Security

Discussion in 'all things UNIX' started by Beavenburt, Dec 30, 2010.

Thread Status:
Not open for further replies.
  1. Beavenburt

    Beavenburt Registered Member

    Joined:
    Dec 17, 2006
    Posts:
    566
    Check this out in the What is your security setup thread!!!
    Link:- https://www.wilderssecurity.com/showthread.php?t=111264&page=517
    And he's not alone either!!!

    Shared Network:
    Actiontec Modem with SPI Firewall
    DyDNS Free (Ads and Pop-ups, Conficker Worm, Phishing, Spyware)

    Real-time Protection:
    Avast! Free Antivirus (w/ Network, Web Shield) [Password Protected]
    AVG Anti-Virus Free (w/o E-mail Scanner, Resident Shield) [UAC Protected]
    Comodo Internet Security Premium (w/o Antivirus) [Password Protected]
    Microsoft Security Essentials (Advanced SpyNet) [UAC Protected]
    WinPatrol Free Cloud Edition

    System (Windows 7 Pro 64-bit):
    Enabled DEP, SEHOP, Default-Deny SRP, Silent UAC
    Disabled Windows Firewall, System Restore, Internet Explorer, Autorun/Autoplay
    Enhanced Mitigation Experience Toolkit
    Spybot - Search & Destroy (Immunize)

    Firefox 3.6.12:
    Adblock Plus (Malware Domains subscription)
    LastPass
    WOT - Safe Browsing Tool
    SandBoxie Free (+ DropRights & Internet Access Restrictions)

    On-demand Scanning:
    Avira Free (w/o Guard)
    BugBopper
    Dr.Web LiveCD
    Emsisoft Free Emergency Kit
    Hitman Pro
    Malwarebytes' Anti-Malware
    Norton Power Eraser
    SUPERAntiSpyware Free
    Trend Micro HouseCall

    Analyzers:
    http://camas.comodo.com/
    Sysinternals Autoruns
    http://www.urlvoid.com/
    VirusTotalUploader

    Updates:
    Freeware Files RSS
    KC Softwares SUMo

    Backup:
    Paragon Backup & Recovery Home Special Edition


    It got me thinking, as this is a security forum after all. What is your security setup in linux these days?

    I'll start.

    Externel firewalled router
    Totally pointless on demand scanning with bitdefender.

    That's it. Anyone here as paranoid as our friend?
     
  2. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    What, you have no Apparmor, not even Noscript - watch out for them baddies. :argh:

    I also have BitDefender (for scanning emails ; infected ones marked in red. So far only the BitDefender Licence Key email :argh: and eicar test files were detected - looks like
    I don't suffer from Windows users sending me malware stuff too often). :cool:
     
  3. Beavenburt

    Beavenburt Registered Member

    Joined:
    Dec 17, 2006
    Posts:
    566
    No noscript or WOT or any of that rubbish. I do run adblock though not for security but for faster page loading.
     
  4. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    Hi,

    Not me anyway.

    I have Ubuntu 10.10.
    I have UFW firewall UI.
    I have AppArmor enabled though, with the full list of app default rules provided by Canonical. I added few extra app (mail, IM...) under AppArmor's umbrella.

    Interrestingly, I set up my windows system partition like Linux: SUA + AppLocker to have a limited user with a default deny.
     
  5. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    With my Live CD environment (could be USB), none of my disks are mounted - have Linux netfilter/iptables firewall rules on my computer in addition to my hardware router.

    When powered off - if any malware got in - it expires!

    I do use Firefox 3.6.13 w/NoScript +other add-ons.

    -- Tom
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Security?

    Well, router ... but it's a convenience, not a security tool.
    Noscript, cause I don't like noise - not because of security.
    Good and tested backups -- the most important bit.

    This is universal, regardless of the OS.

    And a tin hat, of course.


    Cheers,
    Mrk
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Paranoia aside...

    I find this odd... a "pointless on demand scanning with bitdefender".

    If it's "pointless" (may I read "useless", "not needed", etc ?), what's the point of having it.

    Couldn't other Linux/Unix users say that you're being paranoid as well? :D

    At least, the user you make mention, maybe he/she just likes to play around with antimalware apps... Maybe he/she is also aware that the O.S he/she has chosen to make use is not as safe as Linux... for all reasons that may be out there around the corner....? And, that's how he/she feels safe, perhaps?

    For example, Lucy mentioned that with Windows all he/she uses is

    While, mine is really similar... more restrictive in what can run/be downloaded, I'd say...

    SUA + AppLocker would be useless in this scenario: https://www.wilderssecurity.com/showpost.php?p=1804796&postcount=38

    I guess each one just needs to find the right balance between usability and security, considering what O.S one uses... and feel OK with it? ;)
     
  8. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    HE is the right answer ;-)


    1- Well, this scenario will never hapen.
    2- SUA is already great at limiting the effects of an untrusted running program(actually this is a sanbox, something that many who swear only by sandboxing tend to forget)
    3- My sensitive data are not accessible from the SUA
    And as said Mrk, a good data backup and system imaging and Voilà!
     
  9. Beavenburt

    Beavenburt Registered Member

    Joined:
    Dec 17, 2006
    Posts:
    566
    Touche moonblood. I admit you have me there.
    It gives a placebo effect I suppose but not really required, much like our friend. However imo, I do find his setup ridiculous and way over the top. I would suggest that mine isn't. If he likes to test I might suggest he's not going to get realistic results with such a setup.
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I hope I didn't give the impression to be supporting/not to be supporting such security setup...

    As I said,
    Whatever that may be. :)

    Ah... Duly noted! lol
     
  11. katio

    katio Guest

    I suppose that's the Linux equivalent of above setup:
    gentoo hardened:
    hardened gcc toochain
    grsecurity AND SELinux (see the faq you can run "grsecurity, RSBAC, SELinux and PaX all at the same time")
    no X (because it's so dangerous and runs as root)
    port some stuff from http://en.wikipedia.org/wiki/Tinfoil_Hat_Linux
    lynx or elinks
    clamav
    chkrootkit/rkhunter
    OSSEC
    iptables (outgoing as well)
    FDE + aufs with hardware read-only switch (works like a live CD, reboot - all changes are gone)

    It's so secure that even you as root can't do anything useful with it:p

    Anyway I doubt this guy is running all that software on a single system. For one he'd need 32G RAM and a PCI SSD RAID0 just to open notepad and then there are all the conflicts, especially running multiple real time AVs.
    Finally, the irony, if you install that many security software you increase the odds that one of them is equipped with a nice stealth kernel backdoor or, more likely, introduces a nice silent data corruption bug or something similar (well, lots of random BSODs).

    Personally my pretty close to 100% secure setup:
    If you worry about someone getting into your system don't connect it to the internet. Secure erase anything sensible and keep the data offline only. Then security becomes only a matter of availability, I downgraded everything to a DoS :D
    Of course it's just a rule of thumb and you'll have to make some compromises.
    You'll need a few physical systems for different levels of security. Live CDs for online banking are already a common recommendation for average Windows users from whom you simply can't expect that they keep their PCs clean. (don't misunderstand what I'm saying here, I'm not implying this has anything to do with intelligence or that other OSs are more secure, it's just statistics that are definitely not in favour of said crowd).
     
  12. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Nope my computer is far from that powerful, it's 8x less strong.
    I have no issues with opening notepad or having BSOD's as well.

    Would you mind explaining what possible conflicts I may have?
     
  13. katio

    katio Guest

    I'm mostly talking about this part:
    Personally I don't use any Windows AV software but from what I read people scream if you run two real time security suites or whatever they are called (and they say Linux apps got funny names) you are in for a heavy ride with all sorts of conflicts. E.g. the two will try to disable each other, access the same files, sockets, memory at the same time locking stuff. And besides that we have performance problems, mainly the HDD. Real time scanning means every file downloaded for example will be completely read into memory and processed by the AV. If you have two _real time_ scanners they'll for obvious reasons try to do that at the same time. HDDs are really bad with this kind of parallel reads (IPOS is what matters and SSDs are several orders of magnitude faster). Now you don't mention two but three real time anti virus scanners plus other real time protection
    About BSODs: I didn't see you were using Win 7 64bit, this prevents AVs from doing too much dangerous hooking which is probably the prime reason for said instability and also aforementioned conflicts.

    Anyway, if it works for you I can't argue with that and I hope my post wasn't taken in any other way than it was meant to be: not entirely serious.

    If you don't mind, let me ask:
    Why and what for? What do you use that system for and do those rt and on demand scanners actually ever find anything outside your sandboxes, or even inside your sandbox considering with regular security updates, anti-executable and EMET you block close to 100% of all non targeted attacks that aren't based on SE.



    @Everyone, click on J L's sig, he updated it. This should tell Linux users a lot... ;)
     
  14. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    My only real-time hard disk protection in MSE.
    The others operate on different levels: Avast scans network traffic, AVG analyzes on-execution behaviour, and Comodo is disabled.

    I have all those on-demand scanners, because I like collecting and testing malware.
     
  15. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    Astaro Security Gateway as UTM

    + fedora 13

    + ubuntu with apparmor

    noscript adblock and WOT as browser addons

    chkrootkit/rkhunter for scanning rootkit from time to time

    avast and bitdifender to scan download files


    windows vista 32 bit

    KIS

    malwarebite

    secunia psi
     
  16. katio

    katio Guest

    Thanks for the explanation, now your whole setup makes a lot sense to me.
     
  17. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Hope this isn't too naughty. In a nutshell why I switched.
    Best wishes for 2011.

    Relief.jpg
     
  18. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    My security:

    1) Behind a router running Tomato
    2) Have most of my Internet facing apps sandboxed with AppArmor.

    That's really all you need, and even AppArmor is probably overkill for a desktop machine.
     
  19. s23

    s23 Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    263
    Mine:

    Router

    On ubuntu: ufw enable, default deny; + apparmor(default profiles)

    On opensuse: firewall(enabled default), apparmor enabled ( default) and some changes in the permissions under Yast configuration tool.

    firefox with noscript and adblock+ just to clear the junkie while surfing.
     
  20. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    Common sense.
     
  21. Blueshoes

    Blueshoes Registered Member

    Joined:
    Feb 13, 2010
    Posts:
    220
    "common Sense" answer is so 2005. You are in 2011 and anyone can get pwned on Target, Home Depot, Newegg, Drudge, USAToday,ect.... dot com.
     
  22. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    Can you explain how (emphasis mine) ?

    So what should I use instead of common Sense ?

    Cheers, Nick.
     
    Last edited: Jan 8, 2011
  23. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    And what exactly has changed since 2005? Nothing at all.

    Besides, maybe it's uncommon sense that should be used? Or lordly sense? After all, there's the house of commons and the house of lords. Maybe it should be called the Westerminster sense?

    Mrk
     
  24. Blueshoes

    Blueshoes Registered Member

    Joined:
    Feb 13, 2010
    Posts:
    220
    Come on guys, use some common sense! LOL 2005 attack vector vs 2011 Nothing has changedo_O You are safer surfing Porn now then surfing News. Just one example.
     
  25. katio

    katio Guest

    Common sense also encompasses keeping up with new emerging threats and developments. However a strong proactive security setup with the technology of 2005 stops 100% of all automated widespread attacks.

    So drive by attacks changed in the sense where they are hosted but the way they work is exactly the same (vulnerability in browser or plugin, shellcode, dropped malware *.exe, ownage). They are getting more advanced too (like working under LUA) but an anti-executable policy would stop them in any case that got publicised since 2005.
     
Loading...
Thread Status:
Not open for further replies.