Hi all,

I have used blocklist software in Windows as an extra safeguard against unwanted downloads to and probing of my PC by malware.

Is such software needed in Linux and if so what would you recommend?

Your advice would be most welcome.

John.

There are many software firewall solutions for Linux if thats the sort of thing you mean. Recommendations would depend on what distro you are using. Linux doesnt really suffer from the same malware and virus issues that windows suffers.

Don't waste your valuable clock-cycles on firewalls and anti-malware software. I run Linux without a firewall but there again I do have a hardware firewall on my router. As for malware, there are no known linux virii in the wild at this time (although that could change). Mac OSX is starting to have a few issues from time to time as an example.

The main reason for using anti-malware products on linux such as clamAV is purely to stop the spread of virii from a Linux platform to a window$ one. Whilst it won't infect your linux box, you can still pass it on :eek:

The biggest security problem I faced was getting rid of my window$ mindset and realising that I didn't have to be paranoid on the web anymore.

Your choice though!!

Firestarter (Linux firewall)
ClamAV (Linux Anti-Virus)

Both available through your distro repositories (all lovely open-source and free!)

Ken

You can get a virus on linux just like you can get a virus on a mac, but there are over 60,000 viruses for windows compared to about 40-50 for windows and mac's. Unlikely that you would get a virus using linux but there are viruses and thats why you can buy different anti-virus programs for it and thats from 2003.

http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/

Hi RRB,

Thank you for your VERY prompt response to my question.:)

It has taken me much longer to prepare my reply!

I will deal with each of you points in turn.

There are many software firewall solutions for Linux if thats the sort of thing you mean.

I have used 'Peerguardian 2' with 'Spyware' and 'Ads' blocklists (the latter being modified by an 'Allow' list for sites that I support. I have a hardware firewall in my LAN router and use a software firewall as a final barrier.

Perhaps I'm paranoid about identity theft.:eek:

Must have been paying too much attention to Govt. propaganda/security breaches!:)

Recommendations would depend on what distro you are using.

I haven't decided on all of them yet: -

1. Damn Small Linux version 4.2.5 seems to be working fine, and will stay, on my very old laptop.

2. I am still testing and torn between Granular, PCLOS Gnome 2008 (I love that desktop!:cool:) and Mandriva Powerpack 2008, for a more modern Athlon based system that I run.

3. My Core 2 Duo based system is currently using Bluewhite64 with some success, but I may try a few other 64-bit distros before settling on a preference.

Linux doesnt really suffer from the same malware and virus issues that windows suffers.

Thank you for that reassuring news.:)

Is there any possibility of passing viruses that enter the Linux OS, but don't affect it, to Windows machines on the same LAN?

I see that TOMMOHAWK_UK has already answered this question before I even asked it!!!

You can get a virus on linux just like you can get a virus on a mac, but there are over 60,000 viruses for windows compared to about 40-50 for windows and mac's. Unlikely that you would get a virus using linux but there are viruses and thats why you can buy different anti-virus programs for it and thats from 2003.

http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/

Did you read the whole article??


None of the Unix or Linux viruses became widespread - most were confined to the laboratory


Oh and by the way people who use Linux don't buy software for it because it's opensource and the majority is released under the GPL and therefore free. :lesson:

Hi again Ken,

Thanks for your comprehensive reply.

The biggest security problem I faced was getting rid of my window$ mindset and realising that I didn't have to be paranoid on the web anymore.

I thought I was the only one!:)

Now there's you.:grin:

Also I'm not too sure about this guy!:rotfl: http://www.avforums.com/forums/showthread.php?t=733021


Firestarter (Linux firewall)
ClamAV (Linux Anti-Virus)

Both available through your distro repositories (all lovely open-source and free!)

Thanks for the recommendations,:thumbsup:

John.

Also I'm not too sure about this guy!:rotfl: http://www.avforums.com/forums/showthread.php?t=733021

Maybe he is just visiting alot of 'ahem' special interest sites?

Ken

Did you read the whole article??





Oh and by the way people who use Linux don't buy software for it because it's opensource and the majority is released under the GPL and therefore free. :lesson:
Yes I did read the whole article some time ago I might add, I have been using linux for a few years fyi and although I dont use any AV now when using linux I have done in the past. As for you saying there are no viruses out there for linux well thats not true:lesson: http://www.desktoplinux.com/articles/AT3307459975.html

One of many links where you can buy antivirus for linux since you said its all free http://www.grisoft.com/ww.2216

I will leave it there, I just wanted to let the OP know that there are unix/linux viruses out there.

I just wanted to let the OP know that there are unix/linux viruses out there.

Hi y2k,

Thanks for informing me of the risk:(. . . . and for indicating the relative levels of Windows vs. Linux malware risks in your earlier post.:lesson:

Much appreciated,:)

John

Yes I did read the whole article some time ago I might add, I have been using linux for a few years fyi and although I dont use any AV now when using linux I have done in the past. As for you saying there are no viruses out there for linux well thats not true:lesson: http://www.desktoplinux.com/articles/AT3307459975.html

One of many links where you can buy antivirus for linux since you said its all free http://www.grisoft.com/ww.2216

I will leave it there, I just wanted to let the OP know that there are unix/linux viruses out there.

OK fair enough but I think we are missing the point here somewhat.

The real point is that Linux is inherently more secure than windows. If you are logged on as a user (and not root - why would you be for normal usage) then Linux will not let you modify any files outside of your /home/username directory. Therefore, a virus will not be able to overwrite or modify system files without explicit elevated permissions.

Not wanting to get into a (who can wee higher up the wall) contest about it we will leave it there.

Please don't scaremonger, ask any Linux professional and they will tell you that for routine usage, Anti-Virus is not a requirement (for now).

Extract from Wikipedia

Virus scanners such as the open source (http://en.wikipedia.org/wiki/Open_source) Clam AV (http://en.wikipedia.org/wiki/Clam_AntiVirus) and the commercial freeware (http://en.wikipedia.org/wiki/Freeware) Avast! (http://en.wikipedia.org/wiki/Avast%21) and AVG (http://en.wikipedia.org/wiki/AVG_Security_Software) are available for Linux.
SecurityFocus's Scott Granneman, says: "...some Linux machines definitely need anti-virus software. Samba (http://en.wikipedia.org/wiki/Samba_%28software%29) or NFS (http://en.wikipedia.org/wiki/Network_File_System_%28protocol%29) servers, for instance, may store documents in undocumented, vulnerable Microsoft formats, such as Word (http://en.wikipedia.org/wiki/Microsoft_Word) and Excel (http://en.wikipedia.org/wiki/Microsoft_Excel), that contain and propagate viruses. Linux mail servers should run AV software in order to neutralize viruses before they show up in the mailboxes of Outlook (http://en.wikipedia.org/wiki/Microsoft_Outlook) and Outlook Express (http://en.wikipedia.org/wiki/Microsoft_Outlook_Express) users."[1] (http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses#cite_note-Granneman-0)


However, I do respect your views and ultimately it should be whatever the user feels comfortable with.

Friends again? :)

Ken

Hi RRB,

Thank you for your VERY prompt response to my question.:)

It has taken me much longer to prepare my reply!

I will deal with each of you points in turn.



I have used 'Peerguardian 2' with 'Spyware' and 'Ads' blocklists (the latter being modified by an 'Allow' list for sites that I support. I have a hardware firewall in my LAN router and use a software firewall as a final barrier.

Perhaps I'm paranoid about identity theft.:eek:

Must have been paying too much attention to Govt. propaganda/security breaches!:)



I haven't decided on all of them yet: -

1. Damn Small Linux version 4.2.5 seems to be working fine, and will stay, on my very old laptop.

2. I am still testing and torn between Granular, PCLOS Gnome 2008 (I love that desktop!:cool:) and Mandriva Powerpack 2008, for a more modern Athlon based system that I run.

3. My Core 2 Duo based system is currently using Bluewhite64 with some success, but I may try a few other 64-bit distros before settling on a preference.



Thank you for that reassuring news.:)

Is there any possibility of passing viruses that enter the Linux OS, but don't affect it, to Windows machines on the same LAN?

I see that TOMMOHAWK_UK has already answered this question before I even asked it!!!

Like TOMMOHAWK i also only have a hardware firewall on my router and no other sort of anti virus or malware software and ive never had a problem. The joys of Linux :grin:

I've just about got my linux server locked down now after setting it up over the last few months.

I run a security camera system on it and its my nas and uPnP server. I dont really browse on it except to the sites realted to the software I use - ZoneMinder, Twonky, mldonkey etc.

I have a NAT on the router and was relying on that until recently. I now have a software firewall on the linux server too. I use the inbuilt iptables and have locked it down as best I could, in theory.

I have configured sancho (bt client), tight vnc to use ssh so only port 22 is open through the nat to the linux box. In theory nothing should get through the nat to hack the firewall unless its on 22 but if the bt is open on the nat maybe somebody could come through that - thats why I use a firewall on the linux server too. I've never seen the firewall software use any cpu.

Rather than just opening the ports up I use, I actually specify the IP ranges that can use the port too. I have 5.0.0.0 so I can use hamachi, 213.x.x.x so my work desktop can connect and 192.16.1.x so my local pcs can connect. Thats it, everything else isnt allowed.

That still doesnt stop several attempts a day hitting port 22 on the firewall.

I also use denyhosts which is a great tool. It looks in /var/log/secure and looks for attempted hacks and adds the IP address to the /etc/hosts.deny so they ant try again.

Additioanlly it contacts a central list and downloads a list of know hacker IPs and adds them to my local /etc/hosts.deny file too. It also uploads my deny list to the server to share with everybody else.

I have further added to this and written a couple of scripts that look in /var/log/secure and gets IP addressses of potential hackers and then does whois on the IP and saves them in a file. It doesn't do anything just trackes where the hacks are coming from so I can be nosey :) A lot of hack attempts are from China or Russia.

[root@tracey-island ~]# ./show_intrusions
21 intrusions from 12 different hosts, since Mar 23 14:50:52
no new intrusions
[root@tracey-island ~]#



Maybe this is a good faq in these new forums - recommendations for an uncomplicate iptables list for common software.

I've just about got my linux server locked down now after setting it up over the last few months.

Hi graham.myers,

What a lot of work to organise your system security!

I have filed the information for future reference as it makes very interesting reading, but I am too new to Linux to attempt anything so ambitious at this stage.

Maybe this is a good faq in these new forums - recommendations for an uncomplicate iptables list for common software.

Perhaps it is a good way of meeting my requirements. I will await further comments with interest.

Thanks for your contribution,:)

John.

Although I've used linux, solaris, hp-ux, aix etc for dozens of years, I've never actually done anything on the sa side. I';m an oracle dba so only know the rudimentaries of security and setup. I tend to get hold of the systems after they have been set up :)

I'm learning a lot setting up my own system though and thoroughly enjoying every minute.

I'll start a new thread with my iptables lists and see what the gurus think :)

I'll start a new thread with my iptables lists and see what the gurus think :)

Sounds good to me.:)

I'll have to work on improving my Linux knowledge drastically to use the results! (So far, I've only experimented with a few LiveCD's in the last 3 months, Installed Granular - Funworks on an elderly, homebuilt Athlon system and installed Damn Small Linux on an old Pentium II 266 laptop). Lots to learn yet!

John.

John
moblock does the same thing as PG2 with the same blocklists.
http://moblock-deb.sourceforge.net/

John
moblock does the same thing as PG2 with the same blocklists.
http://moblock-deb.sourceforge.net/

Thanks tinners,

Perfect answer for my immediate need!:clap:

John

Here's some fuel for the OS wars.

http://www.theregister.co.uk/2008/03/29/ubuntu_left_standing/


:hiya: *runs*

Here's some fuel for the OS wars.

http://www.theregister.co.uk/2008/03/29/ubuntu_left_standing/


:hiya: *runs*


Haha, Awsome! Bet that guy was about 12 aswell

Here's some fuel for the OS wars.

http://www.theregister.co.uk/2008/03/29/ubuntu_left_standing/


:hiya: *runs*

:clap: One up for the Linux fanboys. There some big old flamewar going on in the comments on that thread!

El Reg is actually a very good IT news site.

They're fairly quick off the mark and have some of the funniest comments I've ever read. I've had plenty of coffee sprayed over my monitor while browsing there. :smashin: