|
Do I need a firewall and virus protection for Ubuntu?
I am really new to Ubuntu and wonder if it needs protection like XP does? In XP I have Kaspersky Internet Security, is there an equivalent in the world of Ubuntu?
|
you shouldn't need either firewall or antivirus in Ubuntu, but if unsure I think Ubuntu has a firewall app called "ufw", look in synaptic...
|
Synaptic?
Thanks but I am REALLY new!! What is synaptic?:o
|
Quote:
i think you may open it from the panel>system>administration. then you`ll have to enter your root password (in debian, in ubuntu it might be your users password). just have a look at it, it might take a bit to get used to it, but its quite simple/self-explaining. i haven`t got a firewall and no antivirus. seems to work fine. (i think one graphical firewall is called watchdog or guarddog, just enter firewall in the synaptic-search entry and you should find some) greetings |
Quote:
Then, within synaptic, select "Reload..." on the far left. The two programs I use are: Firestarter which is a firewall clamav which is anti virus. Also, selecting within synaptic "Mark all upgrades..." will get you the latest security fixes. |
Ubuntu needs a firewall, if only to keep intruders from trying to hack you. Though it has less exploits, there are still some that crop up now and then.
ufw should handle your firewall problems out of the box. It is set up to block all connections from the outside and allow all connections from the inside by default. If you want something different and configurable, install firestarter, it is easy and intuitive. As for anti virus, Linux doesn't get viruses :-P It's far too secure by default. But Linux gets "rootkits". If you were to download some dodgy piece of software off a dodgy site you might get one but now software is located in your repositories which are automatically checked, that's what Add/Remove and Synaptic are for, so you shouldn't need to download stuff off other places. There are rootkit checkers around but are quite difficult to use, but a firewall should be just fine if you just install out of the repositories. If you are sharing your connection with a computer with a proprietary system (ie windows or osx) then you might want to have an antivirus to stop the viruses getting them. Hope that helps Cheers Dan |
Quote:
Quote:
The more popular linux will get, the more the chance viruses will apear. It is recommended and common sense to use a firewall, rootkit checkers, and a virusscanner, and to secure your system by disabling unneeded services. |
For clamav also install clamtk it's a graphical frontend for clamav.
|
Ideally, programmers who write malicious software aim to have the biggest target audience possible. This is why most viruses are written for windows - simply because more people use it than any other single operating system in the world. There are viruses for linux (just like windows and macintosh) but there are generally much fewer than other distributions. The viruses are said to be more challenging to get because they usually cannot download and install themselves the same way they can in windows, so they must use other strategies.
I actually don't use any firewall software. When I forward ports through my router, I only enable two or three ports to be open. Also, my router (like most routers) will not respond to a WAN ping. This combined with the fact that the su program purposely takes several seconds to reject a password makes my security relatively stable. I have never used any kind of rootkit checkers/virusscanners to remove malware (although I have used them to check for it) and I have never been affected by any kind of malicious software. One of my current machines have been running the same version of Ubuntu for three years. I hope my personal experiences help you in your decisions. |
Quote:
|
This is a great tutorial on Ubuntu for new users. It is written by asiyu, one of the Moderators on the Ubuntu forums.
Here is a discussion on security to get you started... http://psychocats.net/ubuntu/security |
its from the link added by OrangeCrate, but i`ve read the same in different essays.
Quote:
thanks in advance |
The need for a firewall and virus protection has been, and continues to be, a hotly discussed topic in forums. There are strong opinions both ways. Here's another highly regarded source of information on Ubuntu security, that can help a person to make an informed decision:
http://ubuntuforums.org/showthread.php?t=510812 (I personally don't make a recommendation to users either way. It's totally up to them, what they want to do...) |
yep, but on what i do i think:
as long as i don`t know how a firewall works/what to do it doesn`t make it better if i tweak around with it. i ran bout a year without antivirus, then installed one: no viruses found; and i removed it again (as "each addtitional software is a security risk, especially one which is allowed to scan the complete fs"). thanks for the following link and greetings |
Basically, most firewalls eg iptables settings focus on incoming connections.
If you know all the services you've got listening and you don't mind/care who connects or how often etc, then you don't need a firewall. If you do care who connects, you can use a firewall and /etc/hosts.allow, /etc/hosts.deny to limit that. You can also use fail2ban to limit how often. It can also act as a failsafe to protect you if you accidentally start a new service listening. Nobody will be allowed to connect if you have a tight firewall, until you open that port. Similarly for outbound connections and relaying (port fwding). |
Quote:
and how might i figure out which services i got listening? (as i understood per default there are none, well: ports). i did an online scan: as i recall it gave me n/a. |
You should take a look at a number of sites before doing anything. Find out what fits YOUR situation. ubuntuforums.org, ubuntuguide.org and ubuntugeek.com are good sources of information besides the wonderful fount of knowledge that you tap into here.
My opinion is that you really don't need to worry too much. Don't be pushing buttons to download crap from places you don't know. Stick to the repositories. If you are on 8.10 (Intrepid) or 9.04 (Jaunty) you have clamav installed along with clamav-liveclam which keeps it up to date. This kind of thing has been recommended for a long time and it is mainly to make certain that you don't transfer a virus (through e-mail) to some one using Outlook without a condom. I don't care if they get a virus or not. If they do it is because the origanal senders ISP missed it, my ISP missed it when delivering it to me, my ISP missed it when I sent it, the victums ISP missed it when they delivered it. Other security threats are more likely in Linux but you have time to figure out which ones YOU need to worry about. Welcome to Gnu/Linux and Ubuntu where you have choice. Unfortunately you need to do some thinking too but I am getting old. It is good for me. |
Another thing to watch out for is a lot of online scans are scams to get you to buy some crap that doesn't work anyway. Make sure you know the real skinny on the buggers before you use them. Windows makes a lot of crooks a lot of money.
|
I think that what Linus72 meant by "you don't need a firewall" is that Ubuntu has a firewall already. You don't need to get one. The Linux firewall is the netfilter which is a part of the kernel. There are wrapper programs that use the iptables command to add rules to the kernels firewall.
A type of malware you need to defend against is lkm root kits. You can run rkhunter and chkrootkit to detect them. Look in your packaged manager for a virus scanner like clam AV. It can protect you from having a windows virus in a samba share. It may also do things like check email or web server configurations for problems. You system may perform security checks nightly and make a report. If you forward the messages for root to your account you can read them with your normal email. The term `virus' IMHO is passée. While in linux it is more difficult to become infected, to gain root access, and to spread, there are no guarantees. If you have an SSH service running with a week password, root logins and use password authentication, you may find yourself being owned. If you run a web server and misconfigure it or the web pages are susceptible to attack (e.g. not parametrizing MySQL), you may find you have been hacked. If you don't apply security updates, or are running a very old distro like RH 9, you could be in trouble as well. |
Quote:
Was curious were I could get more info about some warnings. Most were understandable, but 2 jumped out: [11:00:31] Checking /dev for suspicious file types [ Warning ] [11:00:31] Warning: Suspicious file types found in /dev: [11:00:31] /dev/shm/pulse-shm-1148848734: data [11:00:31] /dev/shm/pulse-shm-3757811042: data Should I start a thread in another forum, or are these false detects? |
Well /dev/shm = shared-mem and pulse is an audio tool on Linux. Those are probably not an issue, but you can always check the src code for pulse if you really care I think?
I'd start with google before posting a qn though. |
I have the same files:
Code:
ls -l /dev/shm |
Quote:
The poster after you gave me the answer. Thanks for the help. |
Quote:
Thanks. |
Use only apps from Ubuntu repos. Do not brainlessly click on shit that comes up on your browser. Linux will never be a good target because of file permissions. This is why Macs have less than there share of virus' in comparision to their market share. They are unix based too.
this does not mean that you should ignore the possibility of a threat. this just means that you have the oppertunity to do some searches of Ubuntu threat levels and decide what is best for YOUR situation. This is linux. It is your call. |
Quote:
|
linux security
You could take the opinion that that is something that (again) Windows gets or protect yourself.Even a raid array will transfer a virus stroke intruder will transfer its self so a firewall is essential. Antivirus is good especially if you swap stuff with friends who use Windows.
Fred. |
Quote:
And really, firewall is a must have application. |
This is probably not a good thing to say but it is true.
I do take security seriously, I am careful, there is a firewall, clam is kept up to date. None of this is done to protect Win Jerry lewis Pro users from virus infestation. They chose to use that OS. It is not my responsibility to protect them from their OS. Frankly I don't care if they all crash and burn. Now you are free to flame the tarnation out of me. |
I agree virus scan you don't need but it is a bonus. There is still a possibility you might be the 1 lucky man to get a virus =).
|
+1
I ran MS starting with MSdos (with DosShell -woo hoo). Ran 98 for 10 years until we bought the new box (with Vista - Thank you MS for getting me on Linux). Never had a virus and only one piece of malware (deep mining for info deal) that only lasted 15 minutes. I am not real worried about getting crap on my Ubuntu OS because we use the same habits that we did with 98. I think if that security hole was as safe as it was, Ubuntu is pretty much solid. People get malware on Win from being stupid (mainly). The biggest threat to your security is the person on the keyboard. |
Quote:
|
| All times are GMT -5. The time now is 02:26 PM. |