Ubuntu Home Users Security (friendly) Discussion

[Qassis]

DuckHook,

Quote: [I understand that your intentions are entirely noble, but I am obligated to point out that there is an element of magic thinking in your claims. They erroneously treat security as an app rather than as a process.]

Thank you. I appreciate your reply. You made your point well concerning viruses and antivirus programs. No argument - but I'm a bit more paranoid so will follow the more conservative (for antivirus) guidance at: https://www.linux.com/training-tutor...mmune-viruses/ and keep running mine.

Quote: [The distinction between "home users" and "system administrators" is also unnecessary. Security is security. It does not vary. It especially has nothing to do with the expertise of the user.]

OK. I was discussing the expertise of casual home users (i.e. no IT background, Senior Citizens, other challenges) verses SysAdmins and CyberSecAdmins. I'm discussing the fact that many home users have switched to Linux from Windows and are GUI/Desktop only users (no shell/command line). I want to use this cafe to identify those things casual users can do to improve security a bit. For example, adding GUFW to easily turn-on their (UFW) firewall.

Quote: [A foolish user will eventually infect his computer and antivirus will not stop this. It is his behaviour that will get him in trouble. A foolish sysadmin will inevitably court disaster irrespective of his years of expertise.
A wise user will avoid infection and antivirus won't make a sliver of a shred of an ounce of difference. It is her behaviour that will keep her out of trouble. A wise home user is unlikely to have to deal with malware irrespective of how inexperienced she is.]

Amen. In addition to the foolish, there are wise folks (including those with no IT background, Senior Citizens, and other challenges) who are just not educated in Cyber Security, but who can follow simple guidance (i.e. installing and using GUFW) and improve their own security.

Quote: [There is only one way to attain hardened security: one must put in the work, the learning and, most of all, the behaviour modifications. There are no tricks. There are no shortcuts. There are no magic apps. There are no antivirus, antibiotics or antihistimines.]

I can't argue with you when you are right. Yet there are Ubuntu users who will not be able to put in the "work" or level of learning to achieve hardened security. I think the tips from knowledgeable folks like you, mastablasta, and others here CAN help even 'casual' users.
Thanks for the reply, advice, and wisdom. I look forward to your future posts and insights.
P.S. As soon as I learn to quote portions of the text in the reply as you did I'll start doing so........ Still searching for 'that' instruction.....

[Qassis]

AV software mostly scans only for windows viruses, so i am not sure why would you feel more secure using them. maybe rootkit hunter is useful. also clamtk has very poor detection rate and will detect many false positives as well.

best security is backup and some hardening. don't open doors (iptables) if you don't want others to enter. they are closed by default.

can you get hacked in linux? yes. my web server got hacked. how? well a small wordpress plugin i wasn't even using had a security vulnerability. that was reported online on thursday. at that time i checked the server on weekends and ran updates. but they hacked me on Friday. on Friday server started sending out spam and spread the botnet. host spotted unusual activity, blocked it and notified me. for some reason their backup didn't work, so we had to use a year old one in combination with theirs to restore the site.

lesson:

• use a malware scanner - scanner compares my files with the original ones
• use a service that will let you know when you should update and will warn of strange activity
• make another set of automated backups by myself (monthly & weekly)
• lock down as much files as possible to read only

result was a bunch of hackers a day being stopped.

advice for home user:

• careful what you download and from where
• if you installs services that provide access from outside, use a firewall to manage the connections
• if you have a router firewall, utilise that as well.
• use good passwords (password managers will help with that)
• if possible use secure connections (e.g. no FTP only sFTP)
• most importantly - do regular, automated backups. to multiple locations. if possible make an offline backup to unplugged hardware as well. also test the restore process and keep it simple.

plenty of hardening lists like this one: https://gist.github.com/lokhman/cc71...b2d9264c0287a3

WOW, AWESOME REPLY! Your response is more like a Ubuntu CyberSecurity Wiki or HOWTO!
I guess my thoughts on using an Antivirus are more along the lines of: https://www.linux.com/training-tutor...mmune-viruses/ .
I like ClamTK for 'casual users' because it's literally click to install and can run and update automated.
LOVED your "Lessons"! What malware scanner are YOU using? I'm using Lynis, but it's not the 'click and install/use' app I'm looking for (although super easy install/use).
Your "advice for home user is also outstanding (easy to understand/apply).
Thank for taking the time to respond, the lessons, advice and links.

[DuckHook]

I appreciate your linking to the site where you obtained your information. It actually clears the air and allows for a more considered rebuttal.

Please note the following:

1. The author, earlier in his piece, readily concedes that:
   
   1. "nearly all malicious email attachments target Windows machines."
   2. Even should such an attachment target Linux, it would need the user to foolishly go along by invoking sudo to allow it to install…
   3. barring which, antivirus has no benefit for the Linux user.
2. So why install it? The author's reason is quickly summarized. To quote him:

   …Have you ever forwarded anything with attachments to another user? If so, is that user a Windows user? If so, you could very well have given that attachment a chance at a successful infection. So why not add a virus scan to your Linux system to avoid such an issue?

3. The only reason given is to protect Windows users. Not Linux users, but Windows users.
4. He then conflates a completely different issue with the one at hand—by dragging in specialty uses such as mail servers. How many "non-technical home users" run Postfix or Sendmail servers? None. This is an attempt to compare apples to astronauts. It's a silly and fallacious contrivance.

The only reason for installing antivirus, then, is this: Linux users are being asked to protect Windows users from themselves.

This is where the author of that piece and I have a fundamental philosophical disagreement. I think that it's not only unfair to ask Linux users to protect Windows users from the consequences of their choices; it is outright dangerous:

1. We have no more obligation to shield Windows users from their self‑embraced danger than groundlings have to shield mountain climbers or skydivers. Off‑loading risk onto those who are more prudent constitutes what economists call a Moral Hazard.
2. Even if we take on such obligations, there is no end to them. Windows users do lots of dumb things. Most turn off challenge/response. They run all sessions with admin privileges. They blindly install mysterious apps from i‑pwn‑you.com. If we are not obligated to protect them from these practices, what makes filtering out their viruses for them the oh‑so‑special exception?
3. There is no reciprocation. Windows does not read EXT files, recognize NFS network protocols, graciously allow for Linux partitions during installation, play nice with Linux file permissions or attributes. Why must we carry water for Windows' shortcomings when they do nothing for us?
4. So long as we continue to run cover for Windows, Windows users will have little motivation to adopt better practices or change their own behaviour. We do drunkards no favours by handing them more booze.
5. As I have already stated, running extra apps and servers is not without cost. It impacts our resources and it increases our own malware risk and attack surface. It undermines the Linux principle of smallest footprint and least services.
6. It perpetuates myths and falsehoods. It diverts time, effort and resources from the useful to the useless. And in adopting Windows behaviour, it introduces bad habits into the Linux ecosystem.

Don't get me wrong: if you want to run AV, it's entirely your call. No one can or should stop you. After all, one of the biggest advantages of Linux is the way it empowers every user's choice. But don't do this out of some vague amorphous feeling that AV is somehow virtuous. It is not. It is best to base our practices and beliefs on facts and sound principles. We avoid all sorts of trouble that way.

It may be that you are motivated by a desire to protect your Windows friends and keep them from danger. This is a commendable motive. One would hope that they derive a better understanding of security from the fineness of your own example than from your antivirus. Who knows? A few of them may even take up Linux.

Good Luck and Happy Ubuntu-ing!

[QIII]

To DuckHook's excellent missives, I will add this: Security is not fire-and-forget. It is an iterative process that requires the user's frequent and full attention.

[EuclideanCoffee]

I wish to add that my antivirus scanner picked up the first Linux threat I've seen in an email (and this was at home).

[DuckHook]

I wish to add that my antivirus scanner picked up the first Linux threat I've seen in an email (and this was at home).

You are one of our 800 pound security gorillas. If you recommend AV for Linux, I may have to revise my views.

Do you recommend it and, if so, why?

[EuclideanCoffee]

Do I recommend AV for Linux? :/ In theory, it's necessary, but it's difficult to get right. Symantec Endpoint Protection in my opinion has the best product.

[mastablasta]

I wish to add that my antivirus scanner picked up the first Linux threat I've seen in an email (and this was at home).

it could have been false positive.

also if you care what you open and from whom, email should really not be an issue. gmail scans attachments for example.

but nothing is 100% safe. and security is ongoing process. though we are lazy, so virus scanner helps with that

[mikodo]

Do you recommend it and, if so, why?

I would like to hear a response also. Seems time to review the subject of scanning emails in Linux ... Maybe Claws Mail ...

[EuclideanCoffee]

I would like to hear a response also. Seems time to review the subject of scanning emails in Linux ... Maybe Claws Mail ...

Depends on your risk tolerance. If you have low risk tolerance, you should be using a third-party email provider like Google to do most of this work for you. Then using an anti-virus scanner for advanced threats, not just malware. There is a Carbon Black version for Linux, but you shouldn't need that as a home user.

You may think that you are safer and more secure when using your own default configurations, but you simply are not. You do not know what threats are lurking on your PC. Even if you only go to Ubuntu Forums all day, there are many chances to become infected with malware that will go undetected.

Finally, if you are high risk tolerance, then you should feel comfortable using Linux with no firewall rules and hosting your own email server for convenience. Not recommended.