Viruses & ipchains/tables.....?
 

Ok,

I have a real N00BIE question: As I understand it, Linux is almost bullet-proof, virus-wise. If this is TRUE, then why are there ipchains and iptables to keep the non-existant viruses out?

Respectfully submitted,

"Buck"

Hello,

Iptables/netfilter is used as a firewall to harden security on connections to your machine. It is not designed to "keep viruses out." The best way to keep viruses out of any system is to keep up to date on software updates, and close down any services that are not needed.

Cheers,

Josh

Buck,

Welcome to LQ

I am not professing to have a full understanding of the situation, but the reason that GNU/Linux systems are generally considered to be secure is because of its security features like iptables, and the ones that are listed here:

The system requires administrator rights before installing or running executable files.

The .exe file extension is meaningless as Linux systems use other methods to determine what the file does and does not use such extensions.

Most viruses/malware are written for Windows

First point: even on the windows platform, where viruses are certainly a problem, they are not, by percentage, the main problem. many people have started using the word 'virus' as a synonym for 'malware', which it certainly isn't, and then when they ask questions about 'viruses' get an answer which only leads them up the wrong path, because the answer excludes the majority of malware, as it only concerns viruses.


So, this really is an illogical jump. Effectively, the path that you are going down is:
I have ignored 85++% of malware and exploit attempts and the percentage that I am considering hardly exists (on this platform, today, yada, yada..) so why is there a mechanism, which is actually designed to do something completely unrelated?


This seems to make little sense; If you want to know about Iptables, the question that you should be asking is whether there is a class of problems which it is designed to protect (answer: yes) and whether it protects against those problems (answer: possibly - depends on configuration, and a number of other factors).

You should remember that it is axiomatic that good security comes in layers, and is not 'brittle'. Normally, a firewalling system (a pure firewalling system, not a hybrid one one that has other functions, such as malware detection built-in, necessarily) is one of those layers. Whether this is of any real relevance to your current situation, I can't say.

In a sense (if the bit about definitions of viruses or malware can be ignored), you are asking a similar question to "If you go into a battle with the best guns, why would need bulletproof jackets...you've got the best guns, so, in a firefight, you should always hit the bad guys first..". That is only an analogy, and I don't want to overstretch it, but, if it was me, I'd want anything that could improve my chances on my side, rather than saying that I have superiority in one area, so I am not even going to bother about anything else.

Viruses are programs. iptables moderates network traffic. Both are security-related concepts, but have very little else in common.
iptables is a tool to manage flow of network traffic in/out/through network hosts. It is used to build routers and firewalls that can serve many purposes, including, but by no means limited to stopping intrusive or exploitive traffic. iptables in no way prevents execution of malware or other damaging programs, although it may serve to limit specific network traffic generated by such programs. It is highly unlikely that iptables could be effectively used to filter the transfer of virus/malware programs across the network.

--- rod.

Ok, now I'm 'cornfused', LOL!
 

Ok,

I kinda understand what ALL of you are talking about. Ipchains are for routing and somehat for security.

I know I'll never, ever have a computer, no matter what O/S I use that is 100% bullet-proof against malware, computer take-over, and hard drive destroying software. However, I would like one as near 100% as possible. :D

Has anyone ever written a book about what's inside Linux? You know, what program does what and why? I'd buy it for sure.

Recently, my computer got hacked, even though I had TWO of the latest, up-to-date software packages for WINDOW$. It stole my address book and is now sending all kinds of malware to my friends, in MY name! I've run them both three times since and they are not finding this 'virus'. This 'thing' has even sent ME mail under my screen name. But, so far it's only in AOL. AOL has McAfee. Now it wants me to delete all my AV software in order to get theirs. This seems stupid as I've used Spybot and AVG and I know they are not malware, LOL! Since I'm a long-time customer of AOL (I rarely use it anymore, I'm on GOOGLE) the protection is supposed to be FREE, but McAfee is telling me it's a 30-day 'trial', then I must BUY it. Well, I got out of there =fast, LOL!

The computer I want to put this on will be a desktop, blank O/S and a large hard drive. I'll keep sensitive data on it as well as the 'fun' stuff (Ham radio). I will have a wireless router in front of it and a Comcast High-speed DSL/'Phone/TV box in front of that.

My wife's Sony Viao laptop connects to the Cisco wireless router now. She runs Micro$haft's AV and updates it when the computer tells her, LOL! She goes to all kinds of "Free" game sites and has never gotten a "bug".

What I'd LIKE to do is have my ham stuff, my reseach material, my music (paid for) and some 'natural' pictures, scenes of woods, pastures, waterfalls, rock outcrops, mountains, valleys, and no trace of man (no telephone poles, fence post, cell towers, (old barns & old houses are OK) and animals, deer, moose, buffalo, birds of all kinds and dogs ;) I DON'T want anyone, of anything getting into my computer that I don't want and stealing or scrambling the programs.

I'm 65 and if I was smart enough to write software, I'd design a new operating system that was bullet-proof, but that's impossible. Even the "computer" on Star Trek got compromised a time or two, LOL!

GOD BLESS,
Warmest Regard,

BuckKA5LQJ

No such book is likely to ever be written, and if it was, it would be quickly out of date.

In Linux, you rarely encounter viruses for various reasons. The greatest likelihood of malicious mishap in Linux is to have someone gain unauthorized access via the network. Firewalls combat this quite well, if properly set up and used. A Linux host can be used to perform firewalling for an entire LAN, and works well for such a purpose. There are packages available that configure a Linux host for this, and I've used one on a couple of home networks for many years. You don't need more than an old pentium class machine that people throw/give away routinely. With your LAN behind such a firewall, you can be confident that intrusion from the net will be as secure as practical. Further hardening can be implemented as necessary, but for a home LAN, that is usually not needed. The use of good passwords and judicious use of privileged accounts (root) is vital to security. Fully protecting a wireless LAN is almost impossible.
No firewall will protect Windows PCs against trojan horses and other stuff that comes in piggy-backed on legitimate traffic such as e-mail or the web. For that, the best protection is education.

--- rod.

Thanks All ;-)

I've got it now. I'm going to TRY an get Ubuntu on a memory stick
and try it. I'll download other distrobutions as well and TRY each
one. The repository is FREE, so the only expense I'll incur is the memory stick. I think an 8 gig should be big enough to put a version on, ;-)

I really appreciate your understanding and help. I have none in Shreveport, LA., so I have to go to a good source and this is it.
I hope someday I can repay each of your kindnesses.

I'll have to look for a book at the library, to see if it has any
'tips' as well as asking here. But, I'll just RTFM, LOL!

Respectfully submitted,
Warmest Regard,
Buck/KA5LQJ