LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-10-2015, 08:29 AM   #1
shmu26
LQ Newbie
 
Registered: Aug 2015
Posts: 28

Rep: Reputation: Disabled
should I use security software?


mint rosa x64
no wine etc.
VMs running Windows will have their own AV

should I use security software, and if so, what is recommended?
what about browser security, such as man-in-the browser, sql-injection, etc? Do I have to worry about these things in linux?
I use Lastpass password manager, so I am not so worried about phishing sites, but I am worried about malware in the browser etc.
 
Old 12-10-2015, 09:20 AM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
sql injection into what?
Normal every day computer, normal software, normal 'habits'?
Define "security software".

Typically Linux and A/V is moot.
Are you asking about the Security of Virtualized Instances?
Malware in what browser?

LastPass is fine, I trust and use it.

Firefox
Addblock Plus
NoScript
Lastpass
LM forum has firejail instructions here...

I guess I need some context as well as caffeine, this morming.
 
1 members found this post helpful.
Old 12-10-2015, 10:01 AM   #3
shmu26
LQ Newbie
 
Registered: Aug 2015
Posts: 28

Original Poster
Rep: Reputation: Disabled
I am asking about normal computer use.

I understand from your answer that AV is not necessary on linux, as long as I am not running windows programs. But what happens if I run windows in a VM, in seamless mode? Does Linux then need protection?

I browse mainly with chrome. I guess my main concern is whether the data I input into chrome can be stolen before it enters an encrypted state, in which case I have a security concern.

Maybe there are other security issues that I don't know about, but should? Or is security basically to be taken for granted in a linux environment, as long as I don't install programs from iffy sources?
 
Old 12-10-2015, 10:35 AM   #4
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,824
Blog Entries: 2

Rep: Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299
Exclamation

Like backing up data Ad\Script blockers are a must (for me;) I also like firewalld with firewall-applet and if people have physical access make sure a password is set plus on sleep... unless you pay an admin you are it!

Last edited by jamison20000e; 12-10-2015 at 10:36 AM.
 
Old 12-10-2015, 10:39 AM   #5
shmu26
LQ Newbie
 
Registered: Aug 2015
Posts: 28

Original Poster
Rep: Reputation: Disabled
thanks
 
Old 12-10-2015, 10:43 AM   #6
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,007

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Threat is intent and capability, not OS.

First, you are going to run some Windows instances. Protect them. No matter if they are running on native iron or virtual, they ARE vulnerable!

Second, while there are very few threats that remain valid for Linux compared to Windows, there are some. Do not obsess over it, but take some precautions (selinux, if you can tune it to allow normal operations properly.) I use Rootkithunter and ClamAV, just in case.

Third, attacks that leverage browser behavior and human factors do not depend on the OS involved, nor does the OS protect from them. If you engage in risky normal practices online, expect that you could lose that gamble. Take reasonable precautions. (I use both Chrome and Mozilla browser engines, with settings and plug-ins to enhance security and reduce risk.)

Keep in mind that YOUR choices, not the technology, are what is most likely to put you at risk. Use what software you think appropriate to help you, but the best protection is to make smart choices!
 
2 members found this post helpful.
Old 12-10-2015, 11:18 AM   #7
shmu26
LQ Newbie
 
Registered: Aug 2015
Posts: 28

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by wpeckham View Post
attacks that leverage browser behavior and human factors do not depend on the OS involved, nor does the OS protect from them.
clearly, the OS is not going to prevent you from going on to some dodgy site and giving away your personal information. But I am wondering whether chrome running on linux is vulnerable to attacks that steal your log-in credentials and personal info when you are accessing a legitimate site and filling out fields.
I get the impression that most linux users don't bother with AV, and just rely on the native firewall and wise browsing practices. Is that right?

Last edited by shmu26; 12-10-2015 at 11:19 AM.
 
1 members found this post helpful.
Old 12-10-2015, 11:31 AM   #8
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by shmu26 View Post
I get the impression that most linux users don't bother with AV, and just rely on the native firewall and wise browsing practices.
Guilty. Router, so !"native firewall".
 
Old 12-10-2015, 12:21 PM   #9
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,824
Blog Entries: 2

Rep: Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299
@Habitual:
Quote:
__________________
I will defend your right to make a choice.
But you must defend the choice you made.
nice twist on your signature there.

I've only used VS if had a microcoughed partition or for fixing family's (I don't use windblow$ anymore so) just gave the DVD and most responsibilities to my 11 year old nephew, now he can reinstall it again and again &c... in Linux although dangers are increasing (more likely by companies putting it out) you have a better chance at winning the lorry than any of this: e.g: https://en.wikipedia.org/wiki/Linux_malware ...
 
Old 12-10-2015, 08:00 PM   #10
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 15,318
Blog Entries: 25

Rep: Reputation: 4389Reputation: 4389Reputation: 4389Reputation: 4389Reputation: 4389Reputation: 4389Reputation: 4389Reputation: 4389Reputation: 4389Reputation: 4389Reputation: 4389
If this machine will be public-facing, I recommend installing fail2ban.
 
Old 12-10-2015, 09:49 PM   #11
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 1,636

Rep: Reputation: 277Reputation: 277Reputation: 277
Cool

Quote:
Originally Posted by wpeckham View Post
First, you are going to run some Windows instances. Protect them. No matter if they are running on native iron or virtual, they ARE vulnerable!

Second, while there are very few threats that remain valid for Linux compared to Windows, there are some. Do not obsess over it, but take some precautions (selinux, if you can tune it to allow normal operations properly.) I use Rootkithunter and ClamAV, just in case.

Third, attacks that leverage browser behavior and human factors do not depend on the OS involved, nor does the OS protect from them. If you engage in risky normal practices online, expect that you could lose that gamble. Take reasonable precautions. (I use both Chrome and Mozilla browser engines, with settings and plug-ins to enhance security and reduce risk.)

Keep in mind that YOUR choices, not the technology, are what is most likely to put you at risk. Use what software you think appropriate to help you, but the best protection is to make smart choices!
Nice words..hit on top of the nail.
 
Old 12-12-2015, 05:53 PM   #12
mazinoz
Member
 
Registered: Mar 2003
Location: Mansfield Queensland Australia
Distribution: Linux Mint - Tara
Posts: 497

Rep: Reputation: 35
I'm paranoid due to wireless network hacking. Now use ADSL 99% of time, wireless on tablet very little. Two software firewalls as well as router reconfiguration from what was sent from ISP, which was hopelessly hackable. Set /etc/hosts.deny to ALL. As I said paranoid. rkhunter is a must. You could browse software for your distro to look for more useful programs. And backup, backup,backup.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Homeland Security gets into software security LXer Syndicated Linux News 0 07-24-2014 05:01 PM
What is your security software? Udagama Linux - Security 1 11-11-2011 10:10 AM
security over software piracy??? bmora96 Linux - Security 2 02-27-2008 09:55 AM
software security iam3 Linux - Security 3 11-01-2001 06:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration