Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: security concern

  1. #1
    Join Date
    Apr 2011
    Beans
    2

    Exclamation security concern

    hi everyone,

    I'm bit confused whether to use my ubuntu machine to access my bank accounts and other personal information coz lately ubuntu has become very popular and malware might already be on. I don't find any promising security software just to be on safer side and to have piece of mind.

    Please share your thoughts or suggestions.

    thanks

  2. #2
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: security concern

    Quote Originally Posted by killerloop8 View Post
    hi everyone,

    I'm bit confused whether to use my ubuntu machine to access my bank accounts and other personal information coz lately ubuntu has become very popular and malware might already be on. I don't find any promising security software just to be on safer side and to have piece of mind.

    Please share your thoughts or suggestions.

    thanks
    You don't need "security software." That's a windows thing. More important is just to use common sense -- make sure when you login to your bank's website that you use HTTPS. I highly recommend the FF add-on "certificate patrol."

    If you want to enhance browser security look into add-ons like Noscript. You can also enable the AppArmor profile.
    Occam's Razor for computers: Viruses must never be postulated without necessity -- nevius

    My Blog

  3. #3
    Join Date
    Apr 2011
    Beans
    58
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: security concern

    Quote Originally Posted by killerloop8 View Post
    hi everyone,

    I'm bit confused whether to use my ubuntu machine to access my bank accounts and other personal information coz lately ubuntu has become very popular and malware might already be on. I don't find any promising security software just to be on safer side and to have piece of mind.

    Please share your thoughts or suggestions.

    thanks
    Yes, if you are primarily concerned about on line accounts (especially the important ones like banking), my first tip is just to be on a secured home network. WPA2-AES. Don't attempt to log on to anything valuable in the public. All banks I know of use "SSL" which basically changes http:// to https://. What this means is that everything going on is encrypted in that session. A couple of sites that do have https:

    amazon.com
    ebay.com
    sovereignbank.com

    Most websites with transactions really do have SSL but just make sure.

    Sites like facebook.com do not have SSL (enabled by default. Which is weird but, that's facebook)

    In a nutshell, make sure you're on a secure network.

    Don't download anything stupid.

    And you'll be good. Hope I helped. Have a good one.

    P.S. Some people don't know why all websites don't use SSL (even ubuntuforums.com doesn't use SSL) but, it does cost money and apparently it's a little slower since everything has to be encrypted.

  4. #4
    Join Date
    Dec 2010
    Location
    Something witty.
    Beans
    204
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: security concern

    Quote Originally Posted by rookcifer View Post
    You don't need "security software." That's a windows thing. More important is just to use common sense -- make sure when you login to your bank's website that you use HTTPS. I highly recommend the FF add-on "certificate patrol."

    If you want to enhance browser security look into add-ons like Noscript. You can also enable the AppArmor profile.

    That's a fallacy that is thrown around far too often when Linux/Unix security is discussed. It's not simply a "windows thing"; there is malware and there are security vulnerabilities, and in most cases, they can wreak just as much if not more havoc than their Windows counterparts. I'm a sys-admin by profession, primarily Solaris and HP-UX, and I can vouch first-hand for just how many vulnerabilities are out there.

    As stated above me, be careful about where you browse the internet (i.e., do NOT check personal information while you're sipping a latte at Starbucks) and don't visit suspicious sites unless you're in a sandbox environment or know what you're doing. Also ensure that your passwords for your computer and more importantly, your bank account, are strong. There are plenty of links on Google on how to choose a "strong" password, so I won't go into that here unless requested.

  5. #5
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: security concern

    Quote Originally Posted by killerloop8 View Post
    hi everyone,

    I'm bit confused whether to use my ubuntu machine to access my bank accounts and other personal information coz lately ubuntu has become very popular and malware might already be on. I don't find any promising security software just to be on safer side and to have piece of mind.

    Please share your thoughts or suggestions.

    thanks
    First, you should read the security sticky.

    Second, there are layers of security and online commerce involves your box (client), internet protocols (networking), and the server you connect to.

    So you can learn to secure your Ubuntu box.

    And you also need to learn to secure your browser. Use hhtps and NoScript.

    Not much you can do about the server you connect to.

    With all that said, probably the biggest threat is still Phishing or social engineering and no amount of "Security software" will help with that, you need to educate yourself re : https .
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  6. #6
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: security concern

    Quote Originally Posted by blind2314 View Post
    That's a fallacy that is thrown around far too often when Linux/Unix security is discussed. It's not simply a "windows thing"; there is malware and there are security vulnerabilities
    A vulnerability != malware. I have never, in my years of scouring Linux/Unix security forums, ever seen a single piece of serious Linux malware in the wild. The one exception might be the malicious Ubuntu screensaver that somehow got on gnome-look.org a couple of years back. However, it was short lived and removed in a couple of days. Only a few people were affected and it never "spread" beyond those unfortunate and (careless) people's machines. Linux and Unix malware is extremely rare, to the point of almost being unheard of. And this has very little to do with market share.

    AV software on Windows has a very questionable success rate (and a high false positive rate to boot). It's a marketing scam and a money making scheme which is why I don't see much benefit in using it. I don't even use it on my Windows boxes (and I take security seriously).

    A better way to stop the rare piece of malicious code is not to install it. This means sticking with the official repos if at all possible and updating the machine when prompted. It's really that simple. Nothing is 100%, but in life there is always risk analysis and trade-offs. When you move to California, you are at a higher risk of getting killed in an earthquake, yet the risk is small enough that few people consider it. When you get pulled over by the police for speeding, there is always the risk that the cop is a serial killer out to get you, but the risk is small enough that most of us don't refuse to pull over out of that fear. I would say the risk of getting "malware" on an updated Linux box where the admin takes care in installing only trusted software is equally as slim. Am I saying it's utterly impossible? No. I am saying the risk is small enough to be negligible if basic steps are taken. I am also saying "security software" will do very little good and there's no reason to start insisting that Linux become Windows with its plethora of expensive "security suites."
    Occam's Razor for computers: Viruses must never be postulated without necessity -- nevius

    My Blog

  7. #7
    Join Date
    Dec 2010
    Location
    Something witty.
    Beans
    204
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: security concern

    Quote Originally Posted by rookcifer View Post
    A vulnerability != malware. I have never, in my years of scouring Linux/Unix security forums, ever seen a single piece of serious Linux malware in the wild. The one exception might be the malicious Ubuntu screensaver that somehow got on gnome-look.org a couple of years back. However, it was short lived and removed in a couple of days. Only a few people were affected and it never "spread" beyond those unfortunate and (careless) people's machines. Linux and Unix malware is extremely rare, to the point of almost being unheard of. And this has very little to do with market share.

    AV software on Windows has a very questionable success rate (and a high false positive rate to boot). It's a marketing scam and a money making scheme which is why I don't see much benefit in using it. I don't even use it on my Windows boxes (and I take security seriously).

    A better way to stop the rare piece of malicious code is not to install it. This means sticking with the official repos if at all possible and updating the machine when prompted. It's really that simple. Nothing is 100%, but in life there is always risk analysis and trade-offs. When you move to California, you are at a higher risk of getting killed in an earthquake, yet the risk is small enough that few people consider it. When you get pulled over by the police for speeding, there is always the risk that the cop is a serial killer out to get you, but the risk is small enough that most of us don't refuse to pull over out of that fear. I would say the risk of getting "malware" on an updated Linux box where the admin takes care in installing only trusted software is equally as slim. Am I saying it's utterly impossible? No. I am saying the risk is small enough to be negligible if basic steps are taken. I am also saying "security software" will do very little good and there's no reason to start insisting that Linux become Windows with its plethora of expensive "security suites."
    I never said that vulnerabilities and malware are the same thing..so I'm not sure why your first sentence was worded that way. If you re-read my post, you see that I specifically mention malware AND vulnerabilities..not ever implying that they are the same thing. I also never advocated those "expensive security suites" that you mention, but simply gave tips to follow.

    There are a plethora of security vulnerabilities out there for every platform, and I never made a direct comparison between any OS using actual numbers. I never insisted that Linux become Windows; however, it's startling how many sys-admins (the ones you mention) seem to think that installing trusted software is enough, and that little hardening is needed..because it's Linux/Unix, not that silly Windows. I also wasn't targeting my attack at you, since it seems you took it that way. Either way, hopefully you see what I was saying now..if not, oh well.

  8. #8
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: security concern

    Quote Originally Posted by blind2314 View Post
    There are a plethora of security vulnerabilities out there for every platform, and I never made a direct comparison between any OS using actual numbers. I never insisted that Linux become Windows; however, it's startling how many sys-admins (the ones you mention) seem to think that installing trusted software is enough, and that little hardening is needed..because it's Linux/Unix, not that silly Windows. I also wasn't targeting my attack at you, since it seems you took it that way. Either way, hopefully you see what I was saying now..if not, oh well.
    I think there are two misunderstanding that occur.

    1. New users coming from windows often want to apply "windows mentality" to Ubuntu, ie they want a firewall and antivirus.

    2. Advice that Ubuntu (Linus) is not windows and that one does not need such things is then misunderstood as there is no need for security.

    Most, if not all, experienced users / sys admin here emphasize security.

    I see a bigger problem in that too many people can not be bothered with security. This is probably "OK" for the vast majority of Desktop users at the moment as Ubuntu is "secure enough" by default that most people do not have security problems related to the vulnerabilities you suggest.

    If you are sysadmin a public server, yes you will need to learn to harden your server.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  9. #9
    Join Date
    Mar 2009
    Beans
    61

    Re: security concern

    Assuming that I'm smart enough to not be fooled by
    phishing e-mails / websites trying to get credit card
    numbers, passwords, or the like out of me, but not
    smart enough to recognize a "suspicious site" when I'm
    looking at it, what could a malicious website do to my
    computer? I visit websites almost every day that I've
    never been to before. There's no way I can tell ahead
    of time which are safe and which are not-- especially
    when I have no idea what might be unsafe about them.
    Why are we being warned about "suspicious sites"?

    -- Jeff, in Minneapolis

  10. #10
    Join Date
    Mar 2007
    Location
    Outer Milky Way
    Beans
    Hidden!
    Distro
    Kubuntu 12.04 Precise Pangolin

    Re: security concern

    Of course there's malware for Linux.

    Just look at all the problems that Google has had (and Google is Linux).

    Anyone who tells you there isn't malware for Linux is a fool. I'll capitalize that -- A FOOL.

    Now, the modules that make up the Debian (and therefore Ubuntu) operating system are generally pretty well screened. All modules, however, have bugs and vulnerabilities (otherwise there wouldn't be a need for constant updates).

    Nevertheless, an advantage of the large Debian community is that there are a lot of people that potentially may be hit by a security bug and can report it, or even sort out where the vulnerability in the code is. (While a vulnerability isn't malware, it's a security risk nevertheless. Just ask the poor slobs whose webservers were taken down, or databases hacked or destroyed, or Amazon Cloud installation snafu'd).

    Still, a disadvantage of Ubuntu (and Debian) is that a lot of apps are rapidly updated before code vulnerabilities are found -- hence, zero-day attacks are still possible in the apps.

    This is true for all software (without exception).

    A lot of people who try to re-assure you that there are no risks from software are mostly spinning hype and marketing.

    Most current malware isn't like the self-replicating viruses of 20 years ago. Even Windows users don't get hit by that very often anymore. (That's the type of virus that the dinosaurs say isn't prevalent in Linux, and on that score they're right).

    The problem is that backdoors are just as trivial to construct in Linux as they are in Windows. The Linux firewalls generally don't have deep packet inspection, so it is hard to detect unwanted backdoor traffic over standard ports (and most malware communicates over any open or standard port).

    It is quite worthwhile, therefore, to be circumspect about which apps you obtain and use. There are tens of thousands of apps available for Linux -- it is not difficult to write malware for Linux. The question is whether someone will install it on their computer or not. Make sure you trust your software repository completely. That is why Apple, Google, and ubuntu are so rigorous about ensuring distribution channels. (When Apple and Google were lax with it, malware was everywhere, just as with Windows.)

    Also, there are plenty of macros, Java, and Flash scripts that are well integrated into Linux these days, and I'll wager you have them on your system. These are good vectors for malicious code, too. I agree with the NoScript concept. It is probably the single most important module for being safe on the Internet.

    It is trivial to install a keylogger, backdoor, and/or password cracker on any computer whatosever as part of a malicious downloaded app. Be careful. Lock your computer and secure it. Never use a public computer for sensitive transactions. Use secure passwords.

    Suspect anyone who tells you any OS is perfectly safe. It's like the Midwest granny that thinks her neighborhood is perfectly safe and doesn't bother to lock the door. One day she comes home to find everything is gone.

    I had a friend who thought his work computer was very secure. One day someone walked by with a USB drive with a Linux OS on it. They booted his computer from the USB drive, copied his hard drive onto a second USB drive, and walked away with all his info, to examine it at their leisure.

    So, how many people have locked their OS against USB bootup? How many people have set privileges for the USB drive?

    Security isn't a matter of asserting something is safe. It is a matter of constantly thinking about and looking for all the weaknesses.

    Having said all that, the biggest risk to your data at your bank isn't your computer. It's the bank.

    Banks are hacked many times per year. They just don't publicize it. They build in a certain rate of loss to their projections and just live with it. It's been that way for years. (Why do you think they keep increasing your fees?)

    Your security habits are small potatoes to the security breaches at large institutions. Think my USB drive scenario is rare? Think again. It's a daily occurrence.

    I protected my data for decades. Two years ago I found all my personal data on the web, for the first time in 20 years. Where did it come from? My bank released all my mortgage info publicly.

    Cybersecurity is of national importance, but few in most sectors of government are educated enough to understand it (the military and CIA the exceptions, probably).

    What can a paranoid user do?

    Here's what I do:

    I set up a secure partition with one installation of (K)Ubuntu and use it for my sensitive transactions only.

    I set up another partition with a separate installation of (K)ubuntu on which I browse the Internet, play games, use social media, whatever. I never do both on the same OS installation. That way, if I unwittingly or inadvertently install a module (or dependency) that is not so safe, there is isolation between my sensitive partition and my "entertainment" installation.

    Lately I have taken to keeping the installations on separate computers altogether, and using firewalls between them (on the LAN).
    Last edited by perspectoff; May 3rd, 2011 at 09:41 PM.

    UbuntuGuide/KubuntuGuide

    Right now the killer is being surrounded by a web of deduction, forensic science,
    and the latest in technology such as two-way radios and e-mail.

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •