Bread & Butter Security Apps For Linux

Discussion in 'all things UNIX' started by TerryWood, Feb 11, 2011.

Thread Status:
Not open for further replies.
  1. TerryWood

    TerryWood Registered Member

    Jan 14, 2006

    I am considering trying linux (probably Ubuntu) on my 64 bit pc, but before starting I thought I would just ask a question or two.

    1) Sandboxie, Comodo Firewall + Hips and Avast Free are the main Heavyweights in terms of security I now use on Windows. What are the options for each of these in Linux?

    2) I boost my online security with SafeOnline (Facebook), Keyscrambler and Zemana Antilogger. Are there alternatives for these?


  2. philby

    philby Registered Member

    Jan 10, 2008
    Hi Terry

    There's a (2 year old) list of 80 apps here that may be of interest - I assume most of them are still alive and kicking. For example, Avast Free is there, though only in 32bit form.

    You may, however, want to eschew such apps - Mrkvonic's article here leans in that direction.

    FWIW, I personally switched to Linux to escape being an app-chap!


  3. phaedrus

    phaedrus Registered Member

    Aug 18, 2002
    Security apps are not needed for Linux. Welcome to freedom. :)

    Any modern distro like Ubuntu or Mint with default setup and use a router to access the web and you`ll be fine.

    There`s one thing better than being malware free - being anti-malware free. :thumb:
  4. aigle

    aigle Registered Member

    Dec 14, 2005
    Saudi Arabia/ Pakistan
    lol, very well said.

    On windows it's a pain to always keep on installing, tweaking, and updating the security applications. Now i do it for fun only.
  5. J_L

    J_L Registered Member

    Nov 6, 2009
    Just keep it continuously updated, and do not use root account regularly. If you follow those 2 rules, you should be fine.
  6. katio

    katio Guest

    IMO that's a bad list, and it's not because it's 2 years old.
    Some categories aren't listed at all:
    MAC/RBAC (AppArmor, SELinux, Tomoyo, RSBAC, Smack, grsec RBAC)
    VM/isolation as a security concept (chroot hardening, OpenVZ, Linux-VServer, Xen, KVM...)
    kernel patches (Exec Shield, Owl, PAX, grsec...)
    gcc hardening

    Some is useful and still relevant of course like IDS and antirootkit but others are missing the most obvious like:
    Encryption: loop-aes, dmcrypt, cryptsetup
    Portscanner: nmap
    Other Tools: fail2ban
    Packet Crafting:netcat
    VPN Tools: openssh (seriously?)
    Forensics: TCT, dd
    Data Removal: dd again (I mean it comes preinstalled, why not use it??)

    in other parts it's showing its age:
    Vulnerability Scanner: OpenVAS, metasploit

    You are asking for alternatives to Windows programs. This is the wrong approach to security in general and to Linux in particular as well. You need to ask the right questions:

    What does security mean to me?
    What do I want to accomplish: What do I want to secure against whom? What is my threat model?
    What are my constraints? Time is money, security is a trade-off.
    What is the likelihood of the risks I face, what insecurities do I still tolerate, what worst case scenario is unacceptable?

    Security starts with a mindset, not with software. Then you develop a policy and a high level design with certain goals. At the last stage you chose the software that's most fit for your particular needs.

    Sorry for replying back with questions. This is probably not what you were looking for. But here you have it, my approach to Doing The Right Thing.
  7. farmerlee

    farmerlee Registered Member

    Jul 1, 2006
    Just practice safe hex and use a bit of common sense and you'll be fine. I use linux for the majority of my web browsing and apart from the built in security the only additional security i use is a few firefox add ons like noscript and dr web link scanner.

    If i decide to do anything dangerous i'll run linux inside linux using virtualbox.
  8. Searching_ _ _

    Searching_ _ _ Registered Member

    Jan 2, 2008
    As an example, If your on an untrusted network,
    How does Linux defend from ARP Attacks?
    How does it differ from Windows in defending ARP attacks?
  9. tlu

    tlu Guest

    There are several tools like arpwatch (see also here) or arpalert. I haven't tried them, though.

    @TerryWood: As already mentioned, Mrk's article is very good. Aside from this I recommend two simple commands for Ubuntu:

    1. Although Ubuntu has no open ports and a firewall is therefore usually not needed you can enable a basic mode with ufw:

    sudo ufw enable
    sudo ufw default deny

    2. You can set all AppArmor profiles to enforce mode:

    sudo aa-enforce /etc/apparmor.d/*

    Although not really needed, both measures increase your security and don't hurt.

    BTW: This site might also be interesting for you.
    Last edited by a moderator: Feb 12, 2011
  10. raspb3rry

    raspb3rry Registered Member

    Jun 8, 2010
    fyi, TCT is deprecated by The Sleuth Kit.

    I would recommend the following in addition to what katio has already mentioned:
    Firewall: Iptables with a nice configuration
    TCP/IP-stack hardening: See this link.
    IDS: Snort
    AV: ClamAV or maybe Avast (Closed source)
    Rootkit: chkrootkit & rkhunter
    Data removal: dd (or wipe/shred for individual files, if you're using a non-journalizing FS)
    Encryption: GnuPG or maybe Truecrypt
Thread Status:
Not open for further replies.