Not keen on running Windows style anti-virus programs.
I notice that nearly all the anti-virus have to be downloaded & installed from insecure web sites.

I just re-install with a minimum install every 3 to 6 months. With various bootable usb sticks to accomplish that task as well as trying out other distros and OSes. But I mostly live on usb booted OSes. When I travel I use a different usb install. The small drive that comes with the low end computers these days is mostly a minimal distro that barely has networking and a bootloader. Which I boot when I forget, or I need to fsck the previously booted distro, or I need to update the bootloader. The rest of that internal drive I use for swap or for screen capture when write speed matters more than convenience.

About the logs like you said too, I'm just guessing but seems like that would be the case.. http://www.infoworld.com/article/287...youll-get.html There you go he didn't use the word "logs" like I thought, but he said events which I assume is the same thing

I have to disagree since all of Linux's software comes from trusted repositories, and no malware can infect every distribution since their all structured differently. Not to mention that its not really the target of main stream malware...
EDIT: I apologize you said "unprotected Linux system" that idk

You can make a user account for every service that you use.

You can get real time scanners that work under Linux.


I have to beg to differ about trusted repositories when a large number of downloads are distributed through peer networks where it would not be impossible to infect the code.

In any case where the software comes from is irrelevant when the danger is in its use. As I said, the vast majority of malware is passed though browsers and for low level code attacks the OS doesn't matter.

I too would equate "events" with logs.

"and monitor and alert on unexpected member additions" - Know who is on your little slice of the network.
The first rule is "Establish persistence" and frequently new users on questionable systems may have far too many privileges.
So, new "users" is a valid metric IMO.

Good Luck.

1 members found this post helpful.

That's why I only download from mirrors or main. But with reguards to the browser issue i'm wondering if that can be completely negated by using a terminal based browser such as Lynx or Links, since they run without pop-ups, java and flash..

Thanks for the feedback!

I understand Adobe are planning to upgrade flash to the same level as the massively secure Windows version.

That may eliminate some of the sources, but anything returned from the site could be infected.
You (and I) check thoroughly to make sure that programs and so on that we ask for are malware free, but we usually forget that the wrapping (ie screen display code) can also be corrupted with malware that will infect our machines.
That is why a good malware scanner needs to be running to detect any abnormal activity.

I also remove ALL temporary files and clear all browser caches at the end of every session.

Not a programmer so cant comet too much on the screen display code, I knew that you can do buffer overflows (or something) on certain text rendering software that normal browsers use. But since with text based browsers I don't think they use such software (just speculation), so I was hoping that was not possible.. As with malware entering your machine through the cloud, something someone said, and what I thought was very interesting was to use Clamav as a reverse proxy..

You don't even need screen disply code.
Even with a text based internet access there are codes that you can embed in text strings that hide the text. So you could get a text reply from a site that perhaps took just a little longer than you expected - just seconds-. You see a reasonable reply, but don't realise that at the end or even in the middle there is malware code that has been received but not displayed.

I never store any of my data on "the cloud" if I can at all avoid it. Any data not under your direct control is vulnerable no matter how much other people say.
Banks' safe boxes get robbed and they are supposedly experienced in securing stuff. How often do you hear that some online company's security has been breached.

that is mostly BS ( south end of a north facing cow )

you would need to change the signature keys for the repos

yes it "can" be done( theoretically) but not easily


"dave@burn-it.co.uk"
i hope you have GREAT spam filters on that email address
this forum is crawled by bots all the time

I suppose you could find said code like that using inspect element, or prevent it using a script block software.. But I agree software should have the five freedoms, or only use such software in a VM so only virtual freedoms can be harmed lol.