Linux Users?: Do you run with a AntiVirus or Firewall?
- Thread starter IamDavid
- Start date
I run a hardware firewall (router) and there's really no need for an anti-virus... If I was the slightest worried I would probably setup AppArmor on my Suse, but its really overkill and an antivirus is generally not necessary..
In fact, I didn't even use an antivirus on my Windows box. Never needed it. I've stopped using Windows since about the previous January or December, but when I used it I was virus free for over 2 years. You just have to watch what you run..
In fact, I didn't even use an antivirus on my Windows box. Never needed it. I've stopped using Windows since about the previous January or December, but when I used it I was virus free for over 2 years. You just have to watch what you run..
That's just it. I'm not "careful". At all.
I don't go out looking for viruses or anything but I do go places I shouldn't.Here, check out this article. I think it does a pretty good job of explaining how difficult it is to get a virus in linux. You'd pretty much have to set the permissions to make the file executable itself and run the file (which you rarely have to do depending on the distribution) and even then the whole box won't become unusable, just anything writeable with the current account if you purposely execute 1 out of like 40 linux viruses which none are wide-spread.
Or you have a file being opened by a program exploiting something in the program causing some sort of damage. But with linux distribution maintainers like Novell, Red Hat, and Canocial (makers of Ubuntu) who try to cater to corporate users tend to have security on one of their highest priorities on top of developers easily knowing what to fix since any programmer can tell them what can cause an exploit in the code since its most likely open-source. So if an exploit is found, it usually doesn't take long at all to patch (depending on the package, of course).
Now what's the probability of a linux user getting a virus? I dunno, haven't seen a post from a linux user yet saying he/she has been infected by a linux virus. Haven't heard of anything like this even from Linspire users (who have root used by default instead of a limited account, which they might've changed by now). I'd be more worried about certain programs getting exploited like Firefox rather than getting a virus. Maybe others can weigh in their opinion on this matter.
The best antivirus, imho, is knowledge. I would say grab a firewall (a router will do) and you're set in linux. But if you're still worried, there's always AppArmor.
Or you have a file being opened by a program exploiting something in the program causing some sort of damage. But with linux distribution maintainers like Novell, Red Hat, and Canocial (makers of Ubuntu) who try to cater to corporate users tend to have security on one of their highest priorities on top of developers easily knowing what to fix since any programmer can tell them what can cause an exploit in the code since its most likely open-source. So if an exploit is found, it usually doesn't take long at all to patch (depending on the package, of course).
Now what's the probability of a linux user getting a virus? I dunno, haven't seen a post from a linux user yet saying he/she has been infected by a linux virus. Haven't heard of anything like this even from Linspire users (who have root used by default instead of a limited account, which they might've changed by now). I'd be more worried about certain programs getting exploited like Firefox rather than getting a virus. Maybe others can weigh in their opinion on this matter.
The best antivirus, imho, is knowledge. I would say grab a firewall (a router will do) and you're set in linux. But if you're still worried, there's always AppArmor.
Turn off services you don't use. Keep your software up-to-date so that vulnerabilities are patched. Don't use usernames and passwords that are vulnerable to dictionary attacks. Don't use network services over the Internet that are not encrypted, and all other things equal, try not to use them internally either. Don't give execute privileges to files that don't need them or are suspicious. Backup your data, because your system installation is protected by privilege and is largely disposable, but your data is neither. And so on.
I don't use a firewall on my home computers since I have a IPCop router (a old Dell desktop stuffed full of 3com nic cards).
For my laptop, which I use on bunches of different unsecured networks I didn't use anything either until very recently.
The thing is, is that if your not running any open ports then what is the point of a firewall? Thats the reality of the situation. If you have nothing that can be accessed from any network then a firewall can actually LOWER your security.
But you need to have a firewall to help setup things like VPNs and such without pulling your hair out.
I've been looking at 'Firestarter' which is a GTK configuration and management utility for creating a firewall in Linux. With linux you have iptables which is what is used in all firewalls. Any 'firewall' thing you see is realy just a tool to manage iptables and maybe some other stuff (like Zebra for setting up routing protocols) if it's realy fancy.
Firestarter has inbound and outbound features. Can do either whitelist or blacklist applications. Has a notification applet for your desktop and makes it easy to share a external network interface between computers on a private network interface via NAT rules. And some other stuff. It makes a nice easy to use firewall for a desktop.
For anti-virus ClamAV is effective. It's Free software and has had very high detection rates (read: better then) in comparision with commercial stuff. You don't need it for Linux, but it's usefull if you get and send mail to and from Windows boxes. You don't want to get a virus in some attatchment and then forward it to your mom, even if it doesn't effect you. Also it's usefull for file shares were you have Windows clients transfering files.
For my laptop, which I use on bunches of different unsecured networks I didn't use anything either until very recently.
The thing is, is that if your not running any open ports then what is the point of a firewall? Thats the reality of the situation. If you have nothing that can be accessed from any network then a firewall can actually LOWER your security.
But you need to have a firewall to help setup things like VPNs and such without pulling your hair out.
I've been looking at 'Firestarter' which is a GTK configuration and management utility for creating a firewall in Linux. With linux you have iptables which is what is used in all firewalls. Any 'firewall' thing you see is realy just a tool to manage iptables and maybe some other stuff (like Zebra for setting up routing protocols) if it's realy fancy.
Firestarter has inbound and outbound features. Can do either whitelist or blacklist applications. Has a notification applet for your desktop and makes it easy to share a external network interface between computers on a private network interface via NAT rules. And some other stuff. It makes a nice easy to use firewall for a desktop.
For anti-virus ClamAV is effective. It's Free software and has had very high detection rates (read: better then) in comparision with commercial stuff. You don't need it for Linux, but it's usefull if you get and send mail to and from Windows boxes. You don't want to get a virus in some attatchment and then forward it to your mom, even if it doesn't effect you. Also it's usefull for file shares were you have Windows clients transfering files.
sourceninja
Diamond Member
- Mar 8, 2005
- 8,805
- 65
- 91
I use a firewall router. So I dont run a firewall on my box. I dont use antivirus as the only programs I'm installing come from my distrbution. I trust the source, no need to check it for viruses. My biggest concern for security is firefox. But the worst they can do with that is compromise my home directory.
I don't know about you, but my home directory is were I keep all my stuff. If the operating system gets fragged, but my home directory survives unmolested I would be a very happy person. The rest of the operating system doesn't matter, it's all easily replacable. My personal stuff isn't.
Now if I had bunches of users on my system then I would be cared much more about the rest of the system. The security of the rest of the operating system is what protects me from them!
It all depends on the environment.. single user system vs multiuser system vs server. Right now the security of firefox is all I got. (well epiphany actually)
Now if I had bunches of users on my system then I would be cared much more about the rest of the system. The security of the rest of the operating system is what protects me from them!
It all depends on the environment.. single user system vs multiuser system vs server. Right now the security of firefox is all I got. (well epiphany actually)
sourceninja
Diamond Member
- Mar 8, 2005
- 8,805
- 65
- 91
Thats what backups are for. At most I will loose 24 hours of data. I have a backup job that backups my /home directory to a archive drive on my file server. That machine can't get on the internet (blocked by router) so I'm not too worried.
Just think about it this way: if there isn't a single Mac virus on the web, why would there be a virus aiming at a single linux distro?
There have been Linux and Mac viruses discovered in the wild in the past.
Back in the day with Redhat 7.0 series operating systems.. These things were probably the worst Linux operating system releases ever.
In a effort to attract Windows sys-admins they configured it similar to windows servers.. Everything installed. Everything on by default. They shipped with a development version of GCC and a whole host of other problems. They didn't have a proper way to automate installing updates. It was a utter disaster in terms of security.
That is when you saw the worms in the wild. Also you saw a couple viruses being discovered.
However Redhat cleaned up it's act with later 7 releases and eventually 8 was good enough. As far as other distros went they did a better job and that sort of thing hasn't happenned since. Now Redhat is all about security.. Doing selinux, getting stack-smash protections into GCC, automated testing and such.
It goes to show you that popularity doesn't matter so much as people think. Linux is much much better target now. It's much more popular and used in much more important places then back when Redhat 7 was released, but we haven't had any problems like that.
Except for PHP worms attacking buggy php web applications and bugs in the php scripting language. But that's more of a php, administration, and web app problem then Linux or operating system problem as it affected Windows servers also.
I don't even run antivirus on Windows, let alone Linux. NAT router and secure browser (Firefox, Opera) and you're all set for Linux (as long as you don't run as root). A secure e-mail client will help too. I prefer to backup my documents than to have a false sense of security with a security suite and not to mention the added latency. I rarely run any daemons.
:thumbsup:
:thumbsup:
It showed one reason why there aren't viruses for linux as you would have them in windows.
Not sure what you mean or what this has to do with what we're talking about, but are you trying to tell me that linux-based distros tend to have the password readable or that you can't find the windows password locally?
Because if you're trying to say that a normal user in linux can read the encrypted password data then you've obviously never heard of shadow passwords.. Pretty much every modern linux distro uses them..
And btw, windows stores their passwords at windows/system32/config (which you can't access while running windows) and keeps a backup that anyone can copy and paste from while running windows at wndows/repair.
Btw2, my operating system Suse gave me the option during the install to allow me to encrypt my partitions with gnupg so I can't just mount the filesystem in another os without knowing the password. On the other hand, Windows didn't let me do that during the install.
With the previous Ubuntu release the devs modified some debian installer stuff. What happens during install is that the system saved your configuration choices to temporary files, including your root password. After the install finished the installer neglected to delete some of those files and thus one of them contained the root password in a plain text, world readable file.
To fix it you had to change your password. It was a issue purely at install time otherwise passwords are stored in a salted encrypted state in your /etc/shadow file. Of course once it was known this happenned the problem was fixed within a few hours as the mirrors became updated with the new install images.
But it still happenned. Yeah for quality control!
Originally posted by: kamper
Mind posting your ruleset? It'd be interesting to take a peek at.Originally posted by: n0cmonkey
systrace helps clean up that firefox stuff.
I haven't used it in a while. I'm prepping myself for it though, so if/when I get around to it I'll let you know.
Ah I see. Apparently I think its this article? I personally can't speak on behalf of Canocial. They are new players to the linux world and seem to be mainly attractive to desktop users. I mainly focus on Novell and Suse linux and other proven names like Red Hat. But luckily it was patched the same day it was discovered and it involves an older release. Its a pretty big blunder, but at least it was very quickly patched and can't be found on their current 6.04 release. Normally patches are quicker on linux-based operating systems from what I've seen and aren't left unpatched for about half a year.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter