Linux Distro for Security & Privacy / Xerobank

If someone was looking for a Linux Distro for the sole purpose of Security, and Privacy which Distro would be right for the home user? What i mean by security is the least probable to infection of any sort of malware, and Privacy meaning no phoning home, DNS leaking or giving out any information about the user. What options do those distros come with for locking down your security? I also have an Xerobank account, and would like to know which distro works best with Xerobank? I don't know much about Linux other than playing around with a few distros like Open SUSE, Fedora, and Ubuntu. I know i'm asking a lot of questions, but it would be great if someone could just answer a few of them. I'm pretty lost when it comes to Linux, but have a little experience using it in the past. I want to better educate myself about Linux, and and i'm going to install Linux on 2 machines i just built. Thanks in advance for any reply's!

 

There is no known malware in the wild for any Linux distro, period. However this doesn't mean Linux is immune from social engineering or a bad guy coercing a newb into running a malicious command or installing a malicious .deb. The advantage Linux has is that most software is installed from trusted repositories where each package is digitally signed by the maintainer. This cuts down a lot on social engineering.

Bottom line: just install all your software from the distro package manager and you're golden.

There is none of this. The only "phoning home" done by any distro I have ever used is that of automatic software updates which, like Windows, can be turned on or off. Since most distros are free of charge, there isn't any motive for them to be phoning home in the first place; that is, there is no WGA or DRM, etc. The great thing about Linux is that it's almost 100% open-source -- any funny business would be discovered sooner or later by geeks looking at the code.

Actually there is something called the Linux Genuine Advantage.

Just using Linux and only installing software from official sources is good enough for 90% of people on a desktop box. If you need more, there is plenty more. Linux comes with the Iptables firewall built into the kernel itself. Then there are several Mandatory Access Control systems like SELinux that can be optionally turned on (SELinux was developed by the NSA). Most distros build their kernel and critical apps with ASLR, NX, RELRO, PIE, and stack smashing protections. That is, the address space is hardened against various kinds of attacks (including buffer overflows). If you want to take these protections further, you can use the PaX kernel patches. Basically, if you install a barebones box, put it behind a firewall, and incorporate strict MAC policies, your box will be like Ft. Knox.

Any distro will work. All you need is to install OpenVPN and connect.

 

Chronomatic, you said that "there is no known malware in the wild for any Linux distro, period". When i'm speaking of malware i'm speaking of Viruses, Bots, Worms, trojan's, rogues etc.. It was my perception that Linux was vulnerable to virus attacks except there are very few viruses in the wild for Linux Distros. Windows at any given time could possibly have thousands of viruses in the wild when Linux may only have several which is minute in comparison to windows. I just want to be sure i understand you correctly. Is Linux immune to viruses? Thank You very much for your response. I'm looking at SELinux now. I may try it. I believe the key for me right now will be simplicity until i better orientate myself with Linux.

 

It seems SELinux is not a distro, but a modular controller used for access rights of information. I'm still reading into it so correct me if i'm wrong. It can be downloaded from the NSA's website. I guess i misunderstood your post. I copied the following from Wiki. "NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. It includes a set of sample security policy configuration files designed to meet common, general-purpose security goals." After rereading your post i was in error since that was exactly what you was telling me.

 

I would not say immune, especially when social engineering is brought into the picture. But I would say "very hostile towards malicious code." There are a number of reasons for this, of which I don't feel like going into right now. But, when I said there is no known malware in the wild -- that is correct. I am not aware of any out there.

As for SELinux, it is not for the feint of heart. If you want to use it, I suggest you use Fedora which comes OOTB with SELinux policies. Really, if I were you, I would stick to the tried and true Ubuntu. You can use AppArmor with it which is *much* easier to understand and configure.

 

If you want to test drive Ubuntu, check out http://jars.de/english/ubuntu-804-vmware-image-download-english.

 

I've managed to access XeroBank via OpenVPN on a Ubuntu 10 VM in Hyper-V on Windows Server 2008 x64. Details are at https://xerobank.com/forum/index.php/topic,535.msg4269.html#new .

Now I need to learn AppArmor

 

Thanks hierophant! I will check it out.