Firewall and/or anti-virus

GreyGeek GreyGeek at earthlink.net
Sun Apr 5 21:04:40 UTC 2009 

Web1 wrote:
> Hello,
>
> Is there any reason to have either an anti-virus or firewall on 
> Kubuntu?  I have downloaded clam anti-virus but it doesn't appear to 
> have real time protection.  I have read that there isn't a reason to 
> have either an anti-virus or firewall for Kubuntu, I was just checking 
> to make sure that they are not needed prior to me doing my banking and 
> such on Kubuntu.  I have this on a separate hard drive from windows XP 
> and are slowly transferring over to it.  Pretty good learning curve, but 
> its fun and challenging.
>
> If I do need an anti-virus, firewall, spy-ware blocker and such, could 
> you guys please recommend the best of each of these to install?
>
> Thanks and am glad I am making the switch.
>
> Web
>
>   
Web,

AV, perhaps, but only for the sake of your friends to whom you send 
might send infected emails or software you had received from others who 
use Windows.  For you to infect your Linux installation via an email  
attachment you would have to:
1) Save the attachment as a file. 
2) Add the executable permission to the file
3) Run the file.
In other words, it takes a lot of social engineering for the bad guy to 
talk you into doing those steps.  It won't happen automatically, even if 
they attached a *.desktop file.   But, if you were to receive an 
attached program that was infected and you did those three steps you'd 
have an infected home account.  Depending on the skill of the hackor who 
wrote the program you might also have your root account infected.   If 
it is just your home account you could delete it and recreate it and 
your infection would be gone. (Save your valuables first!).  Otherwise, 
the safest route is a reformat and fresh install.

But, a firewall by all means because professional thieves are looking 
for Linux boxes to break into  (manually - it can't be done 
**automatically** via a simple email, the way it is done in Windows) so 
they can use it as a controller for their 50,000 Windows zombie bot 
farms.  But, if your installation of Jaunty is like mine, a firewall was 
installed and configured automatically.  Go to grc.com and run 
"ShieldsUp!" on all 1,056 ports.  If yours is like mine you will get an 
all green board, indicating that your PC is invisible to the Internet by 
primary packet response, and thus its existence can only be inferred by 
upstream analysis of packet's time-to-live values after reflection, if 
they are reflected.  Most are merely not acknowledged (by returning an 
ACK packet to complete the handshake, for example), but are dropped.  
The hacker can't tell if a packet is hitting a PC or merely sailing off 
into the Infinite bit-bucket because it's time-to-live expired.

I've been running Linux since May of 1998.  For most of that time, up 
until I retired 8 months ago, I left my PCs  on and connected to the 
Internet 24/7/365.   I have yet to even see a Linux virus or other 
malware, much less get infected by one.  In fact, I never even used a 
firewall until the climate of the Internet changed a few years ago from 
trouble caused by script-kiddies to that caused by professional thieves.

Initially, most "threats" were from kids running scripts they downloaded 
from haxor sites, scripts they couldn't write themselves, but which 
allowed them to add their pseudonyms and other such stuff like "Hacked 
by the Razor!", and required following only a few simple steps in order 
to the defaced page.  Most of their stuff was vandalism: defacing 
websites and deleting data from hard drives, done mainly so they could 
boast to their friends.   And, at that time, most of the sites were 
lightly defended, if at all.   

A few years ago that changed.  Hackers were no longer interested in 
impressing their friends because they aren't immature kids.  They are 
now highly skilled thieves after only one thing: MONEY!    Windows 
computers remain their target because Windows is so difficult, if not 
impossible, to secure.   In the current economic times they will get 
more disparate and brazen.

I said Windows was impossible to secure (except by the very best of 
professionals, but certainly NOT by Joe and Sally Sixpack)  because 
Microsoft bludgeoned security professionals, under threats of lawsuits, 
into NOT warning Windows users about security risks at the time they 
were discovered, but informing only Microsoft.    After that it was up 
to Microsoft to determine what holes got fixed and when.   Microsoft 
usually announces the hole and the patch the same day, which could be 
MONTHS after the hole was found.   Some  holes never got patched 
because  Microsoft's advice was to "upgrade", thus turning their own 
malfeasance into profit.   ***As long as Microsoft keeps security holes 
secret it is impossible for Windows users to adequately protect 
themselves because they are kept in the dark about the risks.****  You 
can't protect yourself against threats you are not aware of.   Even NOW, 
Microsoft is aware of holes in Windows that would allow thieves into 
your system but they haven't informed you.  So you don't know which 
application is vulnerable and can't make an informed decision, or risk 
evaluation, to determine if you will wait till it is patched or switch 
to another app.  Worse for Microsoft, would be switching to a much more 
secure OS/Desktop, Mac or Linux.    

The latest reports from the av-comparatives website shows that for the 
last seven months of last year, out of the 2.3 Million examples of 
malware tested, the best AV product did not detect 8 out of 1,000, while 
OneCare did not detect over 100 out of 1,000.  It only takes one to lose 
your credit card info, your credit and your reputation.
GG

More information about the kubuntu-users mailing list