Militantly FREE software support.
Militantly FREE software support.
NavigationUser loginSpam?See spam posts on this site? If so, please don't reply to the spam! Instead, just report the URL to the webmaster. |
Firewalls and virus checkersHi I am very new and ignorant about linux stuff. A friend upgraded my computer and installed Xandros KDE for me about 6 months ago. I am really happy using it and find it a lot more stable than windows but I feel vulnerable without a virus checker and firewall. My friend tells me I don't need these on Linux but I have read on a website that I do! Can you tell me the truth behind this. Do I need either of them, and if so how do I install them ( have downloaded clamav but have no idea how to install it!) Btw - I need single syllable instructions/information - i really know very little about all this! Bookmark/Search this post with: 
|
• Debian Weekly News - Essential reading for any Debian fan. • Documentation - Debian's own authoritative documentation, including installation docs. • FAQ - Got questions about Debian GNU/Linux? • From Windows to Debian - Tips for converting from Windows to Debian GNU/Linux • Package of the Day. • Security - Security information and alerts! • Bug System - Bug tracking and instructions on reporting bugs. • CD Images - Where/how to get Debian GNU/Linux CD images. • Mailing List Subscription - Dozens of Debian-specific support mailing lists! • Mailing List Archives - Searchable archives of Debian's mailing lists. • Free Software Guidelines - Learn Debian's idea of what "free" software really is. • Package Listings - A very valuable tool: searchable, integrated with bug reports. • Apt-Get Sources - Sources for *.debs which are not official Debian packages. • Backports - Unofficial new software packages that have been "back-ported" to work with the Debian stable/official release. • Developer's Corner - Info about the people behind Debian, policies, and how to package *.deb files.
Firewalls and virus checkers
1. antivirus: No, you don't need any on Linux unless someone who uses your computer is going to install viruses.
2. firewall: It depends on what you want to do. Firewalls are essentially for hiding parts of your network, limiting what your users can do on the network, and diverting certain network traffic to specific machines. They are not really a security device - that is a myth which people have come to believe from using WinDos. Odds are your modem gets a public IP address from your service provider and your computer (on a 'private' network like 192.168.x.x) is already behind a firewall.
The most important thing to do is make sure you change the administrator name and password on your modem - you can write it down in the manual so you don't forget, along with your connection name and password (unless you're afraid someone will steal the manual so that they can steal your internet connection). The reason you must change the admninistrator name and password is that default settings like "admin, admin" and "admin, " and "admin, password" are all well-known and web pages on the internet can run a script on YOUR machine when you visit the nasty page, and your machine (which is behind the firewall) can automatically reconfigure your modem. Many attacks are possible, but the most useful demonstrated so far is to configure your modem to give all your machines a bad DNS server. That DNS server will redirect you to hostile computers which can act as a 'man in the middle' and steal information such as passwords etc.
Firewalls and virus checkers
Wow that's really useful info. Thanks for explaining. Can you tell me how I change my modem password? Actually I'm not using a modem as such - I've got a BT home hub router (I'm using it cable connected, not wireless)
Firewalls and virus checkers
OK - I've managed to change my router password by following the instructions on the BT site.
Do I have to change my user name as well? If so why ?
Thanks so much for your helpful advice!
Firewalls and virus checkers
You don't really have to change the username.
Just to make sure you changed the right password - the gizmo which can be hijacked by scripts usually has an address like 192.168.1.1 or 192.168.0.1. Just typing that address into your web browser should bring up a login screen. On some devices the address is 10.1.1.1, 10.0.0.1, 10.10.1.1, 10.10.0.1.
Sometimes that gizmo is the cable receiver, sometimes a cable modem, sometimes an ADSL modem (because some cable receivers provide 'PPPoE' or 'ATMoE'), and sometimes it is your computer (for cable receivers that provide PPPoE). Whatever the case, it is the device which actually performs the login to your service provider. If it happens to be your computer then you're not susceptible to the hijack (unless you create a user named 'admin' with password 'password' or something silly).
One thing people generally do recommend, but it may take a few weeks of reading before everything is set up nicely, is to install a 'root kit checker'. However, as long as you're not running ftpd, sshd, apache, or other services then there really is no opportunity to remotely hack your machine. Your machine can only be remotely hacked if:
1. the attacker can connect to a 'port' - for this to happen, you need to be running a 'service'. (Debian runs a few services by default, but I can't remember which ones - they're generally not a problem though)
2. the service which 'listens' to that port has a vulnerability.
With Linux (and any UNIX system) the services can further be distinguised as 'local' and 'remote'. Most services can be configured to run in 'local' mode only, which means they are only accessible from that same computer and not the internet. There are also rules to control information coming from remote machines - the /etc/hosts.allow and hosts.deny files, so you can run a service like 'Apache' but set up so that only computers on your own network can see it and no one from the internet can see it (unless they've hacked one of your other computers). Each 'service' usually also has its own rules for access in addition to what the operating system imposes.