PDA

View Full Version : [ubuntu] How to avoid phishing using Ubuntu?



ismaelito
February 12th, 2010, 04:59 PM
Hello, i have just installed Ubuntu,i'am really concerned about security,i have no idea about linux.
In windows, i use kaspersky internet security to protect the computer, so any time i want to log on my bank web, i use virtual mode or secure mode,and also virtual keyboard offered by kaspersky,i ve never had a problem,this way i think i protect myself against fishing.
Is there anyway to protect myself from the fishing attack in Ubuntu?
Thanks a lot.

Pjotr123
February 12th, 2010, 05:02 PM
No worries, Ubuntu is a safe and secure operating system:
http://sites.google.com/site/easylinuxtipsproject/security

You can bank safely in Linux. :)

Sir Jasper
February 12th, 2010, 07:08 PM
Hi,

Try searching ¨phishing¨ not ¨fishing¨.

Linux/´buntu affords little or no protection against phishing (i.e. the same level as Windows versions).

OpenDNS is available and Firefox 3.5 or later (and Explorer 8) have protection settings but common sense is frequently the best protection against scams.

My regards

PS Phishing frauds ruin thousands of lives and they are on the increase - so ¨be careful out there¨.

ajgreeny
February 12th, 2010, 08:46 PM
Fishing is angling and catching fish!

Phishing is sending emails with links to scam and spoof bank or financial websites. They may look right, but it is up to the recipient to display some sense and not click on such links. No security software is really able to stop silly people doing silly things, but don't worry, Ubuntu is about as safe as you can get, other than never using a computer for banking.

Sir Jasper
February 12th, 2010, 09:27 PM
Hi ajgreeny,

I always read any post carrying your name with interest; however, I think (possibly wrongly) that phishing includes the transfer from visited websites to malicious websites as well as the common email scams which you mention.

What you say is not necessarily incorrect, but I do not like the advice ¨not to worry¨ after the extensive phishing fraud reports (not email based) as reported last October in the English broadsheets (and also the foreign press).

My regards

ismaelito
February 12th, 2010, 10:19 PM
I am sorry, i ask a moderator to change the title from fishing to phishing;).
According to you, i have to be very careful as well in Ubuntu.

Pjotr123
February 13th, 2010, 12:34 AM
I am sorry, i ask a moderator to change the title from fishing to phishing;).
According to you, i have to be very careful as well in Ubuntu.

Don't confuse these two things:

1. In Linux, you are safe from malware, like viruses, spyware and key loggers, provided that you stick to normal software sources and apply your updates.

2. You are not safer in Linux, from people who try to fool you with fake e-mails, like Nigerians who promise you millions if you only pay them a few thousands first. That's called social engineering and has nothing to do with software. The only protection is common sense. Against fake banking websites and such (phishers) you have some protection in Firefox. But again, use your common sense. 100 % security doesn't exist anywhere.

crlang13
February 13th, 2010, 01:09 AM
Don't confuse these two things:

1. In Linux, you are safe from malware, like viruses, spyware and key loggers, provided that you stick to normal software sources and apply your updates.

2. You are not safer in Linux, from people who try to fool you with fake e-mails, like Nigerians who promise you millions if you only pay them a few thousands first. That's called social engineering and has nothing to do with software. The only protection is common sense. Against fake banking websites and such (phishers) you have some protection in Firefox. But again, use your common sense. 100 % security doesn't exist anywhere.

As said above, yeah, you're fairly safe from viruses and the likes, but not from false websites.

Alot of Windows anti-virus software also adds safe browsing things - like Norton and McAfee with their site ratings etc. In Firefox, if you click tools > addons > get adds > browse all add ons (you'll be taken to a new webpage). I use an add on called Link Extend. You'll find it by running a search in Firefox's add on page. It creates a tool bar that rates the safety of the site based on Norton, google and other companies.

This will offer you some more protection and help you maked informed decisions as to whether or not to trust a specific site.

presence1960
February 13th, 2010, 01:16 AM
The best read I have ever seen for ubuntu security: http://ubuntuforums.org/showthread.php?t=510812

ismaelito
February 13th, 2010, 11:26 AM
As said above, yeah, you're fairly safe from viruses and the likes, but not from false websites.

Alot of Windows anti-virus software also adds safe browsing things - like Norton and McAfee with their site ratings etc. In Firefox, if you click tools > addons > get adds > browse all add ons (you'll be taken to a new webpage). I use an add on called Link Extend. You'll find it by running a search in Firefox's add on page. It creates a tool bar that rates the safety of the site based on Norton, google and other companies.

This will offer you some more protection and help you maked informed decisions as to whether or not to trust a specific site.

Thanks, But i am fan of Opera, i use it with Wot and adblock. Do you think that Firefox is more secure than opera?

Sir Jasper
February 13th, 2010, 02:03 PM
Hi,

You were not asking me and I really do not know the answer, but although Opera has an excellent reputation I suspect (nothing stronger) that Firefox is the more secure. I assume that with some 5000 add-ons available Firefox is the most versatile.

Here is a Firefox screenshot where the arrow points to its anti-phishing feature (in 3.5 and 3.6, but the absence of a warning may not mean safety).

http://i.imagehost.org/t/0314/FFOptions.jpg (http://i.imagehost.org/view/0314/FFOptions)

OpenDNS is available free at router (or browser) level for both Linux and Windows and for phishing protection only no registration is needed.

My regards

Added: I forgot to mention that I also Use WoT (with Firefox in my case).

crlang13
February 14th, 2010, 01:02 AM
Thanks, But i am fan of Opera, i use it with Wot and adblock. Do you think that Firefox is more secure than opera?

I'm not sure about Opera. I've used Wot, and I know alot of people do, but I don't completely trust it. I prefer Link Extend because it uses a variety of sources (including Wot) to inform about the site.

Sorry that I can't be more informative about Opera, but I think sir jasper has hit the nail on the head.

Georgia boy
February 14th, 2010, 05:09 AM
I just installed the LinkExtend that everyone's talking about. I read the reviews on both WOT and LinkExtend. Decided to go for the latter. Also installed the Opendns through the router and went with the free one. Also use the Noscript, and Adblock Plus add-ons. I'll keep checking and see what else looks good.

Seems like I'm doing something right the way others are using the same things.

Tom

bodhi.zazen
February 14th, 2010, 07:47 AM
Hello, i have just installed Ubuntu,i'am really concerned about security,i have no idea about linux.
In windows, i use kaspersky internet security to protect the computer, so any time i want to log on my bank web, i use virtual mode or secure mode,and also virtual keyboard offered by kaspersky,i ve never had a problem,this way i think i protect myself against fishing.
Is there anyway to protect myself from the fishing attack in Ubuntu?
Thanks a lot.


Security is like an onion, it has layers and they stink.

You are confusing the layers and security threats.

http://en.wikipedia.org/wiki/Phishing


In the field of computer security (http://en.wikipedia.org/wiki/Computer_security), phishing is the criminally (http://en.wikipedia.org/wiki/Criminal) fraudulent (http://en.wikipedia.org/wiki/Fraud) process of attempting to acquire sensitive information such as usernames, passwords (http://en.wikipedia.org/wiki/Password) and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail (http://en.wikipedia.org/wiki/E-mail) or instant messaging (http://en.wikipedia.org/wiki/Instant_messaging),[1] (http://en.wikipedia.org/wiki/Phishing#cite_note-0) and it often directs users to enter details at a fake website whose look and feel (http://en.wikipedia.org/wiki/Look_and_feel) are almost identical to the legitimate one. Even when using server authentication (http://en.wikipedia.org/wiki/Transport_Layer_Security), it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering (http://en.wikipedia.org/wiki/Social_engineering_%28computer_security%29) techniques used to fool users,[2] (http://en.wikipedia.org/wiki/Phishing#cite_note-1) and exploits the poor usability of current web security technologies.[3] (http://en.wikipedia.org/wiki/Phishing#cite_note-Jos2007-2) Attempts to deal with the growing number of reported phishing incidents include legislation (http://en.wikipedia.org/wiki/Legislation), user training, public awareness, and technical security measures.

So, things like antivirus and keyloggers are not protection against phishing. Take care with lists of fraudulent web sites, such lists can only protect you from KNOWN fraudulent web sites.

1. There are no know active viruses in Linux.

2. As long as you only install applications from trusted sites, such as the Ubuntu repositories, things such as spyware, keylogers, rootkits, are a non issue.

3. In terms of Phishing, do no give out personal information over the internet. When conducting on line banking, be very careful with the url you enter (or book mark you web sites).

ismaelito
February 14th, 2010, 06:23 PM
Thanks to everybody for your advices, i have tried linkextend, but i don't like it, i am going to use OpenDNS.
I 'am really enjoying Linux:p, everything seems working quicker in Ubuntu than windows, besides this, we have got a great community ready to help.

ismaelito
February 14th, 2010, 09:57 PM
Please, How to update my dynamic Ip for OpenDNS using the Grome schedule?
Thanks

ismaelito
February 16th, 2010, 08:21 AM
Please, How to update my dynamic Ip for OpenDNS using the Grome schedule?
Thanks

Solved :p.