Wednesday, April 9, 2008

Virus Scanners and Security

One of the first questions thrown at me from a new user that has migrated from a Windows system is what virus scanner should I use.

My usual canned response is that you don't need any. Linux doesn't have any viruses.
I say this but it's not entirely true.

There are some minor viruses like diesel and there are rootkits and exploits which can infect your Linux system.

But with a bit of common sense and a few tools you can remain 99.9% clean and free.

First let me give you some common sense advice.

1) Don't log in as root and use your computer as you would in the user mode.
2) Don't use sudo or root access to change permissions on folders or files except to make some configuration changes or repairs. Once done, make sure to change the permissions back to what they originally were.
3) Only download and install software from the Ubuntu repositories or fully trusted repositories.
4) If you are not sure of a site that has some software you want, don't download and run the .deb package. Download and compile the source code instead.
5) Make sure your network connection is behind a NAT/firewall.
6) Never download and install a package from a forum or web site that you do not know and trust!
7) Always download and install all updates. Even the updates for software you have installed. Software updates may contain fixes for security holes and patches.

With that out of the way let's explore some tools you can use.

The default firewall for Ubuntu uses iptables. While it is fairly secure at the default settings you can customize it to your needs.
The easiest way is to install firestarter, firehol, guard dog or one of the many firewall scripts found in Synaptic. (Linux offers choices. :-) )

Rumor mill has it that the firewall configuration will be much easier in the Hardy Heron release.

Some other tools you can install that scan for file changes or rootkits are chkrootkit or rkhunter.

Use logcheck to spot problems and security violations in your logfiles.

Other tools to check your security are widely available. A few that have my attention are bastille and check security.

You will find that many of these programs don't require you to stop what you are doing to run a scan. They run in the background and only squawk when they find a problem.

Now back to the subject of viruses.
If you use common sense and keep updated your chances of getting a virus is very, very minimal. Nothing is 100% secure but by using the above rules you can get very close to it.

I have both clam antivirus and the free Linux version of Avast.
They are both an on-demand scanner. You need to physically start the scanner and select what you scan.
But I don't use it for files used on my Linux system.

I use it to scan files being transferred to my XP system or files that I may send to other Windows users. I have to remain responsible and make sure not to infect them with virii.

Oh! Adware is not an issue. They can't install their crap without me giving permission to install it and almost all of it is made for Windows systems.

Linux security allows me to be more productive. No wasted time spent on scans on top of scans.


No comments: