Internet security


Forum: Networking
Topic: Internet security
started by: tonymoloney

Posted by tonymoloney on July 27 2007,07:14
Now that I've got my Internet working properly, what do I need to do about security?
On my old Windoze system I had a firewall, antivirus, antispam, antiphishing etc. etc.
Do I need all those things under DSL and if so, what do I get.
I've already installed some DSL extensions, so if the stuff I need is in there, I just need to know what it is called.
Tony

Posted by curaga on July 27 2007,07:53
There is a firewall extension called rc.firewall, it has a nice configuration from projectfiles.com.

It is recommended to get, but not necessary. Nothing can infect a read-only system.
For viruses, there are less than 20 for Linux and most of them used some exploit which was fixed in hours. So no need for any anti-virus..

Even without a firewall you're secure as long as no servers are running (none are by default)..

May I ask how a Windoze program might prevent spam? lol

Posted by lucky13 on July 27 2007,11:19
Quote
For viruses, there are less than 20 for Linux and most of them used some exploit which was fixed in hours. So no need for any anti-virus.

Partially true, partially not. If you expand the definition of virus to include worms and other exploits, there are many vulnerable applications used in Linux. OpenOffice worms come to mind right off the bat, as do various rootkits (there's an extension for rootkit hunter in MyDSL). How many systems are vulnerable because of the presence of WINE and Windows apps? You're not necessarily safer just because you run them in emulated mode in Linux (e.g., I believe netsky.d has its own smtp server and can bring your computer to a crawl quickly).

And the fact remains that most application and utility upgrades regardless of operating system are driven by security issues rather than new features. This is at least as true of Linux as of Windows if not more so because of the nature of open source development. And since so many applications have versions for all platforms, a vulnerability in one can very well mean a bug in all platforms.

The main difference between Linux and Windows is a matter of HOW -- Windows is more likely than Linux to be remotely exploited, but both are (too easily) exploitable locally.

Those are gross generalizations. Let's get specific. First, which version of Windows? They're really not the same with respect to security; NT and NT-based versions like ME, XP, and Vista have system administration and permissions (just like Linux). Second, a poorly run Linux system can be exploited locally or remotely (running servers, brute force, etc.) MUCH easier than a diligently set up and security-conscious Windows system. There are savvy Windows users who use wifi encryption and know how to tunnel VNC through SSH; there are ignorant Linux users who don't. Third, how are they being run? Is it a Linux user running exclusively or primarily as root so he always has administrative privileges just like he had in Windows 95 or otherwise misusing permissions versus a Windows user who understands what should and shouldn't be run in an administrative account?

I could go on and on but the point is the same: security really isn't based on the operating system, though some do make running a secure system easier. Security is a matter of how the user runs it.

And I have to disagree that you're safe just because you're not running servers. Technically, you're running X server/client (X has security issues) as well as other servers/clients. If you install DSL to hard drive and then surf the internet as root, you risk opening your system to all kinds of trouble.
< http://trends.newsforge.com/newsvac/06/05/02/2127213.shtml >

There are open source antivirus applications for Linux like ClamAV. There are also closed-source alternatives like BitDefender. The latter is convenient for DSL frugal because its installation run script installs it to /opt. The Linux version of their product is free (as in beer not as in freedom -- just like Opera), but I can't and won't vouch for its effectiveness or how current they keep the definitions. These products are geared more for servers than for desktops, and some of them are focused on specific server applications (mail, etc.) to address issues not specific to one particular OS (e.g., scanning e-mail for all virii).

Same for rootkit hunter; it's a purely reactive tool and it's maintained reactively rather than proactively. A better solution if you suspect a rootkit is to install a sniffer on another computer to monitor traffic from and to the suspect machine to see if there are signs that your kernel has been compromised. An even better solution is to be careful about how you run things (root only as needed, preferably offline), what kinds of sites you visit, and what you download or allow to be downloaded onto your computer. Everything you browse online is downloaded into cache.
< http://lucky13linux.wordpress.com/2007/04/26/web-based-malware-spikes/ >
< http://lucky13linux.wordpress.com/2007/04/26/web-based-malware-ii/ >
< http://lucky13linux.wordpress.com/2007....plosion >

Posted by curaga on July 27 2007,11:59
Aren't those Linux anti-virus programs only for Windows viruses?

Like for mail servers whose major user base uses windows..

Posted by lucky13 on July 27 2007,12:16
They're not entirely Windows-oriented, but see the last sentence of the second to last paragraph: "These products are geared more for servers than for desktops, and some of them are focused on specific server applications (mail, etc.) to address issues not specific to one particular OS (e.g., scanning e-mail for all virii)."

EDIT---
From clamav's site
Quote
# built-in support for ELF executables and Portable Executable files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others
# built-in support for popular document formats including MS Office and MacOffice files, HTML, RTF and PDF

You have ELF executables on your Linux partitions. I'd also be willing to bet you've dealt with HTML, RTF, and PDF files while using Linux. Those youtube videos -- do you use Flash?

Linux by itself is pretty safe. Unfortunately, all those file formats you use while running Linux really aren't.

Posted by curaga on July 27 2007,14:38
No, for principle I don't have Flash.. If I need to watch something, I can download the video and use Mplayer.
Posted by lucky13 on July 27 2007,14:46
You still have/use ELFs, PDFs, html, js, RTF, and all the other file types that are vulnerable even on Linux systems. I block Flash because of security more than out of principle.
Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.