Ubuntu & Antivirus
80 H
I'm using Ubuntu 7.10 on an IBM T40 and plan to use it with a WEP wireless
PCMCIA link to my current wireless hub. Do I need to use an antivirus, or
does the security permissions in Linux really prevent third parties
accessing data on my machne?
Many thanks
A
Cork Soaker
Yes.
It has an antivirus in the repositories anyway.
ray
I've never run antivirus on Linux. I've been using various distributions
for over five years - currently have five home systems on the net
14/7/365 via broadband - I've never had an infestation.
Bit Twister
> I'm about to load and run Ubuntu (Indeed, Linux...) for the first time...
>
> I'm using Ubuntu 7.10 on an IBM T40 and plan to use it with a WEP wireless
> PCMCIA link to my current wireless hub.
> Do I need to use an antivirus,
Have you look at what the AV vendors supply for Linux.
Reason there is not much AV protection for /Linux/ malware is because
it is none running around. Any exploits found are fixed pretty fast
and delivered next day. Now waiting for Second Tuesday of the Month.
> or does the security permissions in Linux really prevent third
> parties accessing data on my machne?
Funny question there. You kinda mixed your apple and orange comparison.
Last port scan of "out of the box install" I made of ubuntu showed all
ports closed.
That does "prevent third parties accessing data" from the Internet.
As soon as you install/enable services/daemons, those ports will be
open to attack.
Before that point, you would want to enable the firewall.
As for accessing your data, black hats have moved from attacking your
system from the Internet to attacking your system from your
applications. The main attack is serving malware via cracked Ad
servers and cross scripting via java.
If you were to keep up to date on all your applications as soon as
they have updates, run Firefox with NoScript Add On and privoxy
installed with lots of blocked ads in user.actions, you would be ahead
of any AV Software sold for /Linux Malware/.
I do not wait for Third Party Apps like Firefox to show up in package
selection. I download/install from the Vendor as soon as I know of an
update. Example, I am running Firefox 2.0.0.13.
For intrusion detection you can install something like
aide, ossec-hids, samhain, tripwire, snare,...
I happen to run Mandriav Linux which installs with the firewall
enabled and have privoxy and aide as additional package selections.
Standard security include text file follows for my linux and Micro$oft
friends:
********************************************************************
“In mid-year 2007, studies showed there were nearly 30,000 new
infected web pages being created every day."
http://finjan.com/Pressrelease.aspx?id=1820&PressLan=1819&lan=3
You can use privoxy to block ads and sites. http://www.privoxy.org/
If you want to play with it, Mandriva Linux install instructions here
http://groups.google.com/group/alt.os.linux.mandriva/msg/a76245f3f5fab041
with a bunch of sites already added to +block in user.action.
You may want to add your router's ip under { +block } to prevent malware
cracks of your router while surfing.
A more extensive action file found here
http://www.neilvandyke.org/privoxy-rules/
Adding NoScript Add On to firefox http://noscript.net/getit
It's Options --> Advanced Untrusted
lets you set a few restrictions for Untrusted Sites.
I have all boxes checked for Untrusted sites.
#***************** start privoxy.txt *********************************
click up a terminal
su - root
urpmi --wget privoxy --auto
You might consider getting a copy of my user.actions:
cp /etc/privoxy/user.action /etc/privoxy/user.action_orig
Copy my user.aciton script into /etc/privoxy/user.action from
http://groups.google.com/group/alt.os.linux.mandriva/msg/a76245f3f5fab041
You may want to add your router's ip under { +block }
in /etc/privoxy/user.action to prevent malware cracks of your router
while surfing.
service privoxy restart
exit
exit
In firefox,
Edit->Preference->Advanced
Click Network tab
Connection
Settings button
click Manual proxy configuration:
HTTP Proxy: 127.0.0.1 Port: 8118
SSL Proxy: 127.0.0.1 Port: 8118
Be sure to clear the "No Proxy for" box
Click OK
Click Close
#********************* end privoxy.txt **************************
I recommend not using Internet Explorer or Outlook Express.
Use third party apps. Firefox, Thunderbird for example.
I strongly recommend Firefox with the NoScript Add On.
Black Hats have are using a lot of Java tricks to exploit systems.
My NoScript Option settings.
General
check box Left clicking on NoScript toobar button
Radio button Base 2nd level Domains
check box Automatically reload affected pages when permissions change
Whitelist
I added file:// for my local index.html file
Plugins
All boxes checked except Collapse blocked objects
Appearance
No changes by me.
Notifications
Everything checked except Audio Feedback
Did set Hide After at 5 seconds
Advanced
Untrusted
Everything checked except Hide <NOSCRIPT>elements
Trusted
Only have Show the <NOSCRIPT> element which follows a blocked <SCIRPT>
XSS
both boxes checked and removed all exceptions.
Black Hats are using google links to inject malware links.
JAR
checkbox Block JAR remote resources being loaded as documents
Left jar:https://samples\.noscript\.net/sample_apps.jar string alone.
Hadron
Don't worry overly about a virus - do worry about using WEP. Do not use
WEP if you have secure data. WEP is NOT secure and if your data goes over
that wire people can get at it. Use WPA.
Do not listen to anyone who says otherwise.
http://www.smallbusinesscomputing.com/webmaster/article.php/3674601
--
"Ignore the forging nym-shifting troll who pretends to be chrisv! I'm the *REAL* chrisv!"
chrisv, COLA.
Mark Warner
You are confusing access with virus infection.
Your Linux install will be as accessible as you make it. This is a
function of your networking configuration and file sharing settings. The
defaults are darn tight.
But, no matter how accessible your data is, the machine is essentially
immune to malware infection in the conventional sense.
--
Mark Warner
SimplyMEPIS Linux v6.5
Registered Linux User #415318
...lose .inhibitions when replying
William Poaster
I've run Linux distributions of one sort or another for 10/11 years & never used
an AV. AV applications are only any use if you have windoze machines in your
network, to stop them getting infected.
--
Mandriva 1 - 2008 - RC2 - 64bit OS.
COLA trolls: http://colatrolls.blogspot.com/
Holz
No you don't. Switched from Windows 3 years ago, never had any
maleware, av and other stuff issues.
--
Live & let live, or leave.
:-)
Ignoramus13009
You do not need an antivirus if you use only Linux, but if, for
example, you use your linux copmputer to relay mail for windows
computers, you may want an antivirus such as clamav.
i
Walt Nelson
Walt
Tacoma, WA
Non scrivetemi
> 80 H wrote:
> > I'm about to load and run Ubuntu (Indeed, Linux...) for the first time...
> >
> > I'm using Ubuntu 7.10 on an IBM T40 and plan to use it with a WEP wireless
> > PCMCIA link to my current wireless hub. Do I need to use an antivirus, or
> > does the security permissions in Linux really prevent third parties
> > accessing data on my machne?
>
> You are confusing access with virus infection.
>
> Your Linux install will be as accessible as you make it. This is a
> function of your networking configuration and file sharing settings. The
> defaults are darn tight.
>
> But, no matter how accessible your data is, the machine is essentially
> immune to malware infection in the conventional sense.
So you're saying no Linux viruses exist?
Did you know the very first virus ever was a Unix critter? And htat
it's still found in the wild occasionally today?
Didn't think so.....
>
Dirk T. Verbeek
> Mark Warner wrote:
>
>> 80 H wrote:
>>> I'm about to load and run Ubuntu (Indeed, Linux...) for the first time...
>>>
>>> I'm using Ubuntu 7.10 on an IBM T40 and plan to use it with a WEP wireless
>>> PCMCIA link to my current wireless hub. Do I need to use an antivirus, or
>>> does the security permissions in Linux really prevent third parties
>>> accessing data on my machne?
>> You are confusing access with virus infection.
>>
>> Your Linux install will be as accessible as you make it. This is a
>> function of your networking configuration and file sharing settings. The
>> defaults are darn tight.
>>
>> But, no matter how accessible your data is, the machine is essentially
>> immune to malware infection in the conventional sense.
>
> So you're saying no Linux viruses exist?
No self propagating Linux viruses exist, they cannot replicate so in
essence they are at worst malware.
>
> Did you know the very first virus ever was a Unix critter? And htat
> it's still found in the wild occasionally today?
Basically these few programs are all concepts that don't survive outside
of the lab.
>
> Didn't think so.....
>
Why don't you enlighten us? clearly you seem to know more than any other
source!
>
>
>
>
>
>
>
Ignoramus17842
lot of them spread via bad PHP software. I have seen some in
action. That's the reason why I avoid PHP where possible.
However, in general Linux viruses are harder to write and harder to
spread and it is harder for them to get root privileges. But nothing
is impossible.
At the moment, it is much easier to write viruses for Windows.
i