Peppermint OS

General => General Discussion => Topic started by: robertsala on September 26, 2014, 06:41:15 am

Title: AIO Security(Firewall, Antivirus, etc.)
Post by: robertsala on September 26, 2014, 06:41:15 am
Hi guys,

I was wondering what some of you have installed as a firewall, antivirus, malware, etc. app. Perhaps an AIO if possible. Thanks!
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: PCNetSpec on September 26, 2014, 07:33:11 am
On a Linux desktop .. Nothing  .. no seriously, nothing.

On my VPS, I use firehol as a firewall to block incoming connections on all ports except the webserver and openvpn .. everything else is only accessible via a certificate authenticated VPN tunnel .. but that's CLI not GUI.

If your desktop is behind a NAT router you don't require a firewall (but if you want a GUI firewall install gufw) .. as for AV and anti-malware, IMHO unless you're running something like a mail server that serves Windows PC's (where you might want to scan for Windows viruses to protect Windows users) there's currently no need for AV in Linux.

Anyone that tells you differently either
a) doesn't know what he's talking about
b) works in the AV industry, or has some other ulterior motive
c) has never used Linux, and doesn't understand it's security model
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: VinDSL on September 26, 2014, 08:37:38 am
Agreed!  IMO you can't beat NAT with DMZ (http://en.wikipedia.org/wiki/DMZ_(computing)) on a small SOHO LAN...

That said, I do install avast! (http://www.avast.com/en-us/linux-server-antivirus) on machines where I'm dealing directly with winders users.

This is to protect THEM, not ME.   Well, I guess it's to protect me, too, is some obtuse way. It's not a good idea to pass along malware to litigious people (attorneys, corporations, the feds, etc.)  even if it is accidental.

It's sort of a 'special need' situation though -- I don't want to be sued or go to jail -- that's all.   8)

If you want to install avast! for some reason, you'll need to adjust your SHM blocks.  Ubu has always set the 'kernel.shmmax block' too low.  Why?!?  I dunno.

I wrote a short HOWTO (http://ubuntuforums.org/showthread.php?t=1442189&page=2&p=10426480#post10426480), a while back, explaining how to do this, if you're interested.



 
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: PCNetSpec on September 26, 2014, 09:03:35 am
Do you often send unknown windows executables to the feds ?
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: VinDSL on September 26, 2014, 09:24:27 am
Do you often send unknown windows executables to the feds etc. ?

No, not knowingly. But if I were to send them one unknowingly -- cleverly disguised by some perp -- I'd be the one to take the hit.  They don't care about your 'excuses', here in America.  The saying goes, "Ignorance is no excuse" blah, blah, blah.

When I'm on the road, I need to rely on WiFi in airports, hotel rooms, conference rooms, and all the rest of it.

When I'm dealing with the feds, I'm required to use a 'guest' account with NO encyption, inside their buildings.  I know you think this is bull, but it's true.  I can see everyone's machine in the building, from clerks to judges, and they can see me.  Who the hell knows what we're passing back n' forth, you know?  Or, what the guy across the street, in the high-rise parking lot is doing...

Anyway, like I said, it's a 'special' need.

I don't know what the OPs situation is, but if he's dealing with the type of people and LANs I'm required to use (on the trot) he might want to consider checking the files he's sending out to winders users for malware.   :D
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: PCNetSpec on September 26, 2014, 09:38:30 am
And here was I thinking you were the originator of all the claim_your_prize.scr files :)

I'm not sure they'd be able to stand in court and say .. he got us because we don't run our own AV, and he forced us accept mail from his mail server at gunpoint  :o .. they don't HAVE to pick up their email, it's a choice THEY make, not the sender.
(that said, your courts are often as bonkers as ours)
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: VinDSL on September 26, 2014, 10:28:49 am
Hahahaha!

Do you remember the time I was staying in a four-start hotel in Houston, and couldn't connect to their hi-tech AT&T WiFi from inside my room?  I could connect to the WiFi in the conf rooms, lobby, pool, et cetera but not from my room.

I ended up having to reinstall the kernel using a hardwire connection -- then, the WiFi in my room magically started working.

I've often wondered about that...   8)

Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: rjm65 on September 26, 2014, 10:52:52 am
I ended up having to reinstall the kernel using a hardwire connection -- then, the WiFi in my room magically started working.

I've often wondered about that...   8)
Hey you don't suppose it was, ahhh  Gremlins?
http://youtu.be/zzmS2oDMPc0 (http://youtu.be/zzmS2oDMPc0)
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: PCNetSpec on September 26, 2014, 11:07:21 am
Yup,  I do indeed remember .. twoz an odd one that  :-\
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: VinDSL on September 26, 2014, 11:23:43 am
Hey you don't suppose it was, ahhh  Gremlins?

Heh!

Probably more like this...

http://www.youtube.com/watch?v=UBT5r7fUQVE
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: perknh on April 23, 2015, 04:17:41 am
On a Linux desktop .. Nothing  .. no seriously, nothing.

...

Anyone that tells you differently either
a) doesn't know what he's talking about
b) works in the AV industry, or has some other ulterior motive
c) has never used Linux, and doesn't understand it's security model

@PCNetSpec

Hello PCNetSpec,
 
Concerning malware, is what Matthew Moore saying here, in this YouTube video, baloney, or is what he is saying here possible?

The malware discussion begins about 2:30 minutes into the video.  Please don't watch the entire video.  I'm not trying to waste anybody's time here.  Matthew Moore is trying to demonstrate here that a program on his computer, within his Arch Linux installation, contains malware.  He then runs a command and removes the malware.

Matthew Moore does have an antivirus program installed.

Thank you,

perknh

Code: [Select]
https://www.youtube.com/watch?v=y_lhqg_p21k&feature=em-uploademail
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: PCNetSpec on April 23, 2015, 05:50:44 am
Nope but then at no point have I said that Linux viruses and malware are impossible

I've said "if you stick to getting software from known trusted sources such as the deafult repos, you're HIGHLY unlikely to ever install any malware/viruses"

As everyone gets their software from the same place all the code that makes it into the repos (and being open source) has a "lot of eyes" on it.

And any virus/malware would have an extremely short life as it would quickly be discovered and eliminated from the software distribution channels.

and Linux defaullt policy of disabling the execute bit of any incoming software would stop the spread of anything that that was installed by the most naive of idiots (though it obviously won't protect him from re-enabling it and loosing all his own data) .. but than no AV is going to stop you disabling it either)

Be smart, and there's no need for AV or anti malware in Linux .. be stupid, and AV isn't going to protect you.

Linux has effective policies in place that (though they DO NOT mean viruses are impossible) mean they are unlikely to propogate or do any real damage.

The program he mentioned, is highly likely to have come from an untrusted source .. we're also being asked to believe that just because sophos flags something it's definitely so, so the guy has never heard of false positives from heuristic scans ?, or that sophos have a vested interest in reporting anything that just seems "out of the ordinary".
It's also likely to be running in user space, so may do something like "phone home" whilst in use, but it's unikely it's going to infect the system as a whole or permanently unless expressly given permission to.

I totlally agree with the guy .. a lot of people spread the word that Linux viruses are IMPOSSIBLE .. they are NOT
But that doesn't change the fact that unless you're stupid you're so unlikely to ever come across one as to make AV pointless (in fact IIRC didn't Kaspersky have a problem where their servers were hacked and the AV itself was infected for a short while)

There was NOWHERE near enough info in that video to mean anything
a) do I trust sophos
b) was it a heuristic scan, and a false positive .. or was it a database match, and who's database
c) where did the software come from
d) what exactly is being classed as a "trojan"
e) what exactly did the "trojan" do, and more importantly HOW
f) what was done to remove it
g) a ton of other questions that were glossed over in an attempt to make his position seem valid

how the f**k did "sophos told me sommat was amiss" become acceptable proof of anything ?

Not a singled one of these scaremongerers can offer up an effective explanation why we're all not infected .. and give no real proof of anything beyond "sophos says so" ..yet this dude is bitching about "misinformation"

I see ZERO reason to throw my trust in with, and delegate responsibility to AV companies who peddle closed source software (where I have no way of knowing what it contains or how it works, yet am asked to "just trust") and have a vested interest in (and have been shown to be) spreading self serving propaganda .. in deference of my own responsible behaviour.

Linux is AS VIRUS PROOF as an AV is going to make it .. in fact WAY more so .. otherwise we'd all be infected wouldn't we, after all we're all getting our software from the same source .. AND YET......

Seriously I'm no longer responding to these kind of posts .. I've said my bit .. people can believe me or not

Jeez .. that was one cunning a** piece of malware don't you think .. it stopped the aplication from working .. nobody would ever spot that, it could sit in the default repos undiscovered for years <-- serious sarcasm in case you missed it

I short:- Is he a liar, NO .. is he a misinformation and FUD spreader who's after click bait, OF COURSE HE IS but then you knew that right ?
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: mac on April 23, 2015, 06:08:10 am
People will believe you, Mark, because, unlike the "scaremongerers," you have a proven track record, you back up your information and, most of all, you "hang out" with me.     :D 8) ;)
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: PCNetSpec on April 23, 2015, 06:11:09 am
See, what more proof can you ask for .. I'M WITH MAC :)
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: rjm65 on April 23, 2015, 07:10:04 am
And we all know mac is bulletproof just like linux...   LOL   :P
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: PCNetSpec on April 23, 2015, 07:39:38 am
Why do you think I'm hiding behind him .. mac is the only thing tougher than Chuck Norris beard :)
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: PCNetSpec on April 23, 2015, 08:59:45 am
Sorry perknh .. nothing personal meant mate, just a favourite ranting topic of mine ;)
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: perknh on April 23, 2015, 09:44:47 am
Thank you, PCNetSpec,

My wife and I used unsecured P4 for about a year without anything other than a great experience.  In fact, it was P4 that made us both Peppermint Linux OS lovers.
 
I've decided to unsubscribe to Matthew Moore's videos.  I beginning to think that video might be one of the first public clues that there is a little business spat going on between Michael Moore and Spatry, and that this business spat is being shown in the guise of sharing useful information.  I didn't want you to watch the entire thing, but there were a few digs at Spatry in that video, and I'm quite sure the two were business partners at one time.  I wouldn't be surprised if that project they had going --an alternative to DistroWatch -- might be falling apart at the seems.  Hey, who even remembers it?

What happened was I received that video last night and I brought it to you this morning precisely because of your integrity and definitely NOT to question it!

PCNetSpec, your answer was very informative, and will help keep this thread alive, and certainly will a lot of confused people down the road.  I spoke with Mac yesterday about being both dazzled and baffled within the world of Linux.  That video was a good example of how one can become baffled with bull____ while not being 100% certain how to relieve the information.  (I didn't realize I'd find such a good example of such bewilderment so quicky to share!)

I think I'll be sticking with Spatry on YouTube.  Besides, on one of his old Peppermint videos, Spatry ended the video by saying he believed he had found a winner here with Peppermint Linux OS. 

And, of course, Spatry was right about that!  ;)

Thank you,

perknh
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: PCNetSpec on April 23, 2015, 10:23:38 am
OK further info...

The "Imagination" (a lightweight DVD slideshow maker using GTK+2) software is in the default repos .. this is the same software that he's talking about in his video (see the tooltip as he attempts to start the software from his dockbar..

So I thought it'd be interesting to test his claim against a copy from a known trusted source.

I've downloaded and installed sophos 9.9

I installed imagination

Starting Imagination it fires up without issue

checking the /var/tmp/imagination directory .. well with imagination runniing /var/tmp is empty

full system scan with sophos .. nothing

strace also showed no forked child processes.

I'd say my suspicions are right, the guy has probably specifically hunted for some infected software from a totally nefarious source to help prove a warped point .. and I don't for one minute think he got the source code to "rebuild it" from the actual authors.

If I were the authors of imagination I'd be seriously pi**esd off at this and someone should point it out to them and allow them to respond.



I think this closes the matter ?

Installing imagination from a known and trusted source was 100% safe (even according to sophos) ::0

It would not be in the repos if it were known to contain malware .. it would be spotted REALLY quickly , and if it were added by the authors the package would likely never make it in again .. remember, ALL the packages in the default repositories were when they were submitted and are still open to code review and have a lot of eyes on them.



Full system scan results from sophos 9.9 whilst imagination was running:-
Code: [Select]
mark@AA1-Blue /opt/sophos-av/bin $ sudo savscan /
SAVScan virus detection utility
Version 5.12.0 [Linux/Intel]
Virus data version 5.13, March 2015
Includes detection for 8899461 viruses, Trojans and worms
Copyright (c) 1989-2015 Sophos Limited. All rights reserved.

System time 18:30:31, System date 23 April 2015

Quick Scanning

Could not open /home/mark/.config/pulse/96bb382fb2353661ffc6b66455208483-runtime
Could not open /var/run/user/1000/gvfs
Could not open /usr/lib/firefox/hyphenation
Could not open /usr/share/doc/python-jinja2/html

23878 files scanned in 14 minutes and 6 seconds.
4 errors were encountered.
No viruses were discovered.
End of Scan.
Point proven .. now to remove sophos, though I might take a look at imagination :)
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: rjm65 on April 23, 2015, 11:16:24 am
so why has nobody commented these facts, and tell this guy what an idiot he is...  after watching if for just a few minutes, i can see he is a complete moron?
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: perknh on April 23, 2015, 11:46:20 am
Quote
I'd say my suspicions are right, the guy has probably specifically hunted for some infected software from a totally nefarious source to help prove a warped point .. and I don't for one minute think he got the source code to "rebuild it" from the actual authors. --PCNetSpec

Yes, that makes sense.

Quote
Point proven .. now to remove sophos, though I might take a look at imagination :) --PCNetSpec

And I just removed Matthew Moore's videos from my email subscriptions!  He appears to be up to no good against somebody or something.  Why?  I don't know.

Quote
so why has nobody commented these facts...rjm65

With the help of PCNetSpec, in particular, and Peppermint forum, at large, I needed help sorting truth from fiction regarding the heaps of material this fellow has been generating.  What I saw last night in that video didn't sit right with me, but I couldn't quite put my finger on what information being conveyed was wrong.

Anyway, case solved!  As far as we're concerned, thanks to the good detective work of PCNetSpec, a mystery has been solved for us here today within Peppermint forum!  :)

Thank you,

perknh

Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: PCNetSpec on April 23, 2015, 03:11:31 pm
:) :) :) YES, Linuxmafia.com is back (including "Rick's Rants") :) :) :)

Here's what I have always pointed people at that ask about Linux and viruses

It's been offline for about a year now, Rick said linuxmafia would be back eventually (once he sorted his server issues) and I'm seriously happy it is

Anyway, this says it like it is .. a bit long and old, but  applies as much today as when it was authored.

WANNA KNOW ABOUT LINUX AND VIRUSES, HERE'S WHAT TO READ

Rick's Rants .. enjoy:
http://linuxmafia.com/~rick/faq/?page=virus (http://linuxmafia.com/~rick/faq/?page=virus)



And just for completeness .. here's the other link I've always pointed people at (not as concise as Rick's Rants though)
http://www.caribyte.com/articles/short_life_hard_times_of_linux_virus (http://www.caribyte.com/articles/short_life_hard_times_of_linux_virus)
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: perknh on April 23, 2015, 04:02:33 pm
It's a great read, and a fun one too!  :)

Thank you, PCNetSpec!
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: PCNetSpec on April 23, 2015, 04:13:12 pm
No problem, you're most welcome :)
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: AndyInMokum on April 24, 2015, 04:21:59 pm
Hi perknh, I had a look at the video you mentioned. 
Code: [Select]
https://youtu.be/y_lhqg_p21k This bloke has no concept of the scientific analytical process.  I admit I couldn't get too far past his blatant plug for Sophos computer security and antivirus software.  Watching him scratch his face and fiddle with his nose every 10 seconds was making me itch too.  After reading all the sycophantic replies, I felt it was time someone asked some home truths and rattled his annoying self satisfied smugness. This is what I posted: 
Quote
I have to question the validity of your malware test.  The whole test process is flawed. I have to ask where did you get the infected software from?  I seriously doubt it was from an official repository.  The video indicates that the alleged piece of malware causes Imagination not to launch. I'm sure if software with such a huge flaw was in an official repository, it would have been noticed and reported.  Why should we trust a piece of proprietary software like Sophos?  We are unable to see its source code.  What do they not want us to see?  The video doesn't show Sophos being tested against the results from other AV software.  The accuracy and reliability of Sophos is based solely on a test on a piece of software with questionable origins and your opinion. Where is the control test and what are the specifications of the the control?  What was the alleged trojan? What was it supposed to do and how was going to do it?  If malware is so prevalent in Linux systems as this video implies.  Why is it not the main topic of discussion in every Linux forum on the planet?  Your whole argument appears to lack the basic information and the processes needed to validate the results of the test.  I see nothing conclusive based on the information presented in this video.

Here's his reply, (I don't think we're ever going to be friends  ;D).
Quote
It was in the Temp directory for that program. So obviously it came from a file opened by that program.  And i don't subscribe to this concept that OpenSource means it's better, or Closed source means it's worse. Anybody that registers for a Dev program can see the source code. So who the hell cares?  This whole debate of Proprietary vs. Open, Free, and Non-Free. It's just politics as far as i'm concerned.  OS X is by reputation the most locked down platform in the industry. As a registered OS X developer, I can see any part of the code i want. OpenSource allows the general public to see the code. For the most part, the people that actually know what they are looking at, are Developers. and the developers can see the code regardless of what the software's political status is. Things like HeartBleed, and the glibc exploit that are both over a decade old prove that The ability of the OpenSource community to find issues in the system is no better then anyone else. Software is Software no matter how you try to define it. It's all the same.
As you can see, he's unable to answer simple questions.  Instead he just harps on about political differences between Open source and Closed source with a little bit of OSX thrown in for good measure.  His whole argument is based on his own unsubstantiated opinions.  He says absolutely nothing of relevance in regards to answering my questions.  As far as I can see, he's in love with the sound of his own voice.  It's garbage and misinformation like this that deters an already nervous public from using the Linux desktop.  That's my rant for the weekend  ;)!!
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: mac on April 24, 2015, 04:45:17 pm
Kudos, Andy  ;)
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: AndyInMokum on April 24, 2015, 04:54:24 pm
Kudos, Andy  ;)

Cheers mac someone had to say something in reply to the guff this bloke is spouting  ;D!!
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: perknh on April 24, 2015, 05:38:12 pm
Hello AndyInMokum,

I have to thank you and PCNetSpec for all the help you have given me here.  PCNetSpec has proven that Matthew Moore's conclusions are invalid.  And, you took the time to ask him some important questions about his testing methods.  Matthew Moore either could not answer these questions, or his answers were a form of deflection --a way of refusing to answer your very legitimate questions.

No matter how you cut it, there's something very fishy about Matthew Moore's Linux and malware argument.

PCNetSpec and AndyInMokum, thank you for taking the time to explore this issue.  I'm so glad I asked that question yesterday, and I am more convinced than ever that Linux, and the more limited BSD-like OSes, are the safest OSes in existence.

(And, now, after reading you, AndyInMokum, I believe I should installed Firefox tonight from our repository, and not from running the terminal command sudo apt-get install firefox! But, something tells me, I didn't take too much of a risk installing Firefox through P6's terminal --but, you know, I should have used our software manager.  That's what it's there for!)

Thank you so much,

perknh
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: mac on April 24, 2015, 06:16:46 pm
I should have used our software manager...

Six of one / half-dozen of the other there perknh.  Software Manager (like Synaptic) is, as I understand it, essentially a GUI front end for apt.   Installing from command line or package manager shouldn't make any difference unless you run into some kind of dependency nightmare which, installing from the default repositories, would be rare.   So, type away or click away with confidence  ;)
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: PCNetSpec on April 24, 2015, 06:29:57 pm
There's just so much wrong in his response that  I can't be bothered .. suffice to say it's not only deflective, but is as full of inaccuracies as his original comments on Linux and malware.

Quote
As a registered OS X developer, I can see any part of the code i want.

(https://dl.dropboxusercontent.com/u/11876059/roflmao.gif)
(stop it, it hurts)



@ perknh

When using the terminal commands "apt-get" or "apt install", you are still getting the software from the same repositories as using synaptic or the software manager, both of which are just GUI front ends for apt anyway ;)
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: perknh on April 24, 2015, 07:07:08 pm
Hello mac and PCNetSpec,

It never dawned on me to look at software managers like that.  But that makes an awful lot of sense to me.  In fact, when I want to remove something, I often go to Synaptic to see what the program is called so I can remove and purge it correctly from the terminal.  So, if I reverse that idea, we have what you guys, including AndyInMokum, are saying --tried, true, and tested commands, codified into a manager.  Yes! ;)

So, I just went to Synaptic to look up Firefox browser -- and that's exactly what I installed, and hopefully without all the added baloney Synaptic likes to give me during an installation too!

And, yes, here's no question about it:  AndyInMokum deserves heaps of credit tonight.

Thank you all -- mac, PCNetSpec, rmj65, and AndyInMokum. 

This was conceptual blockbusting and genuine Linux mythbusting done at its best!  :)

Thank you, 

perknh
Title: Re: AIO Security(Firewall, Antivirus, etc.)
Post by: AndyInMokum on April 24, 2015, 10:13:29 pm
Quote
As a registered OS X developer, I can see any part of the code i want.
That was the best part of the whole response - a real rip-roarer   :D.  It could only have been topped, if he made the claim he advises Tim Cook.  This bloke is the very definition of a, "buffoon"  ;).