Bread & Butter Security Apps For Linux

Hi

I am considering trying linux (probably Ubuntu) on my 64 bit pc, but before starting I thought I would just ask a question or two.

1) Sandboxie, Comodo Firewall + Hips and Avast Free are the main Heavyweights in terms of security I now use on Windows. What are the options for each of these in Linux?

2) I boost my online security with SafeOnline (Facebook), Keyscrambler and Zemana Antilogger. Are there alternatives for these?

Thanks

Terry

 

Hi Terry

There's a (2 year old) list of 80 apps here that may be of interest - I assume most of them are still alive and kicking. For example, Avast Free is there, though only in 32bit form.

You may, however, want to eschew such apps - Mrkvonic's article here leans in that direction.

FWIW, I personally switched to Linux to escape being an app-chap!

HTH

philby

 

Security apps are not needed for Linux. Welcome to freedom.

Any modern distro like Ubuntu or Mint with default setup and use a router to access the web and you`ll be fine.

There`s one thing better than being malware free - being anti-malware free.

 

lol, very well said.

On windows it's a pain to always keep on installing, tweaking, and updating the security applications. Now i do it for fun only.

 

Just keep it continuously updated, and do not use root account regularly. If you follow those 2 rules, you should be fine.

 

IMO that's a bad list, and it's not because it's 2 years old.
Some categories aren't listed at all:
MAC/RBAC (AppArmor, SELinux, Tomoyo, RSBAC, Smack, grsec RBAC)
VM/isolation as a security concept (chroot hardening, OpenVZ, Linux-VServer, Xen, KVM...)
kernel patches (Exec Shield, Owl, PAX, grsec...)
gcc hardening

Some is useful and still relevant of course like IDS and antirootkit but others are missing the most obvious like:
Encryption: loop-aes, dmcrypt, cryptsetup
Portscanner: nmap
Other Tools: fail2ban
Packet Crafting:netcat
VPN Tools: openssh (seriously?)
Forensics: TCT, dd
Data Removal: dd again (I mean it comes preinstalled, why not use it??)

in other parts it's showing its age:
Vulnerability Scanner: OpenVAS, metasploit

@OP:
You are asking for alternatives to Windows programs. This is the wrong approach to security in general and to Linux in particular as well. You need to ask the right questions:

What does security mean to me?
What do I want to accomplish: What do I want to secure against whom? What is my threat model?
What are my constraints? Time is money, security is a trade-off.
What is the likelihood of the risks I face, what insecurities do I still tolerate, what worst case scenario is unacceptable?

Security starts with a mindset, not with software. Then you develop a policy and a high level design with certain goals. At the last stage you chose the software that's most fit for your particular needs.

Sorry for replying back with questions. This is probably not what you were looking for. But here you have it, my approach to Doing The Right Thing.

 

Just practice safe hex and use a bit of common sense and you'll be fine. I use linux for the majority of my web browsing and apart from the built in security the only additional security i use is a few firefox add ons like noscript and dr web link scanner.

If i decide to do anything dangerous i'll run linux inside linux using virtualbox.

 

As an example, If your on an untrusted network,
How does Linux defend from ARP Attacks?
How does it differ from Windows in defending ARP attacks?

 

There are several tools like arpwatch (see also here) or arpalert. I haven't tried them, though.

@TerryWood: As already mentioned, Mrk's article is very good. Aside from this I recommend two simple commands for Ubuntu:

1. Although Ubuntu has no open ports and a firewall is therefore usually not needed you can enable a basic mode with ufw:

sudo ufw enable
sudo ufw default deny

2. You can set all AppArmor profiles to enforce mode:

sudo aa-enforce /etc/apparmor.d/*

Although not really needed, both measures increase your security and don't hurt.

BTW: This site might also be interesting for you.

 

fyi, TCT is deprecated by The Sleuth Kit.

I would recommend the following in addition to what katio has already mentioned:
Firewall: Iptables with a nice configuration
TCP/IP-stack hardening: See this link.
IDS: Snort
AV: ClamAV or maybe Avast (Closed source)
Rootkit: chkrootkit & rkhunter
Data removal: dd (or wipe/shred for individual files, if you're using a non-journalizing FS)
Encryption: GnuPG or maybe Truecrypt