Thank you.

So if someone sent me an attachment to a file that was infected (originating system unknown) I would remain un-infected. But if I passed the attachment on the receiver (if using Windows) would be infected. Am I correct.

Yes indeed, in Linuxland it's unheard of to get infected by a mail (attachment) or by visiting a website.
But you should never say never
The weakest point is having full Java enabled...
In case you are interested in a full buttoning down your install have a read about things like Tripwire for Linux and SeLinux, but this is especially for people running their own server(s).


I watch out for the notification of available updates and then start up Muon, Muon has a button (Third along) to do a full update, click it.
This will show you a list of the files to be updated.
It is fairly easy to run through this list to see if there are any files or packages marked for removal, like you can click on the Status and Request(?) buttons to sort the list accordingly.
If a file or package is going to be removed without a suitable replacement I would wait for a day and see if the next updates are going to be complete, this usually fixes the earlier issue.
After checking and agreeing with the list you click on the green check mark (Second button) to commence the update.

In case you are impatient you can at any time click the third button to force a check for updates.

Thanks for replying.

I checked for updates ard there are four. Requested says 'No Change' in all cases.
However the checkmark (second from left) button is grey and unclickable.

In Muon's left pane you can select on Status and this will show you the four packages for updating.
The checkmark can only be used AFTER you have selected the fourth button Complete Update.

An update is sometimes deferred untill all required elements are available.

(I'm looking at a Dutch version so my translations might be off)

I see the fourth button, mine is labelled 'Full Upgrade'

I will try it later.

Best wishes.

A

Full Upgrade, yes that'll be the better English

Just completed the upgrades.

Four yesterday, but ten today.

I believe that they take immediate effect.

It looks like the best method for handling updates is to wait for notification and then upgrade, rather than constantly checking.

It reminds me a little of Windows Update that I used to use with Vista.

Best wishes.

A

Uuhhh... I'd argue that's too strong of a statement. Some malware has targeted Linux, but it's rarely seen in the wild. Much of it targets ELF executable files.

Nevertheless, because the risk is so low, and the ability to spread is so difficult, I maintain that it's unnecessary to run anti-malware software on a Linux desktop computer.

From all that I have read, I am left with the impression that anti-virus and anti-malware programmes are un-necessary.

However, I am still left wondering regarding the use of a firewall. There is a recommended GUI firewall available. Is installation desirable, or like the AV programmes unnecessary.

Regards.

No, you don't need a host firewall either. Some time ago I wrote a post here explaining why. I'll look for it later when I'm on my PC.

yes they do ,,,,,,except for kernel upgrades and one or 2 others and you will get a notification of needing a reboot for these .
ya if thats what you like ,,,,,,,I turn off update notification and just run once a week or so .or when I feel like it

VINNY

Nice link Steve! I think this part of it sums up what everyone has been saying nicely:

It shouldn't be a normal thing to run antivirus software on a system... if you know there are security bugs in your code you should fix the bugs instead of writing another program to look for people trying to exploit them. You're only stuck with crappy security bugs that you know exist but can't do anything to fix if you're using someone else's proprietary code.

Here's an analogy, just for fun...

You live on a street of houses, and nobody locks their doors when they go away. One day your neighbour's house is burgled, and the evidence showed that that person got in through the unlocked door. Someone got a good look at the intruder, so you have a description. Do you a) lock your doors or b) hire someone to sit in your house with a baseball bat and attack people if they look like the burglar?

If you go for b) your grunt might get it wrong and attack your guests, the intruder could always put on a disguise next time and still come in through the unlocked door, and there's always the possibility that the grunt could be compromised through a vulnerability of his own (blackmail?) and used to break into your house . Oh, and the grunt is a big fellow so he eats lots of your food, and he gets in the way when you're in the house, slowing you down and using up your precious resources!

Found it:

https://www.kubuntuforums.net/showth...server-correct

Thanks, Feathers.

It may not be possible always to fix the problem. For example, The OWASP Top 10 list of common web application vulnerabilities is as relevant today as it ever has been. If you purchase a web application, you may not be able to modify the code for contractual reasons. Or if you develop applications for your business, you may not be aware of how to properly code to limit these risks. For this reason, I always urge organizations to place web application firewalls in front of public-facing servers. You've done this yourself, using mod_security.

My employer, Riverbed Technologies, sells a web application firewall (it's a pretty decent one, too). Chapter 11 of the Stingray Application Firewall User Guide has a good overview of the common vulnerabilities, threats, and ways to mitigate them. [Note: we've embarked on a product-wide renaming exercise; Stingray is now called SteelApp. I mention this because you'll see references to both names for a while.]

I'd argue that ModSecurity (or any other WAF) is different to an antivirus because it's looking for general patterns of bad behaviour rather than exploits for specific bugs that you could just fix. I know a lot of the rules were written by learning from previous known exploits, but the point is that the community also fixed the bugs in that software (like the Joomla JCE exploit, which still has bots running around on the internet)... the rule is then there to catch generic "bugs like this" that you don't know exist yet.

For example, many of the ModSecurity rules are broad, and look for shell commands in POST data or limit the amount of PCRE allowed, because these are general indicators of naughtiness.