Linux, Security, and Drivers!

Hey all!

I've looked at the last month and a half worth of posts in this forum, and I really just do not see anything related to security in general for Linux.

So I'm making a thread .

I am really considering installing Linux as my main OS in my D430, mostly because a lot of my work would benefit from the OS and some of the tools that are actually easier to use in Linux.

But I'm concerned about internet safety and my data. Granted, Linux is somewhat safe in that bugs are quickly fixed and it isn't a "home user common" OS (say like Windows, whom hackers love to go for). You get what I mean...

But yeah, I kind of want some kind of security for my PC if it does the way of the Linux penguin....

Thanks!
Greg

 

There are antivirus programs for linux as well as firewalls, and even better, most are free. I think Ubuntu 7.10 ships with an antivirus program installed (but it's been a while since I used it, so I'm not sure)

 

To be honest, Greg, if you want answers to those questions, you'd be better off visiting some Linux distro forums. The Ubuntu forums (ubuntuforums.org) are a wealth of information, and I'm certain the other large distros have similar forums.

In my experience, you can breathe a little easier with *nix operating systems. I never run any anti-virus software (very little point, actually, IMHO). I stay behind a good hardware firewall, and I disable javascript, java, and cookies, when I visit questionable websites. Security updates come often, as you pointed out, so couple that with little (compared to MS) hacker interest, and I think you'll be safe.

 

I have a linux machine just set up for pron surfing (No, I jest, but that would be the plan).

I don't use any antivirus, (if I pass any Windows virii onto my friends, its their fault) don't install any extra security tools, leave my web browsers at the default settings, blah blah blah. And I'm still clean, even after frequenting 7chan. That should tell you something.

 

Firestarter is available at Ubuntu repositories as a GUI for the firewall that's already built into Linux. I don't really understand the firewall stuff - have read posts that went on about the iptables and most Linux ports are shut by default, but Firestarter was still recommended.
It's a simple little GUI. I'm on dial-up and configuring it for that took only a coupla minutes after Firestarter notified me of several dopey mistakes and made me start over again.
Anti-virus and anti-spyware is still widely regarded as non-essential unless you're networked with Windows PC's. The danger is not that your Linux PC will get infected, but that it will pass the malware on to the Windows PC's!

 

What kind of security are you talking about? Because "security" is a vague concept. Really, just running Linux makes you immune to pretty much any automated exploit, as long as you create a good password. And most Linux distros run by default as a non-root user, so as long as you have a good backup plan (which you should have under ANY operating system), you're pretty much safe doing whatever you want.

If it helps you sleep better, I have a hobby of downloading dodgy executables and running them under wine and watching the logs as they futilely try to access system resources and otherwise take over a Windows machine If you have any specific questions, I'd be glad to try to answer them, but simply put, running Linux you are pretty much safe from anything as long as you pay attention to what you're doing if instructions to get something done ever tell you to do something on the network as root.

 

Muahaha. I used to do that too, albeit for slightly different reasons for work (risk analysis) and always got a kick out of that.

Greg, posters here are right - the most important ans strongest security aspect of *nix platforms is the creation of user accounts that run independently of the root account. Linux is so compartmentalized that it's not easy for the OS to catch a cold.

The most basic firewall available on Linux installations is the IP Tables and IP Chains which filter through the junk although it's not easy to use (at first) until one grasps the fundamentals but very powerful. There are other programs, already mentioned (firestarter) that do the job well, some others, built-in like SELinux (in Fedora) provide a measure of security as well, although that should be tweaked somewhat depending on your needs.

This site offers a lot of interesting information for your needs

Hope that helps!

 

You will want to install NoScript in Firefox - any other protection is really pointless. If you have a router as a hardware firewall, there's no need to bother with a software firewall either.

 

I always thought that there were no viruses for Linux or spyware etc. Is there a need for a anti-virus or is firewall plenty?

 

Quite honestly, you won't need either, as long as

1) you don't use your computer as "root"
2) you make a good password (such as a combination of letters + numbers: Upp3rCa5e)
3) don't modify the IP Chains too much
4) preferably get online via router

Also, there are very few "viruses" that infect linux machines.. you can count all of them with the fingers of your hand, so there's nothing to worry about in this respect.

I've never bothered with either a firewall or "linux anti-virus", I've been running linux in one form or another on my machines for the past 7 years and I've never encountered any problems.

 

Another point:
Viruses are mainly used if:
1. There are a large number of users (because then it can spread from infected computer to other computers, rather than being restricted to spreading from the source)
2. The computer is firewalled (since the computer cannot be directly accessed, the user must initiate the hacking - i.e. by downloading/executing the virus)
3. The users are stupid (so that the executable will actually be installed)
4. The logged in user is going to be running as an Administrator/root when interacting with the internet

These all fit Windows, and none fit Linux servers. #2 does apply to Linux desktops, but the majority of Linux computers are servers, so a Linux hacker concentrates on the servers.

You'll be fine.

 

Well, coming from a Windows user who has had to de-bug many other Windows systems (naturally, I've never been hit yet they still come to me for help)...you get the idea. I don't want my passwords and data being hacked, my data is the most important of all.

I've recently discovered how darn powerful OS imaging can be. I love it.

Isn't there a way for things to still gain root access though?

Well, I visit some cafe's and the like...and my university's student WiFi. None it has HW firewalls AFAIK.

I've wondered about the existence of viri for Linux. Are they're any out there, and how would someone know for sure.

Maybe there is something out there, and you just don't know it. And, unlike Windows which is a frequent target, Linux just hasn't been hit hard. I wonder how fast the community would be able to respond if a real threat ever did come out.

I would hope so.

Another Question:
I'm probably going to go with Ubuntu 7.10 as my choice for Linux...the LiveCD seems to work really well, even faster than my native Windows install right now (which is surprising) on my D430. How in the heck do I know if all the drivers are installed properly?

 

Yeah, it's pretty easy actually.

You'll come across something like this;

Code:

Must run as root

or

Code:

You do not have permission to do this

And you're like "Oh, yeah!, well take this!"

Code:

sudo InstallLinuxVirus

Or you're like "I'll show you who doesn't have permission" and run the honour-Virus

Code:

sudo rm -rf /

Then you're like "OH NO! I got a virus, and it's not herpes!". And that's how you get a linux virus.

 

I meant is there a way for a virus to crack the root permissions .

 

Just play with it! Test everything you can think of: Speakers, Wireless, headphone jack, microphone jack, all the USB ports, etc. If you find something that doesn't work, poke around on Google by searching your model name and distro (as in: "Inspiron 1100" on Gutsy). Chances are you'll find one or two things that don't work right out of the box(wireless) but someone else has already figured out a way to make it function. The best finds are blogs dedicated to your machine!

Of course, there's always the possibility that you're in unknown waters and a fix will either have to be developed by you or you'll have to wait until someone solves it. Hopefully that's not the case and you'll be able to get up and running in no time.

 

Only if you sudo it

The password file should be encrypted on newer distros, so it's possible that in theory that it could launch a brute force cracker, but I've never heard of this being done. It'd have to generate a wordlist (or include one), or make them up on the fly, but you might get very suspicious when an app that doesn't show you anything (It'd probably be hidden) is nabbing all of your CPU time.

But again you'd have to launch it under your own will, and it'd have to be a very odd chance you scored up a piece of malicious software for linux.

 

Look up the words 'Exploit' and 'Rootkit'.

People have written whole books on linux security, these are mainly aimed at those that want to setup linux servers and particularily those servers that are internet facing.

For a laptop, you're most likely not interested in running servers, and fortunately distros such as Ubuntu have all the inet services (i.e. incoming network service such as web servers, telnet, ftp, ...) disabled by default.

What security you need to consider depends on the environment that you plan to use your laptop in and how and what networks you are going to connect to.

 

You know if the drivers are working by testing the hardware in the LiveCD environment. For example, try using the wireless adapter, or a bluetooth device, or the multimedia buttons, etc.

And I don't believe you can elevate account privileges with a virus. The code for that must be rock solid, otherwise people who have legit access to a box as non-root would be getting root all the time.

 

A local user and hence a virus running as a local user could gain root privileges.

For example, the recent kernel exploit could have been exploited by a virus, I am not aware of one, but that doesn't mean it isn't possible.

This is the Debian security notice but there are similar security notices for the other distros.

http://www.debian.org/security/2008/dsa-1494

 

Oh yeah, I forgot about that exploit. But those things don't come along often.

 

I don't recall many kernel exploits, and I am not sure whether the lack of such discoveries is a good or bad thing.