Safe sites
 

How do you know if a site is safe to download from ?
Have only been using Mint 11 for 3 days after 7 years with windows and the usual safety nets there were the https headings and firewalls blocking stuff but how do you know something is safe in Linux ?
In short how do you know it's a trusted site ?

HTTPS is nothing to do with your operating system, it is something set up at the server end. Linux has had inbuilt firewalling long before Windows thought it was necessary - look into IPTables, every distro should have it included by default and if you feel you need a gui frontend there are a few around.

Mint is based upon Ubuntu and uses the Ubuntu repositories. With very rare exception, the software in the repositories, especially the standard and default repositories will be safe for download. Each of the developers that contributes to the repositories has agreed to abide by a code of conduct and while it would be possible for one of them to upload malicious code it would be discovered quickly and there would be consequences for their actions. In addition, the software in these repositories has been digitally signed with their GPG key and these keys are part of the package management system. This means that when you download from them, your system is able to verify both that you have received a good download and that you downloaded an authentic copy. When it comes to general web sites, there is no knowing whether it is safe or not. You will have to decide for yourself. However, you should not have to download software from sites like you do in Windows. In windows, there are official sites that want you to pay $$ for every little utility, and usually good $$ at that. This leaves you going to places like CNET downloads and trying your luck with something. With Mint, you should find that > 97% of the time the software you want or need is available from the repositories. In other cases, for example the Amazon MP3 download application for if you buy an MP3 album you will be dealing with a known origin.

To build on what Noway2 and XavierP said:

It is always wise pay attention to security. It takes only one bad guy to run many good days.

Here are some points to think about:

1. Linux is inherently much more secure than Windows, as security was built into it from the ground up. If you do your normal computing as user, and not as root, user does not have access to sensitive areas of the computer, so malware that user might stumble on does not have access either.

2. There is currently no malware targeting Linux in the wild (aside from phishing attempts, which are targeted at the user, not at the computing platform). This could change at any minute, so I run an antivirus, but you will find many Linux users who don't, have never had a problem, and think I'm excessively cautious. You will find other Linux users who run one because they may be relaying possibly-infected mail to and from Windows users or helping maintain Windows computers in a network. (Footnote: That "Mac Defender" thing going around just might, as Macs are based on BSD which is a *nix OS, but it installs through user stupidity, not through stealth.)

3. Most of the malware that is out there right now will not run on Linux; it is Windows-specific. (Just for grins and giggles, I clicked on one of those "scan for viruses now" links and learned, to my surprise, that my Linux box had an infected C:\ drive and that the registry was corrupt. There was even a nice little picture of my non-existent C:\ drive.)

This looks like a good intro to computer security in Linux.

Stick with the official repos and the occasional PPA and you do not have to worry.

Security on Ubuntu : http://www.psychocats.net/ubuntu/security

Security - Community Ubuntu Documentation : https://help.ubuntu.com/community/Security

Securing Debian Manual : http://www.debian.org/doc/manuals/se...-debian-howto/

+1 from me.

Even the most respectable sites can be made to serve malicious content, so there really is no sure-fire way to know a site is "trusted" (I would go as far as to say that there is no such thing as a trusted site). Ideally, you'd want to browse any site while making sure that at least basic protective measures are in effect on your side, in order to reduce your risk of becoming a victim. If you want to reduce your risk by reading some data about a specific site's history/reputation before actually visiting it, there's several online services available for that sort of thing. For example:

http://www.google.com/safebrowsing/d...xquestions.org

http://www.siteadvisor.com/sites/linuxquestions.org

http://www.avgthreatlabs.com/siterep...xquestions.org

Obviously, even if a site checks out, it doesn't mean it's safe to download/install random stuff from it. Stick to digitally-signed packages from your distro's repositories as much as possible (as mentioned by Noway2), and you'll greatly reduce the probabilities of something terrible happening. I'd also caution against letting GNU/Linux's privilege separation provide you with a false (or at least an overly-optimistic) sense of security, given that malicious code doesn't really need to access anything outside your home folder in order to destroy or profoundly affect your life. Practically speaking, if you're using the same account for all your activities (financial, medical, entertainment, work, etc.) then you're putting yourself at a much higher risk than if you would compartmentalize each of those using privilege separation. And, needless to say, privilege separation isn't a silver bullet either. If you're serious about setting up a reasonably secure Web surfing environment, it can take quite a bit of planning and effort. The more time/energy you're willing to invest into this sort of thing, the greater your chances of surviving an attack unscathed.