Re: Security Programs in Kubuntu

My answer to this common question is here. In fact, you should read that entire thread, and all the pages linked from it. The only correct answer to the question of Kubuntu security is for you to do your own research and decide for yourself what is needed.

Re: Security Programs in Kubuntu

Something that may always be handy and knowing is Dibls top 20 #20 is about virus' and security.

I would also recommend reading this post and the one it links to on ubuntu forums, and you'll get a general feel about what could happen and how it was resolved, this time.
*Edit; found the short version of it here
*http://www.ubuntu-user.com/Online/Ne...Gnome-Look.org
If you really want a firewall I have used firestarter and a antivirus I've tried ClamAV (the graphical interface would be KlamAV) they should all be in the repos.

Edit; oh and welcome to the forums

Jonas

Re: Security Programs in Kubuntu

Telengard gave an excellent response.

During the first few years I used Linux (1998 to about 2003 or so) the common knowledge was that there were less than a dozen ACTIVE viral agents IN TOTAL for Linux. The AV houses, like Symantec, had a virus database which was browseable and it was easy to find specific information on any specific virus: the name, number of infections reported, the threat level, and removal instructions. Around 2002 or 2003 I searched Symantec and it listed a total of 42 Linux viruses and Trojans, but ONLY SIX had been active and FOUND IN THE WILD. The rest were found only "2 or less" computers and were not considered a threat. Translation: IMO, they were laboratory creations made by the AV houses in an attempt to create a Linux virus which could be released in order to generate Linux AV business. One would be hard pressed to explain how they could "find" so many viruses that were found on two or fewer computers.

A year or two later a certain AV house began advertising a Linux AV product and part of their ad campaign was claiming that there were over 400 viruses threatening Linux. I revisited Symantec's AV database and found it had been totally rewritten to make searching for specific Linux virus information VERY DIFFICULT. To get to the specific information (number, threat level, removal) I had to drill down through 6 or more pages, with links embedded in dense, obtuse text, to get to the important info. The print and select options were disabled. If one wanted to capture the info one had to either hand copy the info or take a snapshot of the page.

I drilled down on 125 of the 400 or so Linux viruses (it took almost half a day) and in EVERY CASE the culprit was a jpeg Windows virus which had been previously listed on the Windows section of the database but had the word "Linux" inserted into its name before being added to the Linux database. The claim at the time was that jpeg images had both Windows and Linux executable code in them and they would "run" on either platform. While there is amply proof that Windows is promiscuous enough to run anything via ActiveX and with no provocation, a jpeg virus on Linux has no better chance of running than does a virus attached to an incoming email on Linux. Without serious user assistance that chance is zero. There is no "ActiveX" on Linux, and *.desktop does not qualify.

First, as long as the attachment is not a file it cannot be run. To become a file the user has to (1) use the "save" option from the attachment dialog in the email client. But, that is not enough. Saving a file does not make it executable, even if it is a Linux ELF binary or a proper script. The file's executable property (2) has to be set which requires the user's cooperation. Then, the user has to specifically (3) run it.

Another area of attack is the java (or other code) applet on a web page. When it executes its code within the user's program memory space it could exploit a security hole in an application which might allow a privilege escalation leading to root access. Most of the time the worst damage it can do is to damage the user's home account. The easy cleanup is to delete the home account and reinstall it. Security holes in applications is one reason why you should let security updates automatically install in the background so you don't have to remind yourself to do it. The release of security updates in Linux SO QUICKLY follow discovery that the bad guys generally do not have time to exploit the hole before the patch is released and distributed. Where a security hole in Windows can remain open for months or longer, without the user being aware of the risk because Microsoft keeps such information secret, a security hole in FOSS is announced within hours of its discovery and a proof of concept code is also published to give users a chance to test a putative fix. Fixes usually come within hours, or a couple days at the most.

The purpose in using ClamAV or other free email AV products is to strip emails of viruses or Trojans before sending them on to friends using Windows. In eleven years I haven't seen an email virus that can affect Linux without the user doing the three stupid actions. Talking a user into doing those three steps is called "Social Engineering", and talking a user into doing those three actions is about the only way a virus or Trojan can infect Linux.

If you are running a Linksys WRT54GL wireless router then you have a Linux firewall in that router protecting you. Iptables is installed by default on Kubuntu, as is gfw (GNOME Fire Wall). Gfw is not active, but a simple set of iptable rules are active by default. I'd recommend installing GuardDog and GuideDog, which are very easy to use to control firewalls and to allow specific applications or ports to make holes in the firewall or set up ipforwarding and masquerading, NATs, etc. You can check your defenses against hacker attacks on your ports by running "ShieldsUp!" on the grc.com website. You should get ALL GREENS, which means that your are invisible to anyone sending out one-sided acks or other methods of locating open ports. They can only infer your presence by the actions of servers upstream from your box.

For the last three or so years I have been installing and supporting Linux (First PCLinuxOS then Kubuntu) on the boxes of more than a dozen people who are around my age but computer illiterate. I used to support their Windows installations and was kept quite busy cleaning them up and keeping them running. I got tired of it and told them that I no longer would "do Windows". If they wanted my help they had to run Linux. ALL of them agreed, especially when I told them how much it cost. In the last three years I can count the support calls I've had on the finger of one hand. Only one returned to Windows because of a Windows specific app that he needed, but that need is no longer and he is waiting for Kubuntu 10.4 to come out. In all this time NOT ONE OF THEM has reported a virus or Trojan infection, or any change in the behavior of their installation.

Re: Security Programs in Kubuntu

That's about the same as my experience. I had a WRT54 router for some years, and it died a year ago. Now I have a TrendNET TEW633-GR -- same results (all green on ShieldsUp). I have never run guarddog or GuideDog. But I do always change the default router IP address to something a little different.

I've never seen anything resembling a virus or malware on my Linux system. Actually it's been a long time since my wife's Windoze system had any problem, too. I have Bitdefender installed on that one.

Re: Security Programs in Kubuntu

^ This. It's so true. I'm always astonished at how quickly the fixes come after I read about them.

Re: Security Programs in Kubuntu

Running Windows inside of the WRT54GL gives it better security than even the commercial AV stuff. That and practicing safe surfing and emailing. While no Windows box can be as secure as a Linux box because Microsoft won't tell you where all its holes are and you'll have to find them by becoming a victim, for the most part if one uses a good firewall, FireFox and Thunderbird with FOSS AV behind a good firewall then XP can be reasonable safe. At least safe enough that your box won't appear as "low hanging fruit" to the bot harvesters. I've never been infected while running XP at home, but when I worked on the fly-by-wire tractor control system using XP I turned off the wireless. I only turned it on when I needed the web for something and then I turned it off. AND, I NEVER, NEVER, NEVER did any online banking or shopping with XP (or VISTA for the short time it lived on my Sony notebook before KK blew it off).

We had about 450 Windows workstations at work and for several years we had frequent infections (2 or 3 times per year, which involved a LOT of cleanup work for our six MSCE's). But then they installed a $28K Linux firewall/av/spam filter between the network and the Internet. In the four years we had that before I retired there was only one infection, and that was brought in by a guy who burned a CD of music he wanted to play at work. They opened his box and pulled out the power and signal cables to his CDROM.

Re: Security Programs in Kubuntu

Thanks for your answers but i still dont get the firewall part. Im using TP-Link TD-8810 MOdem+Router that says incoming conections are bloked by default is firewall is activated but i cannot see if it's activated or not but i looked into the tp-link site and it says it cannot be disabled normally so i think it's enabled. Is that enough?

Re: Security Programs in Kubuntu

I think enough is if you follow Greygeek's recommendation:
A little remark to GuardDog: Nice software, but it sometimes blocks all traffics and needs to be restarted. It can be done automatically, see for example my post here:
Autostart script as a root

Re: Security Programs in Kubuntu

If you have enabled your firewall, then go to http://www.grc.com and use the ShieldsUp! feature to test it. You want to see all green check marks on the the results.