Please note that LinuxExchange will be shutting down on December 31st, 2016. Visit this thread for additional information and to provide feedback.

I've just started using Linux a couple of days ago when my windowsXP restore disk for my laptop wouldn't work, so I decided to try Ubuntu instead. So far I'm really enjoying using it. I liked it so much that this morning I created a 2nd partition on my desktop PC and installed Ubuntu to that as well.

I would like to ask about firewalls, anti-virus and spyware. Well basically do I need a firewall and anti-virus and what sort of risk is spyware to Linux systems?

asked 12 Apr '10, 18:30

peteuplink's gravatar image

peteuplink
31112
accept rate: 0%

edited 13 Apr '10, 22:13

Web31337's gravatar image

Web31337
317111

Please accept an answer, or provide more details so we can help.

(14 Jun '11, 11:37) rfelsburg ♦



12next »

A few points of clarification... Linux has had a few proof-of-concept malware and viruses in the past - only real problem is if you run your system as the ROOT user. Your own user account could get mangled, but that wouldn't affect the rest of the system (unlike Windows.) If your Linux (Ubuntu) box will be processing email (or as a SAMBA file server) for Windows users, then you might want to have anti-virus software (ClamAV is one option) running to scan Windows files BEFORE they get to the Windows users. Just my $.02 worth.

-*-Bill

link

answered 13 Apr '10, 01:39

beely's gravatar image

beely
761
accept rate: 50%

As others have suggested, FireStarter is a good way to start configuring your firewall which protects the first port of entry for any malware.

As many others have pointed out, there aren't many virus or spyware currently for Linux, but remember that Unix has always been exploited in the past as a server OS and something that you should also be aware in Linux is to only install from safe "sources", meaning be very careful of adding software sources from launchpad or the likes if you really cannot trust the author... I've had many cases of intrusion and funny stuff started appearing in my /tmp folder...

In this case I would suggest to become familiar with an IDS (Intrusion Detection) tool although they might be a little difficult to learn in the beginning. A simple passive one is the already mentioned RKHunter but there are more complex one that also perform active/live monitoring...

link

answered 12 May '10, 09:49

pmarini's gravatar image

pmarini
286216
accept rate: 28%

1) Setup pfSense on a PC with 2 NICs, one for LAN and one for WAN. The LinkSys SOHO stuff is nice, but limited.

2) Yes, running a firewall on the PC itself is good, but that's like locking your bedroom door, whereas locking down a router is like locking the front door to your house. The router is the most important of the two, but both is ideal. Also remember, that you can lockdown user accounts by specifying which ports may go in and out...so Marcy can FTP out, but Tom cannot.

3) Learn iptables via the command line. It will be invaluable.

4) Do not REJECT packets, as that verifies something is there, instead, DROP them.

5) Use fwbuilder (Firewall Builder) to make configuring your firewall easier, but do NOT use this as a substitute for NOT learning iptables via the command line. Remember, it's more important HOW your firewall is configured vs which firewall you use -- regardless of the features of it.

6) Security is not a setting. It is a mindset. It is a way of thinking, acting, and being every second of every day. The greatest strength in security is also the greatest weakness as well.... that of the end-user.

7) It is not a matter of IF, but WHEN someone WILL get in if they want into a system or network bad enough.

8) In Ubuntu 10.04LTS, sudo apt-get install iptables-persistent && sudo ufw enable

9) About doing things as the root user, you can do the same amount of damage as sudo. FOr example, login as root and rm -rf /* and sudo it, the results are the same...the difference is that when you login as the root user, x.org and everything else has root privileges as well. Ubuntu by default disables the root account, which limits many issues.

10) While not Linux (it's BSD), OpenBSD is very secure, as is SELinux. All Linux is secure, moreso than Windows, but those variants of Linux/ BSD are even more so.

EDIT: While many recommend firestarter and it is indeed a good program, I highly recommend fwbuilder instead because of its features and flexibility.

link

answered 12 May '10, 03:42

Ron's gravatar image

Ron ♦
9361718
accept rate: 13%

edited 12 May '10, 15:04

Linux is not Windows, In the 10+ years I have never gotten a virus no matter what website I have been on, if configured properly and you never run any Linux distribution as root (administrator) virus(es)shouldn't cause a problem, as for a firewall most routers have a built in one which makes it really unnecessary to run one in the OS unless you are connected diretcty to your modem. IDK about Ubuntu but there are a few distros that have a built in firewall, Mandriva and it's sister distro PClinuxOS are two that have it located in the control center as well as a parental controls if you are sharing the computer with childeren. as for spyware, I have NEVER came across any...ever. It is so hard to take control of a properly administered Linux system that I guess it is just not worth the trouble to create it.

The short answer is: If administered properly you wont need anti-virus, anti-spyware or a firewall.

link

answered 12 May '10, 01:51

madpuppy's gravatar image

madpuppy
1624
accept rate: 10%

Generally most home Linux users don't need it. The security of Linux is such that you're low-risk. There are options, however.

You can install ClamAV for antivirus and set that up. And the Linux kernel has a builtin firwall calle diptabled, and just about all the so=called "firewalls" for Linux are really just frontends for iptables.

Don't worry to much about adware or spyware. They're REALLY next to nonexistent on Linux. The keyloggers you find would usually be for employer use.

But, honestly, unless you're trying to do a hardened Linux setup, you don't have to worry about a firewall or anti-virus. Viruses are just extremely rare on Linux and most attacks are preventable with just a little know-how.

link

answered 03 May '10, 17:31

Yaro%20Kasear's gravatar image

Yaro Kasear
4914
accept rate: 0%

I use the Firestarter firewall. I haven't had a problem ever, and have used Ubuntu for years. Liked the comment about KlamAV, which I use just as a check on files. Would suggest using RKHunter for rootkits or other malware in the system, but it will flag any python based apps you have loaded.

link

answered 14 Apr '10, 14:08

rMatey's gravatar image

rMatey
111
accept rate: 0%

rkhunter rules the world. Thanks to unSpawn for this tool :)

(14 Apr '10, 21:33) Web31337

I use Ubuntu and I don't need a firewall at home. Why? because my linksys router already provides me with a firewall against the bad guys. In addition, if you port scan a Ubuntu PC you will find one or two ports open assuming you didn't install any additional servers.

As for malware Linux is immune because you will download all your software from the Ubuntu store. As for spyware, even visting the worst sites imaginable on the Internet will not cause Linux to get any spyware. Yes, no one cares about getting into a Linux box. Not that it is impossible but for now it is small potatoes and no one cares.

You really are in a secure operating system. Enjoy it while it lasts.

CBO

link

answered 13 Apr '10, 23:44

cbo's gravatar image

cbo
312
accept rate: 0%

edited 13 Apr '10, 23:51

enjoy but don't relax! :)

(14 Apr '10, 21:34) Web31337

I agree with the recommendation for a firewall at the router level. You shouldn't need more. But, I disagree with the second paragraph. We have just seen that Apache.org was hacked and mal-ware could have (AFAIK wasn't) been installed in what would look a normal download. The best security is TRUST NOBODY not even your distribution. Always check the signature and MD5 of the files you download. At least if they are signed you will know who to blame ;-) What makes Linux more secure is that its users are more conscious and inquisitive about security.

(17 Apr '10, 18:31) LiquidPaper

If your computer is just a regular home computer and if it has no seriously confidential information on it then I'd just install the Firestarter firewall, because it's simple and easy to use.

Unless you are going to be checking your brain at the door and opening attachments from strangers you probably don't need other anti-malware. Not yet anyway.

Get a good password security tool. I use lastpass (www.lastpass.com) which works across platforms. If you ever use other computers, other than your own, I also recommned getting a yubikey (www.yubico.com) to protect your passwords. It will protect you from keyloggers.

If you have an old PC you don't mind dedicating for use as a firewall appliance you can run Amahi (amahi.org) and gain some network storage, a family wiki and more besides. Check the site for more info.

link

answered 13 Apr '10, 23:06

PJO's gravatar image

PJO
411
accept rate: 0%

You can use Secure Login and Weave with Firefox, works really well.

(12 May '10, 03:47) Ron ♦

As to spyware, there is (as yet) no spyware for Linux. This may change, but it hasn't for many years.

XavierP are you trying to say there are no keyloggers/rootkits for unix? :) Well, not every system uses Xorg/etc for keyloggers to be present, but rootkit may be a point of collecting information of different class, those may be used for different purposes. And not only rootkits may collect some private data from system.

As of root/not-root users... There is a possibility that your system will be compromised when attacker gains access to user-level shell, if kernel or some software running as root contains a vulnerability. If that's well-known and easily-exploitable one, you're in danger. Best way is to have firewall + correct permissions + more hacks :) Still, this usually is not required for home users... I've been learning linux in production environment from the beginning, so sometimes I think too deep when it comes to security questions, because, usually I have to deal with servers setup. A good way for home user is NAT(this is when you sit behind a router, a typical case that improves security of your internal network computers) or firewall blocking all input traffic not requested by you + latest software(use package manager to update your kernel, etc).

link

answered 13 Apr '10, 21:25

Web31337's gravatar image

Web31337
317111
accept rate: 11%

Rootkits are very different to spyware.

(15 Apr '10, 19:15) XavierP

As everyone else has pointed out, you don't have to worry too much about malware. Probably the worst thing that would happen is a rm -rf ~/*, but that's probably very rare. As far as firewalls, I always start out with http://www.linuxfromscratch.org/blfs/view/stable/postlfs/firewall.html and work from there.

link

answered 13 Apr '10, 19:31

manwichmakesameal's gravatar image

manwichmakes...
111
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×15
×2
×2
×1

Asked: 12 Apr '10, 18:30

Seen: 13,217 times

Last updated: 14 Jun '11, 11:37

powered by OSQA