Firewall & Antivirus For DSL
Forum: Multimedia
Topic: Firewall & Antivirus For DSL
started by: ace2005
Posted by ace2005 on Mar. 24 2005,22:55
I'm new to Linux and DSL, but I am learning fast how to use it.I was wondering what's available to use as a firewall & Antivirus application for DSL.
I appreciate DSL since I have just fixed my Sound, Video & Wireless Network card problems. This O/S works better than M.S.Windows.
Posted by cbagger01 on Mar. 25 2005,06:20
There is a firewall extension in the MyDSL repository called rc.firewall and iptables:< http://www.ibiblio.org/pub/Linux/distributions/damnsmall/mydsl/net/ >
It is possible to install an antivirus program but at this time it is unneccesary due to the lack of Linux-based viruses. DSL is naturally immune to MS Windows viruses.
Posted by Grim on Mar. 27 2005,18:47
< http://www.linuxmafia.com/~rick/faq/index.php?page=virus#virus >| Quote |
| The problem with answering this question is that those asking it know only OSes where viruses, trojan-horse programs, worms, nasty Javascripts, ActiveX controls with destructive payloads, and ordinary misbehaved applications are a constant threat to their computing. Therefore, they refuse to believe Linux could be different, no matter what they hear. And yet it is. |
Posted by AwPhuch on Mar. 28 2005,22:35
| Quote (cbagger01 @ Mar. 25 2005,01:20) |
| There is a firewall extension in the MyDSL repository called rc.firewall and iptables: < http://www.ibiblio.org/pub/Linux/distributions/damnsmall/mydsl/net/ > It is possible to install an antivirus program but at this time it is unneccesary due to the lack of Linux-based viruses. DSL is naturally immune to MS Windows viruses. |
There are a few viruses and rootkits that are floating around on linux...it might be a good idea to have something "just in case"
fprot does have a RPM and deb type package already built
< http://www.f-prot.com/download/home_user/download_fplinux.html >
***for personal use only***
Brian
AwPhuch
Posted by ke4nt1 on Mar. 29 2005,02:09
Awesome article, Grim..Thanks for sharing..
With DSL having few ports visible by default , (68 - dhcpclient - closed )
and for the 'most' part, a read-only filesystem, made temporarily writable,
I hope folks can rest assured that without self-running some unknown exec,
DSL is a fairly safe way to explore the internet, email and chat environments.
73
ke4nt
Posted by l0st on Mar. 31 2005,12:14
kent and the guys up top make an excellent argument, but one should note that most of it only applies to a live cd environment. Now that frugal and HD install and co. exist, DSL crew would do well to address certain issus such as these. i for one believe a firewall on the vanilla ISO distro is a must have. however great anti-MS-propaganda-pro-linux propaganda puts it, linux boxes being owned is a fact of life.
Posted by cbagger01 on April 01 2005,00:05
Lots of things are a "must have" until somebody actually tries to fit them on to a 50MB sized livecd with everything else.Then they are not as "must have" as they initially thought.
Maybe they will get included in a future release of DSL.
My opinion is that if someone wants to do a frugal / hd install and is getting worried about a lack of firewall then they can move their fingers and click on the "MyDSL" icon and take the 5-10 minutes (even on dialup) to install a firewall program.
But my opinion doesn't matter.
The distro maintainers have the final say.
Posted by ace2005 on April 07 2005,21:22
Thanks for all your reply's and I will take your advise and not worry about viruses at this time.
Posted by ace2005 on April 07 2005,21:24
Thanks for all your reply's and I will take your advise and not worry about viruses at this time.
Posted by Rapidweather on April 07 2005,22:40
I would hope that Knoppix is also a safe way to surf the internet. However, since I have an always-on cable modem, even it I do not have a web browser running, my system is still connected, I believe. For that reason, I still like dial up in situations where download speed is not needed. When you disconnect, you are off. I run my Knoppix remaster entirely in RAM, and for that I need 1 GB. Should be safe.
Posted by noordinaryspider on April 09 2005,21:17
| Quote |
| However, since I have an always-on cable modem, even it I do not have a web browser running, my system is still connected, I believe. |
To the best of my knowledge, you are correct. I have always had dial-up but instructed my daughter, when she went to college and switched to DSL, that she was to unplug her CAT5 from her modem whenever she was not using the internet.
Posted by Alastor on May 02 2005,01:11
If you configure your DSL "host allow" setings and "host deny" setings correctly it is virtualy impenitrable to external attacks. So you can sleep well with your network still pluged in 
or if you have a router your router's config setings will most likely allow you to block all ports and some include blocking pings, makeing your computer invisable to would be hackers. Also DSL I belive comes witl all ports but SSH blocked to any exteral network by default, so even if you just run from CD it will be fairly safe. Linux is in my openion the safest and most reliible OS in the world and we can all feel safe with our computers runing 24/7 as mine does Thanks for your time,
Andrew
(I know my spelling sucks heh =/)
Posted by cbagger01 on May 02 2005,02:30
All of this is true.Unfortunately, the biggest security risk comes from social engineered trojans and other highjack code that people encounter by clicking on email attachments and by visiting certain websites especially with certain insecure web browsers.
Linux is generally immune from these because:
1) The email and web browsers are usually started up as normal user-owned processes instead of root processes. This limits the amount of damage that can be done by the bad guys.
2) Most of the trojans/spyware out there are written for win32 computers and cannot perform their intended function when launched from a linux email or web-browser program.
Hopefully, these statements remain true for the forseeable future and linux will maintain a reputation for better sucurity.
Because all of the security in the world is lost if Mr. Trojan Maker can convince Mr. Dumb User to install his evil malware somehow, or if Mr. Dumb User decides to run his e-mail client or web browser as user "root".
Posted by RoGuE_StreaK on May 02 2005,02:46
I'm on cable, but everything runs through a locked-down hardware firewall/router, so that's one less worry.So how's fprot go for scanning and cleaning windoze drives? You know those situations where you get a windoze virus, it's detected by your virus checker, but it can't be removed for some reason or other, so you spend a day trying to figure out how to rid your system of said virii...
Would be good to have a dsl extension that could diagnose and repair such an occurrance. And for the paranoid, they could scan their DSL system just to prove to themselves that everything is still hunky-dory.
Posted by cbagger01 on May 02 2005,16:13
For newer Windows users, they would need both Antivirus + captiventfs in order to repair files.I don't know if fprot can do this from linux.