Security

Check this out in the What is your security setup thread!!!
Link:- https://www.wilderssecurity.com/showthread.php?t=111264&page=517
And he's not alone either!!!

Shared Network:
Actiontec Modem with SPI Firewall
DyDNS Free (Ads and Pop-ups, Conficker Worm, Phishing, Spyware)

Real-time Protection:
Avast! Free Antivirus (w/ Network, Web Shield) [Password Protected]
AVG Anti-Virus Free (w/o E-mail Scanner, Resident Shield) [UAC Protected]
Comodo Internet Security Premium (w/o Antivirus) [Password Protected]
Microsoft Security Essentials (Advanced SpyNet) [UAC Protected]
WinPatrol Free Cloud Edition

System (Windows 7 Pro 64-bit):
Enabled DEP, SEHOP, Default-Deny SRP, Silent UAC
Disabled Windows Firewall, System Restore, Internet Explorer, Autorun/Autoplay
Enhanced Mitigation Experience Toolkit
Spybot - Search & Destroy (Immunize)

Firefox 3.6.12:
Adblock Plus (Malware Domains subscription)
LastPass
WOT - Safe Browsing Tool
SandBoxie Free (+ DropRights & Internet Access Restrictions)

On-demand Scanning:
Avira Free (w/o Guard)
BugBopper
Dr.Web LiveCD
Emsisoft Free Emergency Kit
Hitman Pro
Malwarebytes' Anti-Malware
Norton Power Eraser
SUPERAntiSpyware Free
Trend Micro HouseCall

Analyzers:
http://camas.comodo.com/
Sysinternals Autoruns
http://www.urlvoid.com/
VirusTotalUploader

Updates:
Freeware Files RSS
KC Softwares SUMo

Backup:
Paragon Backup & Recovery Home Special Edition


It got me thinking, as this is a security forum after all. What is your security setup in linux these days?

I'll start.

Externel firewalled router
Totally pointless on demand scanning with bitdefender.

That's it. Anyone here as paranoid as our friend?

 

What, you have no Apparmor, not even Noscript - watch out for them baddies.

I also have BitDefender (for scanning emails ; infected ones marked in red. So far only the BitDefender Licence Key email and eicar test files were detected - looks like
I don't suffer from Windows users sending me malware stuff too often).

 

No noscript or WOT or any of that rubbish. I do run adblock though not for security but for faster page loading.

 

Hi,

Not me anyway.

I have Ubuntu 10.10.
I have UFW firewall UI.
I have AppArmor enabled though, with the full list of app default rules provided by Canonical. I added few extra app (mail, IM...) under AppArmor's umbrella.

Interrestingly, I set up my windows system partition like Linux: SUA + AppLocker to have a limited user with a default deny.

 

With my Live CD environment (could be USB), none of my disks are mounted - have Linux netfilter/iptables firewall rules on my computer in addition to my hardware router.

When powered off - if any malware got in - it expires!

I do use Firefox 3.6.13 w/NoScript +other add-ons.

-- Tom

 

Security?

Well, router ... but it's a convenience, not a security tool.
Noscript, cause I don't like noise - not because of security.
Good and tested backups -- the most important bit.

This is universal, regardless of the OS.

And a tin hat, of course.


Cheers,
Mrk

 

Paranoia aside...

I find this odd... a "pointless on demand scanning with bitdefender".

If it's "pointless" (may I read "useless", "not needed", etc ?), what's the point of having it.

Couldn't other Linux/Unix users say that you're being paranoid as well?

At least, the user you make mention, maybe he/she just likes to play around with antimalware apps... Maybe he/she is also aware that the O.S he/she has chosen to make use is not as safe as Linux... for all reasons that may be out there around the corner....? And, that's how he/she feels safe, perhaps?

For example, Lucy mentioned that with Windows all he/she uses is

While, mine is really similar... more restrictive in what can run/be downloaded, I'd say...

SUA + AppLocker would be useless in this scenario: https://www.wilderssecurity.com/showpost.php?p=1804796&postcount=38

I guess each one just needs to find the right balance between usability and security, considering what O.S one uses... and feel OK with it?

 

HE is the right answer ;-)

1- Well, this scenario will never hapen.
2- SUA is already great at limiting the effects of an untrusted running program(actually this is a sanbox, something that many who swear only by sandboxing tend to forget)
3- My sensitive data are not accessible from the SUA
And as said Mrk, a good data backup and system imaging and Voilà!

 

Touche moonblood. I admit you have me there.
It gives a placebo effect I suppose but not really required, much like our friend. However imo, I do find his setup ridiculous and way over the top. I would suggest that mine isn't. If he likes to test I might suggest he's not going to get realistic results with such a setup.

 

I hope I didn't give the impression to be supporting/not to be supporting such security setup...

As I said,

Whatever that may be.

Ah... Duly noted! lol

 

I suppose that's the Linux equivalent of above setup:
gentoo hardened:
hardened gcc toochain
grsecurity AND SELinux (see the faq you can run "grsecurity, RSBAC, SELinux and PaX all at the same time")
no X (because it's so dangerous and runs as root)
port some stuff from http://en.wikipedia.org/wiki/Tinfoil_Hat_Linux
lynx or elinks
clamav
chkrootkit/rkhunter
OSSEC
iptables (outgoing as well)
FDE + aufs with hardware read-only switch (works like a live CD, reboot - all changes are gone)

It's so secure that even you as root can't do anything useful with it

Anyway I doubt this guy is running all that software on a single system. For one he'd need 32G RAM and a PCI SSD RAID0 just to open notepad and then there are all the conflicts, especially running multiple real time AVs.
Finally, the irony, if you install that many security software you increase the odds that one of them is equipped with a nice stealth kernel backdoor or, more likely, introduces a nice silent data corruption bug or something similar (well, lots of random BSODs).

Personally my pretty close to 100% secure setup:
If you worry about someone getting into your system don't connect it to the internet. Secure erase anything sensible and keep the data offline only. Then security becomes only a matter of availability, I downgraded everything to a DoS
Of course it's just a rule of thumb and you'll have to make some compromises.
You'll need a few physical systems for different levels of security. Live CDs for online banking are already a common recommendation for average Windows users from whom you simply can't expect that they keep their PCs clean. (don't misunderstand what I'm saying here, I'm not implying this has anything to do with intelligence or that other OSs are more secure, it's just statistics that are definitely not in favour of said crowd).

 

Nope my computer is far from that powerful, it's 8x less strong.
I have no issues with opening notepad or having BSOD's as well.

Would you mind explaining what possible conflicts I may have?

 

I'm mostly talking about this part:

Personally I don't use any Windows AV software but from what I read people scream if you run two real time security suites or whatever they are called (and they say Linux apps got funny names) you are in for a heavy ride with all sorts of conflicts. E.g. the two will try to disable each other, access the same files, sockets, memory at the same time locking stuff. And besides that we have performance problems, mainly the HDD. Real time scanning means every file downloaded for example will be completely read into memory and processed by the AV. If you have two _real time_ scanners they'll for obvious reasons try to do that at the same time. HDDs are really bad with this kind of parallel reads (IPOS is what matters and SSDs are several orders of magnitude faster). Now you don't mention two but three real time anti virus scanners plus other real time protection
About BSODs: I didn't see you were using Win 7 64bit, this prevents AVs from doing too much dangerous hooking which is probably the prime reason for said instability and also aforementioned conflicts.

Anyway, if it works for you I can't argue with that and I hope my post wasn't taken in any other way than it was meant to be: not entirely serious.

If you don't mind, let me ask:
Why and what for? What do you use that system for and do those rt and on demand scanners actually ever find anything outside your sandboxes, or even inside your sandbox considering with regular security updates, anti-executable and EMET you block close to 100% of all non targeted attacks that aren't based on SE.



@Everyone, click on J L's sig, he updated it. This should tell Linux users a lot...

 

My only real-time hard disk protection in MSE.
The others operate on different levels: Avast scans network traffic, AVG analyzes on-execution behaviour, and Comodo is disabled.

I have all those on-demand scanners, because I like collecting and testing malware.

 

Astaro Security Gateway as UTM

+ fedora 13

+ ubuntu with apparmor

noscript adblock and WOT as browser addons

chkrootkit/rkhunter for scanning rootkit from time to time

avast and bitdifender to scan download files


windows vista 32 bit

KIS

malwarebite

secunia psi

 

Thanks for the explanation, now your whole setup makes a lot sense to me.

 

Hope this isn't too naughty. In a nutshell why I switched.
Best wishes for 2011.

 

My security:

1) Behind a router running Tomato
2) Have most of my Internet facing apps sandboxed with AppArmor.

That's really all you need, and even AppArmor is probably overkill for a desktop machine.

 

Mine:

Router

On ubuntu: ufw enable, default deny; + apparmor(default profiles)

On opensuse: firewall(enabled default), apparmor enabled ( default) and some changes in the permissions under Yast configuration tool.

firefox with noscript and adblock+ just to clear the junkie while surfing.

 

Common sense.

 

"common Sense" answer is so 2005. You are in 2011 and anyone can get pwned on Target, Home Depot, Newegg, Drudge, USAToday,ect.... dot com.

 

Can you explain how (emphasis mine) ?

So what should I use instead of common Sense ?

Cheers, Nick.

 

And what exactly has changed since 2005? Nothing at all.

Besides, maybe it's uncommon sense that should be used? Or lordly sense? After all, there's the house of commons and the house of lords. Maybe it should be called the Westerminster sense?

Mrk

 

Come on guys, use some common sense! LOL 2005 attack vector vs 2011 Nothing has changed You are safer surfing Porn now then surfing News. Just one example.

 

Common sense also encompasses keeping up with new emerging threats and developments. However a strong proactive security setup with the technology of 2005 stops 100% of all automated widespread attacks.

So drive by attacks changed in the sense where they are hosted but the way they work is exactly the same (vulnerability in browser or plugin, shellcode, dropped malware *.exe, ownage). They are getting more advanced too (like working under LUA) but an anti-executable policy would stop them in any case that got publicised since 2005.