Firewall and/or anti-virus

[Kaj Haulrich]

On Sunday 05 April 2009 23:04:40 GreyGeek wrote:
> Web1 wrote:
> > Hello,
> >
> > Is there any reason to have either an anti-virus or firewall on
> > Kubuntu?  I have downloaded clam anti-virus but it doesn't
> > appear to have real time protection.  I have read that there
> > isn't a reason to have either an anti-virus or firewall for
> > Kubuntu, I was just checking to make sure that they are not
> > needed prior to me doing my banking and such on Kubuntu.  I
> > have this on a separate hard drive from windows XP and are
> > slowly transferring over to it.  Pretty good learning curve,
> > but its fun and challenging.
> >
> > If I do need an anti-virus, firewall, spy-ware blocker and
> > such, could you guys please recommend the best of each of these
> > to install?
> >
> > Thanks and am glad I am making the switch.
> >
> > Web
>
> Web,
>
> AV, perhaps, but only for the sake of your friends to whom you
> send might send infected emails or software you had received from
> others who use Windows.  For you to infect your Linux
> installation via an email attachment you would have to:
> 1) Save the attachment as a file.
> 2) Add the executable permission to the file
> 3) Run the file.
> In other words, it takes a lot of social engineering for the bad
> guy to talk you into doing those steps.  It won't happen
> automatically, even if they attached a *.desktop file.   But, if
> you were to receive an attached program that was infected and you
> did those three steps you'd have an infected home account. 
> Depending on the skill of the hackor who wrote the program you
> might also have your root account infected.   If it is just your
> home account you could delete it and recreate it and your
> infection would be gone. (Save your valuables first!). 
> Otherwise, the safest route is a reformat and fresh install.
>
> But, a firewall by all means because professional thieves are
> looking for Linux boxes to break into  (manually - it can't be
> done **automatically** via a simple email, the way it is done in
> Windows) so they can use it as a controller for their 50,000
> Windows zombie bot farms.  But, if your installation of Jaunty is
> like mine, a firewall was installed and configured automatically.
>  Go to grc.com and run "ShieldsUp!" on all 1,056 ports.  If yours
> is like mine you will get an all green board, indicating that
> your PC is invisible to the Internet by primary packet response,
> and thus its existence can only be inferred by upstream analysis
> of packet's time-to-live values after reflection, if they are
> reflected.  Most are merely not acknowledged (by returning an ACK
> packet to complete the handshake, for example), but are dropped.
> The hacker can't tell if a packet is hitting a PC or merely
> sailing off into the Infinite bit-bucket because it's
> time-to-live expired.
>
> I've been running Linux since May of 1998.  For most of that
> time, up until I retired 8 months ago, I left my PCs  on and
> connected to the Internet 24/7/365.   I have yet to even see a
> Linux virus or other malware, much less get infected by one.  In
> fact, I never even used a firewall until the climate of the
> Internet changed a few years ago from trouble caused by
> script-kiddies to that caused by professional thieves.
>
> Initially, most "threats" were from kids running scripts they
> downloaded from haxor sites, scripts they couldn't write
> themselves, but which allowed them to add their pseudonyms and
> other such stuff like "Hacked by the Razor!", and required
> following only a few simple steps in order to the defaced page. 
> Most of their stuff was vandalism: defacing websites and deleting
> data from hard drives, done mainly so they could boast to their
> friends.   And, at that time, most of the sites were lightly
> defended, if at all.
>
> A few years ago that changed.  Hackers were no longer interested
> in impressing their friends because they aren't immature kids. 
> They are now highly skilled thieves after only one thing: MONEY! 
>   Windows computers remain their target because Windows is so
> difficult, if not impossible, to secure.   In the current
> economic times they will get more disparate and brazen.
>
> I said Windows was impossible to secure (except by the very best
> of professionals, but certainly NOT by Joe and Sally Sixpack) 
> because Microsoft bludgeoned security professionals, under
> threats of lawsuits, into NOT warning Windows users about
> security risks at the time they were discovered, but informing
> only Microsoft.    After that it was up to Microsoft to determine
> what holes got fixed and when.   Microsoft usually announces the
> hole and the patch the same day, which could be MONTHS after the
> hole was found.   Some  holes never got patched because 
> Microsoft's advice was to "upgrade", thus turning their own
> malfeasance into profit.   ***As long as Microsoft keeps security
> holes secret it is impossible for Windows users to adequately
> protect themselves because they are kept in the dark about the
> risks.****  You can't protect yourself against threats you are
> not aware of.   Even NOW, Microsoft is aware of holes in Windows
> that would allow thieves into your system but they haven't
> informed you.  So you don't know which application is vulnerable
> and can't make an informed decision, or risk evaluation, to
> determine if you will wait till it is patched or switch to
> another app.  Worse for Microsoft, would be switching to a much
> more secure OS/Desktop, Mac or Linux.
>
> The latest reports from the av-comparatives website shows that
> for the last seven months of last year, out of the 2.3 Million
> examples of malware tested, the best AV product did not detect 8
> out of 1,000, while OneCare did not detect over 100 out of 1,000.
>  It only takes one to lose your credit card info, your credit and
> your reputation.
> GG

Agreed. Theoretically though, you *could* get infected, not by an 
ordinary virus, but a so-called 'rootkit'. I never heard of any 
linux box being infected, but just in case you could install 
'rkhunter'. On my machine it runs in the background and never 
detects anything, but gives some 'warnings' about missing files, 
insecure permissions and such.

In short: don't worry about linux and viruses.

Kaj Haulrich.
-- 
*** Sent from a 100% Microsoft-free computer ***
********* Running Linux Kubuntu 8.10 *********