inexplicably...) turned off. Even today, Windows users react without thinking to any security prompt, and often turn-off security again because that is what seems easier. Programmers don't help things by writing software (on their machines where they are Administrators...) that require Administrator privilege. But all those things can be changed. Security is a process. A computer, like a padlock, is merely a machine.
P.S.: Your "anti-virus" software is a waste of money and time, not to mention a huge vulnerability.
Last edited by sundialsvcs; 01-23-2008 at 08:12 AM.
Wife = XP that's updated with updated Virus application. Has had 4 trojans and viruses in past 3 years.
Me = Linux on a laptop. Running no firewall or virus, etc. Nothing has compromised my machine.
Both are on a home network on a Linksys router with all ports blocked except a few forwarding to a server I have. After the most recent malware crap on her machine this past month, she's finally given me the go ahead to just wipe it and install Linux.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.