firewalls, anti-virus and spyware

As others have suggested, FireStarter is a good way to start configuring your firewall which protects the first port of entry for any malware.

As many others have pointed out, there aren't many virus or spyware currently for Linux, but remember that Unix has always been exploited in the past as a server OS and something that you should also be aware in Linux is to only install from safe "sources", meaning be very careful of adding software sources from launchpad or the likes if you really cannot trust the author... I've had many cases of intrusion and funny stuff started appearing in my /tmp folder...

In this case I would suggest to become familiar with an IDS (Intrusion Detection) tool although they might be a little difficult to learn in the beginning. A simple passive one is the already mentioned RKHunter but there are more complex one that also perform active/live monitoring...

1) Setup pfSense on a PC with 2 NICs, one for LAN and one for WAN. The LinkSys SOHO stuff is nice, but limited.

2) Yes, running a firewall on the PC itself is good, but that's like locking your bedroom door, whereas locking down a router is like locking the front door to your house. The router is the most important of the two, but both is ideal. Also remember, that you can lockdown user accounts by specifying which ports may go in and out...so Marcy can FTP out, but Tom cannot.

3) Learn iptables via the command line. It will be invaluable.

4) Do not REJECT packets, as that verifies something is there, instead, DROP them.

5) Use fwbuilder (Firewall Builder) to make configuring your firewall easier, but do NOT use this as a substitute for NOT learning iptables via the command line. Remember, it's more important HOW your firewall is configured vs which firewall you use -- regardless of the features of it.

6) Security is not a setting. It is a mindset. It is a way of thinking, acting, and being every second of every day. The greatest strength in security is also the greatest weakness as well.... that of the end-user.

7) It is not a matter of IF, but WHEN someone WILL get in if they want into a system or network bad enough.

8) In Ubuntu 10.04LTS, sudo apt-get install iptables-persistent && sudo ufw enable

9) About doing things as the root user, you can do the same amount of damage as sudo. FOr example, login as root and rm -rf /* and sudo it, the results are the same...the difference is that when you login as the root user, x.org and everything else has root privileges as well. Ubuntu by default disables the root account, which limits many issues.

10) While not Linux (it's BSD), OpenBSD is very secure, as is SELinux. All Linux is secure, moreso than Windows, but those variants of Linux/ BSD are even more so.

EDIT: While many recommend firestarter and it is indeed a good program, I highly recommend fwbuilder instead because of its features and flexibility.

Linux is not Windows, In the 10+ years I have never gotten a virus no matter what website I have been on, if configured properly and you never run any Linux distribution as root (administrator) virus(es)shouldn't cause a problem, as for a firewall most routers have a built in one which makes it really unnecessary to run one in the OS unless you are connected diretcty to your modem. IDK about Ubuntu but there are a few distros that have a built in firewall, Mandriva and it's sister distro PClinuxOS are two that have it located in the control center as well as a parental controls if you are sharing the computer with childeren. as for spyware, I have NEVER came across any...ever. It is so hard to take control of a properly administered Linux system that I guess it is just not worth the trouble to create it.

The short answer is: If administered properly you wont need anti-virus, anti-spyware or a firewall.

Generally most home Linux users don't need it. The security of Linux is such that you're low-risk. There are options, however.

You can install ClamAV for antivirus and set that up. And the Linux kernel has a builtin firwall calle diptabled, and just about all the so=called "firewalls" for Linux are really just frontends for iptables.

Don't worry to much about adware or spyware. They're REALLY next to nonexistent on Linux. The keyloggers you find would usually be for employer use.

But, honestly, unless you're trying to do a hardened Linux setup, you don't have to worry about a firewall or anti-virus. Viruses are just extremely rare on Linux and most attacks are preventable with just a little know-how.

I use the Firestarter firewall. I haven't had a problem ever, and have used Ubuntu for years. Liked the comment about KlamAV, which I use just as a check on files. Would suggest using RKHunter for rootkits or other malware in the system, but it will flag any python based apps you have loaded.

I use Ubuntu and I don't need a firewall at home. Why? because my linksys router already provides me with a firewall against the bad guys. In addition, if you port scan a Ubuntu PC you will find one or two ports open assuming you didn't install any additional servers.

As for malware Linux is immune because you will download all your software from the Ubuntu store. As for spyware, even visting the worst sites imaginable on the Internet will not cause Linux to get any spyware. Yes, no one cares about getting into a Linux box. Not that it is impossible but for now it is small potatoes and no one cares.

You really are in a secure operating system. Enjoy it while it lasts.

CBO

If your computer is just a regular home computer and if it has no seriously confidential information on it then I'd just install the Firestarter firewall, because it's simple and easy to use.

Unless you are going to be checking your brain at the door and opening attachments from strangers you probably don't need other anti-malware. Not yet anyway.

Get a good password security tool. I use lastpass (www.lastpass.com) which works across platforms. If you ever use other computers, other than your own, I also recommned getting a yubikey (www.yubico.com) to protect your passwords. It will protect you from keyloggers.

If you have an old PC you don't mind dedicating for use as a firewall appliance you can run Amahi (amahi.org) and gain some network storage, a family wiki and more besides. Check the site for more info.

As to spyware, there is (as yet) no spyware for Linux. This may change, but it hasn't for many years.

XavierP are you trying to say there are no keyloggers/rootkits for unix? :) Well, not every system uses Xorg/etc for keyloggers to be present, but rootkit may be a point of collecting information of different class, those may be used for different purposes. And not only rootkits may collect some private data from system.

As of root/not-root users... There is a possibility that your system will be compromised when attacker gains access to user-level shell, if kernel or some software running as root contains a vulnerability. If that's well-known and easily-exploitable one, you're in danger. Best way is to have firewall + correct permissions + more hacks :) Still, this usually is not required for home users... I've been learning linux in production environment from the beginning, so sometimes I think too deep when it comes to security questions, because, usually I have to deal with servers setup. A good way for home user is NAT(this is when you sit behind a router, a typical case that improves security of your internal network computers) or firewall blocking all input traffic not requested by you + latest software(use package manager to update your kernel, etc).

As everyone else has pointed out, you don't have to worry too much about malware. Probably the worst thing that would happen is a rm -rf ~/*, but that's probably very rare. As far as firewalls, I always start out with http://www.linuxfromscratch.org/blfs/view/stable/postlfs/firewall.html and work from there.