Security in Linux, and questions about a few programs
 

Hello, one of the Linux nubies here. I have an important question, do I need any type of security software in Linux, like antivirus software, or firewall? But I've heard that you don't get much viruses and exploits in Linux (but quite a few.) Also, could you recommend some programs to me? I'm using Ubuntu as well. 9.4(need to install the latest one.) I've heard that Pulse audio can cause problems too, so removed that too because it kept messing with my sound, and it made certain things lag and I use alsa now. What about programs for listening to music what mediaplayer applications work with Alsa?

Mr. Geek, no matter what anyone tells you, you really don't need (nor does there really exist) anti-virus software on your home computer. People will chat some shit about ClamAV, but that is used to monitor Windows binaries passing through Linux/UNIX mail servers. A firewall is not a bad idea, but honestly, is probably still unnecessary unless you're running a (not unimportant) server. The Ubuntu folks have things to say on the topic: https://help.ubuntu.com/8.04/serverg.../firewall.html

Most everything works with the ALSA. I personally like Rhythmbox for music because its simple, clean, and (comparatively) stable. VLC seems to be the best choice for playing videos, I think. I'm sure others posting will have lots to say on these topics, though! Incidentally -- I haven't had any trouble with Pulse, but I didn't with Alsa, either. Some kid was telling my Pulse was "so cool" about a year ago, but I can't remember the arguments supporting his thesis. I just like to listen to my music albums, ho hum.

OK, just read about the firewall, no security stuff to worry about in Linux. One more question,(maybe I should of created another thread for this), does anyone know how to update firefox, via the add/remove package manager or what ever its called, or through the Command line? Love Linux :)

Well, I suppose you want Firefox 3.5.5 or something? Probably the best thing to do (kill two birds with one stone) is to update to 9.10 (Karmic.) http://www.ubuntu.com/getubuntu/upgrading

That's not true.A Linux machine can be compromised as well.
There have been virus's for Linux found in the past although nothing like the problems Windows has.
Rootkits can also pose a problem for a Linux machine,i'd suggest something like rkhunter to check for this.

I'd also strongly recommend the use of a firewall be it a software/iptables solution or a hardware solution like a router or dedicated firewall box.

To sum up here's a few ideas for keeping your machine safe:

1,Use a firewall.

2,Do regular security updates for your machine.

3,Check for rootkits.

4,Install software from a known repository using your distro's package manager.
Rather than installing an unknown .deb or rpm file downloaded from the internet.

5,Be careful which websites you visit,as some websites can have malicious content.
If you use Firefox the no-script plugin is a good idea as it stops javscript and flash running unless you explicitly allow it.

Hope this helps.

Well, you've got a firewall. You probably don't have it configured, but you do have it.

Antivirus software is probably not necessary, but you might download other software for non-*nix boxes from dubious sites, and in that case, it would be a very good idea.

As you don't download software from dubious sites for your Linux box (except for very strange circumstances), this is less of a problem.

(Sorry, for some reason, hadn't seen the last couple of posts when I posted.)

Easiest: Synaptic, get it to update. At some point, the repositories for older versions are cut off (first they get no new updates, then they get cut off totally) and then you really have few good options except to update to a newer version of the OS.

I agree with the others in that you don't need antivirus, but you do need the other stuff (firewall, etc.).

Regarding Pulse Audio, I am another person who cannot recall having problems with it. It may affect certain machines or hardware types more than others. In any case, both seem fine and if either gives you better performance, then go with what works.

Securing Debian Manual - http://www.debian.org/doc/manuals/se.../index.en.html

As for mediaplayers there are tons use what works for you.

Upgrading to Ubuntu 9.10 | Ubuntu - http://www.ubuntu.com/getubuntu/upgrading
FirefoxNewVersion - Community Ubuntu Documentation - https://help.ubuntu.com/community/FirefoxNewVersion

One of the nice things about Ubuntu is the amount of documentation available.

As you are using Ubuntu, if you only add software from its default repository, you don't need to worry about the virus. After all, there are much less virus targeting Linux. As for the firewall, it comes with the distro, you just need to configure it. Firestarter is a good simple tool to start with. It should suffice for a desktop.

Good to know that you are firm in your convictions. However that doesn't really make them true. You should really bit a bit humbler, maybe when people say something it is for a reason. :)

About the "need": whether you need or don't need AV software entirely depends on your concrete situation. If you are going to use Linux exclusively, then viruses are not usually a big issue. Still they exist, so if you need extreme security you need AV software. If you share files with windows then you need it. If you have an IMAP server that you access from Window then you need it. Your clients, for sure, will not be grateful to receive a mail from you with a gift inside, that could ruin your business, so it's far from a marginal issue nowadays. There are lots of situations where having an AV is a good thing, you can't just make a categorical affirmation like that.

About your affirmation that AV software doesn't exist for Linux, well, it is 100% wrong. You even contradict yourself by mentioning ClamAV, so... does it exist or does it not? uh? There are more AV software in linux, though I'd say that ClamAV is the de-facto standard because it integrates much better with most e-mail clients and the rest of the linux userland tools. But there are some more, like kaspersky, panda or avast.

However, in Linux I would be more concerned about rootkits. For these, you can use chkrootkit and rkhunter. These are very real, and they are not as rare as viruses.

An iptables firewall is always a good thing to have. Maybe you don't know, but lots of things can open ports at an arbitrary time, and you can't be ever sure. The fact that you don't want to run a server doesn't always mean that it's not going to be running at a given time. A server can be anything, from gkrellm, neverwinter nights or mldonkey to apache or dovecot, and not just big monsters like apache. You should also check your ssh settings if you use ssh, disallow remote root logins, and use something like fail2ban. There's plenty of info to consider if you want to harden your machine. Security comes in layers, discarding one of them just because it's the less likely to be broken is to say the least a negligence.

About multimedia, I really haven't ever had an use for pulseaudio, and 99.9% of all the software in linux will work with alsa without a problem, as long as alsa works ok for your card, which is not always true, alsa is big, is a bit buggy for some drivers and it's far from perfect. I've been hit by it quite a few times as well.

Ubuntu is not the most secure Linux version, but for normal users, thats fine. Ubuntu come with a Firewall so you don't need to add a new one. It is called iptable and it is quite complete for normal users. The interface is command line only, but some graphical (GUI) frontend are available.

To enforce better security, re-enable SELinux, the security framework developed by the NSA (CIA). With that MAC framework enabled, it should be too hard to get in without extremely good reason and months of work. Normal exploits will just fail and hits a wall when trying to achieve privilege escalation (gaining control over other part of your system than your home folder). If you really need it, you can play with that and set it to "enforcing" instead of permissive.

Having an anti virus software like Norten, Avast, Nod32 (or the open source claimAV) or any windows andti virus offering a Linux version will only help if you get infected files and send them back to a windows computer. Those virus will not work in Linux, except if you install the windows compatibility layer (wine) and execute them manually. Even there, your system will not be compromised, just your home folder.

As a practical matter, Clamav is about securing downstream Windows users. If there were actually viable Linux viruses/malware we'd be hearing about them from non-AV users. Since we don't actually hear about them, nor experience them ourselves, the obvious conclusion must be made: it's not a problem.

IMO, the biggest thing a home user can do is to make sure he has a firewall installed - preferably a hardware one - and using a secure password on it. By preference, I'd use a provider that provides a firewall with the installation. And by "home user" I mean a user who is not hosting a website and does not have any ports open for internet ingress; such as ssh, remote console software, file sharing, etc. After a firewall, then installing and using chkrootkit and rkhunter obviously follow.

Umm...as far as i've heard none being used in the wild(wtf do they mean by wild idk, bambii isn't hacking ur home comp i guess). Virus writers write code that will damage and spread to the largest amount of computers, thus Linux is out of the loop and windows is in. As said in way too many words, iptables is a built in firewall and there are SOME anti virus software's that as said check for windows binaries usually. And yes Linux ISN"T entirely safe, as long as the user isn't half stupid and running an un-necessary service, and keeps the software updated with latest security updates, its fine. Its the people that are still running 5 year old browser software or use unnecessary services with weak authentication in place that usually run into trouble.

One thing to consider in this debate is why your distro didn't come with clamav enabled. There are a number of choices. I may have missed a few, as well.

1: The distro provider is part of the scheme to get malware on your computer.

2: The distro provider is ignorant of how big a problem this is.

3: The distro provider is just too stupid to understand that AVs are desperately needed on Linux.

4: It's not a problem, and if it ever does become a problem the distro will add clamav (or whatever) to the default install.

The main distros didn't get to the top of the heap by being negligent WRT malware.

Remember, the iphone ssh hack didn't happen because there is a credible threat to its software. It happened because the jail breakers didn't bother changing the default ssh password. Granted, that's not Linux, but the same idea applies. Access (i.e. firewalls to keep out "rooters") and passwords remain the threat for home Linux users.

Here's some interesting reading:

http://en.wikipedia.org/wiki/Linux_Viruses