Top 10 Ways to Protect Your Linux Home System
by Mark Rais, Senior Editor Reallylinux.com and author of Linux For the Rest of Us 2nd Ed.
As a result of articles referring to the threat of Worms
and Viruses attacking Linux systems,
many new Linux users are in a panic. They are running around wildly,
weaping to their mothers for help... or maybe not? I find very few new users who are either panic stricken
regarding worms & viruses or for that matter even concerned.
The few beginners who've asked me about the need and options tend to be curious rather than consumed by FUD related materials.
To help them out and calm any panic stricken nerves, I've completed a brief, encouraging and straightup list for protecting your Linux home system. Obviously, if you're using a Linux server in a business environment you'll need to go beyond some of these tips.
As I prepared for my Linux Security interview with Jon Watson, it became obvious to me that for the average Linux home user, there's not really much regarding viruses, at least when compared to the nightmares some of my Windows using friends have encountered.
So, in a bit of off the cuff humor, I've created a Linux Top
Ten Countdown. It's nowhere near as funny without a drum roll, so perhaps you can download and listen to one while reading the list.
Hopefully, these tips will help settle some upset stomachs and calm any panic induced by some haphazard reports regarding Linux security.
Top 10 Ways to Protect Your System
Visit a local computer software store, drift through the
aisles filled with internet security and spyware protection products and simply
walk on past them. You don't need to
spend $49 to protect a home Linux system. Even if you are seriously concerned, there are plenty of
Free Open Source solutions available to you that I list later.
Get online and download or order a large set of Knoppix Live Boot CDs and
share them freely with your Windows using friends.
This is especially important if you know of a Windows user who recently purchased a DSL or Cable Modem connection and asks you earnestly, "what's spyware?" Save them, for the
love of humankind! Get them using Linux before their system is infested with a dozen spywares consuming their bandwidth and system resources. In fact, these handy "live-cd" releases are good for many things including Emergency Booting a Windows PC! One of my friends foolishly ignored this advice and within 60 seconds of connecting his WindowsXP system on my DSL line had a slew of spyware rooted on his hard drive. Ironically, I had been using the same DSL for six months with a basic SuSe 9.3 release and zero issues crept up. Yes, he took a Knoppix CD home with him that night!
Get familiar with the world of OpenSource on sites like
Freshmeat.net and see just how much is available to you regarding every aspect
of Open Source software. I'm not just talking about security utilities. I'm also referring to
the exceptional power of programs like: Firefox web browser, OpenOffice.org 2.0, Apache projects, and MySQL 5.0, among over 105,000 others.
I've been considering printing the full list out in 4 point font and carrying it in my notebook case for that
not uncommon moment when someone asks me "is there much software available?" I can just whip out the 100,000+ listing and
hand it to them.
Take the time to download and install a patch if a
critical update is announced. How
frequently do such advisories occur? For the most part only a few times a year at most (obviously, this depends on your applications as much as your Linux flavor/kernel). The important thing is to realize that
home Linux use does not require you to patch every time an announcement is made. Just keep your ears out for critical security related patches, if they come.
In the Windows world there is a tendency towards hyper patching. As a result, some of my
technically savvy Windows friends switch over to Linux and start patching their systems
on an almost daily routine. Then they come to me, panting and sweaty saying, "Oh man, so many patches!" Ironically, even as
Microsoft pointed the blame at RedHat for releasing far more patches, they failed to also
point out almost none of the RedHat patches were critical security updates. Patch when
critical updates come, otherwise relax and enjoy your stable, quality home Linux PC.
Never run executable programs as root. If you login as root and find odd programs
you don't recognize, please take the time to move them to a user
space. Never run such programs using the ultra powerful root... unless you're particularly bored one day or partial to self-flagellation that is.
This takes me to the next point (about Linux not flagellation). There are multitudes of websites out there
offering "free" software and downloads. Please avoid Trojans and other problems by
downloading your software from reliable sites. Most websites will provide MD5 checksums and verified downloads protecting you from
issues. Stick to known and reliable websites. Hey, not all the points are funny okay!
Lots of people forget that even though your Linux system
may be far less vulnerable to viruses and malware, your
Windows systems on the same home network remain vulnerable. One major vulnerability of
Windows systems on a Linux network is that the Linux machine
inadvertently passes along viruses or malware that did not affect it. You can cover this weakpoint by downloading
and using Linux based antivirus software. Although it is unlikely your AV software will protect your Linux
box from anything malicious, it is highly likely it will keep things away from
your Windows systems. Ironic but quite true. You can download a
few AV Linux software from:here, or here, or here. You can also find several commercial anti-virus, anti-spam, and anti-malware options.
Yep, this goes in line with tip number 6. Please do not do your internet surfing or day-to-day work
on your Linux system as root. Take a brief moment in time and create a
secondary login. If you ever need to get superuser powers just use the su
command instead of habitually using root, which opens a potentially large hole for
fouling up your nice and stable Linux system.
You should enable and use your Linux firewall. The good part is that your Linux flavor is entirely
likely to come with a preconfigured firewall that is sufficient. Please be sure this is enabled when you surf the internet. Most Linux flavors come with a very robust
and capable firewall preinstalled, but configuring this may be simplified with some of the graphical firewall interfaces including: Firestarter and Guarddog. The key point about your firewall is that you should enable and use it!
Finally, the number one tip for protecting your system from worms, viruses, spyware and malware is to use Linux. You end up avoiding a good volume of issues regarding security and often enjoy better home PC performance to boot!
If you enjoyed this brief listing and want more details regarding each point, you may benefit from listening to the interview on The GNU/Linux User Show.
You can also use this quick link page to get to your flavor's security patch and updates page.
For a good review of how Linux is an improvement over other operating systems you may also enjoy this HUMOR article: Granny Picks Linux Over Windows...
Linux is a registered trademark of Linus Torvalds. Windows, Microsoft, WindowsXP are trademarks or registered trademarks of Microsoft Corporation both in the United States and Internationally. All other trademarks or registered trademarks in this article belong to their respective owners.