Virus Adware & Spyware protection
in [UK Linux]
|
From: Andy Cap on 25 Oct 2007 13:53 Hi all Having got myself a stable Fedora 7 box up and running, I'm gradually moving over my applications. Before I go much further, I want to be reassured that I'm doing all I need to prevent all the possible naughties, which seem to threaten Windows - spit ! What do people recommend are the basic requirements along with any personal recommendations. Cheers Andy
From: anahata on 25 Oct 2007 14:24 Andy Cap wrote: > Hi all > > Having got myself a stable Fedora 7 box up and running, > I'm gradually moving over my applications. > > Before I go much further, I want to be reassured that I'm > doing all I need to prevent all the possible naughties, which > seem to threaten Windows - spit ! > > What do people recommend are the basic requirements > along with any personal recommendations. The requirements for securing a Linux box are very different from those for Windows. Most adware, trojans and other web-borne malware don't work in Linux, and anything that is run under your control as a normal users is very limited as to what it can do to your system. You should, however, make sure no services are running with needless access from the outside world. A basic firewall that blocks incoming connections is enough for many systems. If you must run sshd or other services with access from the outside world, restrict that access as much as possible. Don't run telnetd, nor any other servers like web or ftp servers unless you actually need them, and if they are used on a LAN don't allow access from the internet too. All that is basic security common sense for any OS or network. There are AV packages for Linux (see clamav), but their main purpose is to deal with Windows viruses in Linux mail servers that are used by Windows clients. -- Anahata anahata(a)treewind.co.uk -+- http://www.treewind.co.uk Home: 01638 720444 Mob: 07976 263827
From: Colin McKinnon on 25 Oct 2007 14:40 anahata wrote: > Andy Cap wrote: >> >> What do people recommend are the basic requirements >> along with any personal recommendations. > <snip> > > There are AV packages for Linux (see clamav), but their main purpose is > to deal with Windows viruses in Linux mail servers that are used by > Windows clients. > I'd go with the CERT Unix/Linux checklist ( http://www.cert.org/tech_tips/usc20_full.html ) You should certainly have a firewall configured both to restrict access and trap un-expected outgoing traffic. If you're going to allow remote ssh access to the machine do think about making it more difficualt for the worms to get in (different port, port knocking, keypair only logins, no root login, AllowGroups). I'd strongly recommend running a host based IDS (tripwire, L5 or similar). You'll be so glad you did if you ever get root-kitted. If you've got Windows clients using the Linux box as a server you definitely want to be running AV on any services - mail and Samba are both easily done with Clamav. Clamav is free, AND its quite good at detecting nasties. I'd recommend using a different vendor's solution on the clients - in part because its generally a good idea to have different AV products on different tiers, but also because (AFAIK) Clamav doesn't do realtime scanning on MSWin. You can virus scan web access via squid - I've not looked at this recently though. HTH C.
From: Chris Whelan on 25 Oct 2007 14:40 Andy Cap wrote: > Hi all > > Having got myself a stable Fedora 7 box up and running, > I'm gradually moving over my applications. > > Before I go much further, I want to be reassured that I'm > doing all I need to prevent all the possible naughties, which > seem to threaten Windows - spit ! > > What do people recommend are the basic requirements > along with any personal recommendations. > > Cheers > Andy I have been using various distros for three years now. I'm sat behind a router and... that's it! No anti-anything software to steal my CPU cycles and take up my bandwidth with updates. No software firewall hassling me when I want to transfer files between machines. It's why I turned to Linux. YMMV, and the doom-sayers may argue, but you have already done all you need by dumping Windows IMO. Chris -- Remove prejudice to reply.
From: Andy Cap on 25 Oct 2007 15:38
On Thu, 25 Oct 2007 18:40:12 GMT, Colin McKinnon <colin.thisisnotmysurname(a)ntlworld.deletemeunlessURaBot.com> wrote: >I'd go with the CERT Unix/Linux checklist ( >http://www.cert.org/tech_tips/usc20_full.html ) You should certainly have a >firewall configured both to restrict access and trap un-expected outgoing >traffic. If you're going to allow remote ssh access to the machine do think >about making it more difficualt for the worms to get in (different port, >port knocking, keypair only logins, no root login, AllowGroups). I'd >strongly recommend running a host based IDS (tripwire, L5 or similar). >You'll be so glad you did if you ever get root-kitted. > >If you've got Windows clients using the Linux box as a server you definitely >want to be running AV on any services - mail and Samba are both easily done >with Clamav. Clamav is free, AND its quite good at detecting nasties. I'd >recommend using a different vendor's solution on the clients - in part >because its generally a good idea to have different AV products on >different tiers, but also because (AFAIK) Clamav doesn't do realtime >scanning on MSWin. You can virus scan web access via squid - I've not >looked at this recently though. > >HTH > >C. Oo'er ! That's a rather daunting list but I'll certainly give it a read. This is just 3 boxes hanging on a home router and nothing at all complex. I ran a couple of the port scanners and they say the system is secure but it's malicious software getting out I guess is the main possibility but I'm not into lots of trial downloads and once it's up and running, my requirements are very basic an unlikely to change much. Andy C |