So I’m a novice Ubuntu user and I’m trying to put together a list of things to do that are generally recommended to do to avoid unwanted or suspicious software, viruses, malware, spyware. You get the picture.
A sort of best practice I suppose.
Note that specifically, In this case, I am using Ubuntu 20.04 LTS, though I do have a win 10 VM so this makes much of the content is universal.
Now primarily this is what I’m already doing.
Not using the same password twice.
Don’t download or install, outdated software or if it has very little credibility,
(Do some research on the repository or software you are downloading)
I try not to download from repositories that haven’t been updated in the past few months unless I know the repo to be “trustworthy”.
The same applies to WEB links and Emails.
(You can use the little URL viewer at the bottom of the browser to preview the first landing site)
Pray it’s not an automatic redirect.
Connect as few apps as possible to those email accounts.
I Have a separate email system by having an address based on the classification of the use case.
Anti Virus software
On windows there’s the defender system that is built-in and for the most part, you just make sure it’s enabled on some guy’s computer you built and it will probably be fine.
But what about Linux?
This is why this thread exists.
I’m not really familiar with an “Anti-malware solution”.
Is it even necessary?
I suppose I’m going to be doing some research over the next couple of days but I figured that I may as well start this thread so that I could get an insight into what other people who daily drive Linux do to keep their system tidy.
Couple of pointers (from my perspective) to achieve a clean computer.
What you already listed.
Only install software you trust (official repos)
If you have to install something out of repo, inspect it. Do some research about it etc. (opensource projects you can inspect the code, requires some coding knowledge though)
At least check the checksum of a file you are downloading to ensure you are getting what you ordered. Verify the file with the maintainers key(s) if possible.
Don’t copy&paste code into the terminal. And if you do, make sure you are again getting what you ordered. (What is the command that I’m copying? What does “man command” say about the command I’m running?)
Sudo is rarely needed.
Last but not least, think. It’s on your shoulders to not completely scuff your computer so do things that make sense
I’m sure I forgot half of what I’m supposed to say but number three is really important. (Package managers should do this automatically) Cryptocurrency wallets are a good example of this. You want to make sure that no man-in-the-middle attack has happened.
Depends how you use your system? but sudo might be needed a Bunch at specific times, as it is the traditional/older equivalent of the UAC, and I like to view it as a “hold up a second and pay attention now” so I don’t just go willy-nilly changing stuff
There are some AV programs, like ClamAV.
Most people don’t bother, as apps don’t just run, and if one only sources software from trusted sources (repo’s, trusted company websites) then there is much less of a vector.
BUT
Depending on how you share storage with the windows box, you might pass on a file that does not harm Linux, but harms the Win VM.
So might want to scan before opening in Windows.
Everyone has to start somewhere, but if one never starts, one never learns, and it looks like you are not going in blind, Yolo-ing it. Looks like you already know you might have to intensely Google your way out of a problem, which is really encouraging!
Anti virus software is not necessarily needed on GNU/Linux since the attack vector is different. The kind of exploits and malware that attack GNU/Linux is more of the kind that exploits vulnerabilities in outdated software or is based on you manually executing the malicious code. Not running untrusted software and keeping your system up-to-date is the most important aspect to take care off to stay safe on Linux.
However I want to point out that if you run your Linux machine in an environment shared with Windows machines setting up and running ClamAV can have a security advantage e.g. scanning untrusted files you want to transfer from your Linux machine before attaching to a Windows machine is good practice.
Since you did not list using a Firewall I wanted to mention that Ubuntu utilizes the ufw firewall. It is easy to manage compared to other firewalls, but is able to do a great job on desktop or mobile computers. You can install gufw for a graphical frontend.
Id suggest looking into a password manager as this will make your life much easier.
In regards to the OS its self theres one main fundamental you should remember. Keep your system up to date. Its pretty much at the top of the list when it comes to what has the biggest impact in the security of your system.
Other things to consider start to depend on what you use the system for and how strict you need to be (what risks you have).
The general good advice would be to consider what repositories you’re adding to the system. Not because they are necessarily insecure but because the more you add the larger the attack surface is. Repositories do (even if rarely) get compromised sometimes.
Software that hasn’t been updated in months isn’t necessarily insecure or has any issues. it depends. Which is unfortunately the answer for a lot of these considerations outside the core things.
browsers have a lot of tech in them that can help with these issues if you turn them on. Some people dont like that as it generally includes things like URL checks etc. But its something you can look at. We’re also delving in to general security and not specific to the OS (which is fine).
Biggest thing for bowers… Keep them up to date. They are a big target and keeping them updates is one of the best things you can do. ad blockers etc. are also useful though more geared to improving privacy.
I don’t think there’s a huge issue with connecting things to email. The main thing you have to keep in mind with email is phishing attacks, its one of the main methods for people to get malware onto a system or network.
In some cases having a second email for the “junk” accounts is a good idea as you can default to not trusting anything in it.
But a general good piece of advice here is to periodically go through your recent emails and unsubscribe from anything you really don’t need. this doesn’t specifically stop you from being a target of phishing, however it has several indirect benefits.
You will have less clutter, allowing you to more easily manage your emails and identify suspicious emails.
It will be beneficial for your health, less junk is less stress to deal with when opening your email and not having 100 useless messages.
Assuming the companies you were subscribed to remove your data correctly then there’s a smaller footprint for your address and other information, and it may reduce the chances of data being harvested.
The banks give a good though non user friendly bit of advice. If you have an email asking to login to a site like your bank. Go to the site directly and not via any link.
You don’t need to be paranoid about it, but keep your common sense. Why is someone sending you a onedrive link out of the blue? (thats an actual phishing attempt ive dealt with recently in work)
… it depends
For every day use if you’re being sensible, probably not. but that doesn’t make you immune. Linux isn’t ‘secure’ as people like to suggest, its not immune from malware, its not immune from attack, and its weakest point is the user sometimes because of the false sense of security.
Each OS has different issues.
For a simple answer, no, its not necessary (for now), but you need to be sensible with using your computer. running random bash scripts as root because a website says to for installing a cool piece of software (a not uncommon theme for linux users) is a bad idea, yet software for linux still uses this.
If you’re interested in security on Linux in general @anon86748826 and @Pollomoolokki pointed out a couple of good places, uwf for ubuntus firewall and apparmour are two core security solutions used. And two core security solutions that people sometimes turn off to try and work around a poorly designed peice of software. So its an interested place to look if you really want to dig into it (also SELinux on other Linux OS’)
it depends 