Hi guys, just have a quick question since I'm so new to Linux. I'm wondering if there are any products out there that provide a security suite, eg akin to Zonelabs security suite for Windows. I have heard that these things aren't necessary if you're using Linux, is this true?
Last edited by madmonkey; 24-08-2005 at 10:31 PM.
How do you mean? You mean as in a firewall etc? They arent as neccessary, but still adviseable. you can set up a good one using iptables. Or im sure a quick google on sourceforge would bring something up.
Nearly every Linux distro has basic security features these days, for one thing, you have little to worry about viruses, since hardly any exist, and none that can compromise a modern Linux installation.. Fedora Core (and some others) feature SELinux (a NSA supported kernel hardening system), and an interface to iptables (the linux kernel firewall system), and since all software is open source, spyware isn't a worry either.
Originally Posted by Agent
Wow that's just great. I'm thinking of trying out the SUSE distro. It does feel strange not having to worry about things like that. I guess Windows have indoctrinated me quite a bit...
it certainly can be. Some people stick in spyware type applications into their source to monitor peoples useage etc, your right in that you can "see" if by going through the code but unless you've got lots of time and a skilled software engineer it will be hard find it.spyware isn't a worry either.
A linux system is just as comprimisable/exploitable as a windows system if its not run and configured properly, so don't go in thinking "well I don't need to bother with X Y and Z" go in with the same approach you would if you where running your standard windows desktop, eg: stop the services you don't need, make sure you patches are up to date etc etc.It does feel strange not having to worry about things like that
It is Inevitable.....
ikonia.. very very few opensource developers would stick spyware in their apps, popularity of an open source project deems weither it lives or flops, if they were riddling apps with spyware nobody would use it or recommend it, GNU/Linux is nearly entirely word-of-mouth.
A linux system isn't *as* exploitable, distros come hard out of the box, they don't run anything (service wise) until the user installs it, most distros come with a firewall out of the box, the stack the kernel manages is a lot more efficent as well.. and there are kernel patches (that Fedora Core uses for eg.) that harden the stack (and other components of the kernel, such as permissions) even more so, GRESecurity, SELinux are two most popular.. Linux doesn't even come close to the same league of security issues that windows has.
Last edited by aidanjt; 25-08-2005 at 02:40 PM.
aidanjt, no.
linux kernel NEEDs SELinux to stand a chance of been as secure as a BSD. A lot of distros are also vunerable, too many have PERL installed by default, and PHP on apache, there are viruses for both of those.
spyware damn well does excist, people can dupe linux users because their arogant. I've only once even skim read the source of something i was installing, i'm obsessive compulsive. Sometimes i won't be able to sleep until i've made a working TCP/IP stack in 2k of memory. Yet i've only read + understood the source of 1 project?!
Some open source projects are terribly badly written (phpMyAdmin) which leads to a host of exploitable flaws. The attitude you have is very silly.
If you want secure, try OpenBSD, its safe because it forces you to understand everything your doing.
Windows is very damn secure if you've patched, hey lets see how many indevidual updates you need for NT 4.0 SP 6, compaired to the same linux 2.2 kernel, and a few base packages.
in short aidanjt, don't be such a fool. Linux has had a whole host of exploitable flaws (the standard linux distro even more) the kernel is a hobbiest kernel, which really dosen't stand upto the big boys (Solaris, BSD, NT) in terms of security. Its a new(ish) kernel 2.6 compared to the age of an XP one, or Solaris.
madmonkey, you need to trust your distro, if your really worried about safety, use BSD, its a lot safer because the kernel is actually properly written. But bear in mind patching on most distro's is easy with their manager (dpkg on debain for example of my favourate linux distro) the problem is you need to be ready to do it at any time of the day, because you've no idea when an exploit is going to be made public.
throw new ArgumentException (String, String, Exception)
Clearly you have no idea what SELinux is, SELinux is hardening overkill, no applications can do anything without a security policy in place, sqeezes the stack by the balls and holds on tight..
A Virus for PHP?.. are you off your trolly.. there is a PHP application that is vunrable to a worm, yes, thats not a failing of PHP, thats the application developer's fault.. Which has been patched in a few days after this was discovered, again, a virus for perl?.. its another damn scripting engine, the worms don't target the engine, they target a specific application.
BSD is secure as is because it has had 40 years of development on it, but it lags behind in hardware support, doesn't perform as admirably, and a Windows user sure as hell will never understand it.
You still don't understand the concept of open source development, an open source project is powered by community developers and its power users/testers.. without them its dead in the water, if spyware is present, they will lose all support, not only that, but these applications run on most POSIX systems, BSD and Solaris included.. now instead of throwing unfounded accusations, name me a popular application that contains spyware and put the spyware code in a paste bin and link it here.
You think there's a problem with phpMyAdmin.. why not fix it?.. or don't run it?.. besides, phpMyAdmin is a PHP application, it effects ALL platforms, that includes BSD and Windows.
Windows still has 10,000 *confirmed* and unpatched bugs, how is that secure?
Solaris was a sloppy mess, why do you think Sun released it open source?
Commercial developers don't even come close to community developers, they don't have the manpower and often are too skimpy to hire the expertese.
BSD is Linux's only real technolgical riavel, but it still lags behind the yonger Linux, there are 10 times more Linux users than BSD users, now is that because we're all stupid or you don't know what your talking about?
buffer overflow in old PHP versions. Oh yes its been patched and u need to miss-use it, but the same way you can't say perl is secure, its always the problem with interpreted langauges which some distro's don't limit privledges properly.
now, how do do you think most people install spyware, they get duped, it might get correctly quickly, but if its a proper logic bomb, it can go for a long time before been noticed, because its rare isn't a means to say its not going to happen (this rock keeps away tigers).
I understand the concept of SELinux i think a little more than you think (that actually been the one open source project i've actually read bits of source code on). The thing is SELinux shows the problems with the linux kernel, which really i feal should be tackeled differently, more like BSD does.
10,000 unpatched bugs, please link them.
You've obviously not used the latest solaris.
Example of how linux users are in a fassion not trend, if i said to you, write out in pysodo code, a pre-emtive multithreader using a hardware architecture of your choice, it should take no more than 10 minuites. I made a very efficent one (limited to 16 proccesses) for a very low end micro in 180words. Linux 2.6 first had pre-emptive multithreading.... man thats awful.
BSD will run slower for single task stuff, (please not this is all x86 specific) due to the extra changes in proccess thunking and API access. Hello world in linux is about 10 words, 15 on bsd.
BSD is inheriently more secure, but licensed differently this is a main restricting factor.
All i'm saying is all OS's are insecure, you need to be vigalent, and that you shouldn't tell people not to say that against linux, i'm guessing your not a very low level coder?
throw new ArgumentException (String, String, Exception)
Indeed the only secure computer is one without an ethernet cable and a keyboard. What I'm trying to say is blasting Linux because its a young kernel is silly. GNU/Linux is a functional operating system, and pretty damn secure for desktop use, (i.e. not installing a bunch of services you wont use and failing to manage the acompanied security issues). The problems with deamon software that Linux uses is present in all other POSIX systems as well..
Don't get me wrong, I like BSD, I'm considering running FreeBSD on my server, I love ports. We all need to use the right tools for the job, ballancing security with functionality.
In this case, the OP is trying out Linux after moving from windows for general desktop stuff, since Linux isn't as hard on newcomers, its a good chance for him/her to figure out how a POSIX-like system works without being thrown into the deep end (or middle of the atlantic ocean in this context lol). Wouldn't you agree?
tbh NetBSD/FreeBSD are as easy to use as linux.
using linux is google howto <task>
same goes with BSD.
I personally don't see why so many people use linux, its kernel is young, week, and generally not very good. Its not EASY because the kernel isn't remotely modular at runtime (like NT is) but BSD dosen't fix that.
All i was objecting to is saying that linux dosen't have spyware, this is wrong, i got a malware package once of a rather shifty UK mirror service, and i didn't check the MD5. Admittedly, if you ONLY use distro packages, this is a lot harder.
A functioning linux OS has viruses and worms like any other, a lot for PHP and Perl require known code to be present to exploit.
I'd recomend if you want to make linux more secure, not using Perl (but pretty much everyone recomends that).
Also make sure your using MD5 passwords and shadow passwords (google the terms if you don't know what they are).
In short madmonkey, have nothing installed you don't know what it is and why you'd want it. Use ipchains to stop everything, and don't run as root.
throw new ArgumentException (String, String, Exception)
Spent the whole morning trying to set up OpenBSD properly by experimentation (prefer that to manuals). Then what happened? It refused to connect to any FTP or HTTP server to download the files
Because Linux is easy to use, secure, fast, and constantly undergoing rapid development. Linux is equally as monolithic as BSD... NT is excessively modular, any crap can plug itself into the kernel, with a horrible and insecure file structure, and has virtually no established standards at all.
Right, so you used an unoffical mirror, didn't run it past md5, and thats suppose to be the kernels fault?.. you could equally do something as dumb as that with BSD.. Use a projects official website, and use their mirror list to get source packages.. This is one reason why I use Gentoo, automatic offical mirror downloads, automatically checks the source package against md5.
And how many 'linux' viruses and worms are there?.. just over a handful, hardly any of which can actually do harm to current software.. how many does Windows have?.. hundreds of thousands.. Again, the issues with PHP and Perl aren't a Linux issue, they are an issue with any system that uses these engines, Windows, GNU/Linux, *BSD
It still depends on *what* you use perl for.
shadow passwords have been a standard way of storing passwords on a GNU/Linux systems for years, its default by all distros, MD5 and other methods are also optional at installation.
netfilter is also used by default on current distros.
You need to clam down and stop filling the guys head full of nonsense, you're driviling on about issues longgg addressed. if you don't like GNU/Linux, don't use it.. GNU/Linux offers freedom, if you want to be restricted by all means, go for it.
So much as BSD being as easy to use as Linux.Spent the whole morning trying to set up OpenBSD properly by experimentation (prefer that to manuals). Then what happened? It refused to connect to any FTP or HTTP server to download the files
Last edited by aidanjt; 26-08-2005 at 07:12 PM.
I'm glad you got your point across as you are showing the ease of use for a newbie. I started running Fedora Core 3 in febuary and i have had no problems running or installing it even though i had never touched linux in my life. All you have to do is fund a distro thats regulary (i cannot spell) updated , well maintained, has pritty much everything you need and install and go. easy.
your computer is similar to a fridge in that if it cannot keep a beer cold then it sucks
Thanks for all the advice guys. I can see everyone's point of view here but I think I need to break into an alternative OS by trying a little more user friendly like a well known distro. Yeah I know, indoctrinated by Microsoft but I'm willing to learn. I know everyone's choice in a distro is dependent on personal taste but I'm inclined to try out SUSE... oh and the last question is, what's the difference between Fedora core and Debian etc? Sorry guys I'm still a newbie and have spent a lot of time checking out distros and how to use basic commands on Linux etc. Right now I'm just tracking down all the drivers for Linux on my system before I finally give it a good go.
Fedora Core is a community project split from Red Hat since they went all commercial like, Fedora is a pretty hard distro, maybe excessive.. Debian is also a community project, rather more origional, more focused on security, as a byproduct of that methology, their software packages are always lagging behind upstream developer releases by many months.
SuSE is a good start for someone getting comfortable with Linux. Fedora Core is pretty easy to use as well, either would be apropiate.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote