[vox-tech] Ubuntu Security Software

[Bill Broadley]

I like Rick's reply.

There are some large differences in firefox, thunderbird, linux, and related 
common applications a new user is used to using.  They will by and large NOT
run something from a remote site without asking.  If they do they will NOT
run it as root.  There is no Active X which while trying to make something 
really easy to use allows remote applications to read your address book,
open attachments, and run things.  I was really shocked when the first batch 
of email viruses went around that just required opening an email without even 
click on an attachment.

Ubuntu is the linux desktop I'm most familiar with these days, and IMO
it (and many other linux environments I'm sure) do make reasonably few
queries to the user... none of the (so I've heard) 100's of queries a day that 
you get from vista.  Most of them are fairly easy to understand and make it
clear what the safest choice is.

So IMO.  Skip the antivirus, you are more likely to have a security problem 
from the virus checker then you are from a virus.

Steve Weiss wrote:
> I've been following the fascinating "Verify Ubuntu files" discussion and can see 
> how complex an issue system security is. But my question is, what do you 
> recommend a newbie like me do for security?

To start with, the simplist thing is, install nothing yourself.  Use only the 
provided application installer and as much as possible the standard 
repositories.  So the default apt-get install <whatever> should be secure.

> I've been running Ubuntu on my 
> laptop since an Installfest last Fall, but haven't found the time to learn much 
> about its innards yet.
> 
> When I asked Chris and Alex this at the time, they both shrugged their shoulders 
> and said basically don't click any links you don't trust, and that Linux doesn't

I often click on those links just to see.  I drop all my cookies/sessions to 
make sure I don't get cross-site attacked.  I.e. stealing my webmail account. 
  Usually I end up with some windows executable, sometimes if I'm bored I'll 
run it through strings looking for hints at what it acutally does.

> get much hacker attention. Neither recommended running any kind of security 
> suite for Linux.

Irregardless of popularity, it's just plain harder to get something run as
root on linux.  Even getting things run as a user often requires explicit 
steps by the user.  Dunno, I think partially it's because of windows history, 
and partially because windows comes practically featureless, minimal 
scripting, it's not opensource so why should folks give away opensource.  Hell 
even things like zip weren't included for awhile.  I was horrified to find how 
many things random users often install.  Screen savers, things to make their 
desktop background a photo, things to animate your mouse cursor, cute noises
for email notification, etc.  Usually random binary blobs, sometimes with a 
DLL.  On ubuntu (and others) you can get an amazing amount done with simple 
point/clicks inside the package manager.  The ubuntu/debian repositories are 
huge, include source, and include an amazing array of applications that you 
don't have to worry about the security.  Install 500 editors, languages,
paint programs, diagram tools, spreedsheets, word processors, web browsers, 
desktop environments, terminals, email clients etc.... the chance of getting 
some malware, trojan, etc are very low.  It's very unlikely to find something 
malicious.  Windows on the other hand, there's no central place to go to, 
seems almost the rule instead of the exception that any tiny itty bitty 
trivial tool you need for windows it going either to show you ads, monitor 
your activities, or be outright malware.  Hell some of the common places to 
get windows software sell ads... and occasionally those ads are for malware... 
installing any utility under windows is somewhat of a minefield.  Not to 
mention getting notified of updates is hard... again no central repository.

Under ubuntu it's not impossible to break things with apt-get 
install/synaptic/whatever package manager you use.  But it's not easy
to get compromised by that activity.

> I find this approach a little scary after many years using various Windows 
> security suites and discussions like yours.  And "trust" is a relative thing. 
> What would you all recommend for new users? Are there good 
> virus/firewall/spyware packages for Ubuntu that are reasonably automated?

IMO, patching regularly, firefox, and thunderbird is all you need.  They will 
protect you... that and a bit of common sense.  Don't reconfigure your system
because a random website told you to.  Don't run untrusted binaries from 
random folks.  If your mail client/web browser says something is suspicious... 
believe them.