With all the talk recently about Ubuntu's use of Dash ad and the various new features offered, I find it interesting that security is virtually being ignored.
This isn't to say that articles about Ubuntu security don't exist, rather that we don't see a lot of articles in the mainstream tech circles talking about Ubuntu security as a topic. In this article, I hope to address this shortcoming.
It amuses me whenever I read someone's comment stating that Linux is bulletproof and how their distribution of Linux is somehow immune to malware threats.
Anyone who has an understanding of how malware is spread realizes that no operating system is completely secure. Where newbies tend to get confused is in how malware affects different desktop platforms.
Windows, for example, has had a long history of battling malware threats. And while today's modern releases are more secure than in years past, malware protection is still generally recommended for most Windows users.
More recently, we've seen a number of security products being developed for Linux and OS X. What makes this completely pointless is that the "threats" these security suites are designed to tackle won't affect Linux based installations.
In short, using an anti-virus scanner in Linux is only useful for protecting dual-boot systems that share files. For example, those added in the occasional shared file via email or Dropbox. Outside of protecting "Windows using co-workers," we're simply not at a point yet where Linux malware on the desktop Linux is the same kind of threat seen on Windows PCs.
However, this doesn't mean that Linux distros are completely safe from other attack vectors.
Security through obscurity isn't enough
With any sort of a Linux virus threat put on hold for the time being, there are still a number of key areas where your Ubuntu installation could be at risk for attack. But unlike other operating systems, malware likely to affect your system is going to come from the Web and not from an infected file.
Yes, there are and have been exceptions to this rule. But usually it's a poorly configured set of security practices that will land a Linux user in trouble.
One of the most common attacks I've seen affect Linux users are phishing attempts. Instead of executing code on your machine, the attacker executes the actions of the end user or target who foolishly gives up critical login information that leads to a hacked account. Sometimes this could be through Facebook apps or even authorized applications on Twitter.
These attacks are easy enough to avoid for advanced Linux users, yet less security savvy folks may want to rely on select browser add-ons to provide an added layer of safety. More on this later in this article.
Another common area of attack comes from not updating your Linux systems to the latest security patches, or simply leaving easy attack vectors such as your browser set to use Java or Flash automatically when prompted. The most dangerous of the two is the Java plugin for your browser, as this articlepoints out.
Thanks to the cross platform friendliness of Java, this is likely to become an increasing security threat to Linux users who aren't paying close attention to their browser configuration.
Good offense begins with a great defense