Rogue Linux distributions aren't something that I tend to put much thought into. After all, considering that Linux distributions make their source code open and transparent, how effective would it be for developers to attempt to include harmful elements?
Yet despite this commonly held belief, it appears that one new Linux distribution wasn't exactly it what claimed to be.
The distribution referred to as anonymous OS wasn't what many of those who downloaded it thought it would be. Those who tried the Ubuntu-based release thought they were going to be testing a distribution centered around personal privacy and remaining anonymous online.
Unfortunately, reports began streaming in that anonymous OS was loaded with malware of various sorts. SourcForge decided to take the project offline, an unusual step. To be fair, the true nature of anonymous OS remains unclear, with mixed reports. Yet a leading security expert was quoted by the BBC as warning, “Folks would be wise to be very cautious.”
So, this begs the question: when should we trust a distribution of Linux and when should we remain guarded about trying something new?
One bad distribution doesn't spoil the bunch
The one thing that is important to remember here is this is the first time I've heard of a Linux distribution of this type having this level of doubt cast over it. This isn't to say that it won't happen again in the future or it hasn't happened in the past. I'm simply pointing out that this isn't generally something that happens, or something that is going to stop people from trying out new Linux distributions.
Desktop Linux distributions have been generally immune from most large scale malware issues. Any exceptions to this statement have been far and few between. Therefore, I don't see any reason why distribution-hopping users would start concerning themselves with the idea of possibly threatening distributions.
A more likely scenario is that these same users will simply avoid politically-charged distributions and stick with Linux releases of a more mainstream nature.
Rethinking Linux security
During the past few days, I've spoken with a few people who are wondering if they should begin rethinking their approach to securing their Linux desktop. My answer is largely the same as it's always been: simply apply commonsense to any distribution or software you use.
If you're interested in installing software onto your Linux distribution, I recommend sticking to the software repositories that come with that distribution. A secondary recommendation, for those who are willing to risk it, is to look for applications via Google Code or SourceForge. Both portals have great stuff. Ubuntu users have also been reporting great success with a site called GetDeb.net, but this isn't a site I personally have a lot of experience with.
If you think it's absurd to worry about where software is installed from, then clearly you must be examining the source code for every application you install. Because Linux distributions, like any OS, can be exploited. And individuals wishing others malicious intent don't care what platform you use. They will wreak havoc using whatever is available to them.
Since there is no way to effectively stop those who will do us harm, the best alternative is to act with wisdom when selecting, using and updating your Linux installations. Remember, if software can execute code, you had better trust the application in its entirety. This idea that some platforms are immune to malicious code is nonsense. Just because Linux isn't the target that Windows is, doesn't make it bulletproof.
To be best protected, use iptables, run an open source anti-virus application, and keep your system updated. By following these simple suggestions, you’ll find that your Linux experience remains a positive one.
Linux and anti-virus software
Since I am sure this will be addressed in the comments later if I don't tackle it now, let me be ultimately clear on why it would be beneficial to use anti-virus software on the Linux desktop.
Unless you live in a magic bubble, and you never send email attachments to non-Linux desktop PCs and/or don't share files with other non-Linux workstations, your system is most defiantly putting non-Linux PCs at risk. This isn't just my opinion, it's a simple matter of reality. While the likelihood of threat is certainly unlikely, the fact that it's possible remains something that should be considered.
One of my favorite examples of this is an infected file that originated on my wife's Mac. The file was shared with my Linux box, and just before it was about to be uploaded to our Windows PC, my automated clamtk scan found the infected file and took care of it. I was actually quite surprised, since I don't run into threats like this very often. What was really fortunate was that I didn't send the file to the new, unprotected Windows PC. It could have created some real headaches.
So, do you need an anti-virus application for your Linux PC? Reread what I wrote above and make the decision that best fits your own circumstances. In other words, the need is specific to your own situation. Also remember, this isn't a statement regarding Linux viruses. It's a statement about Windows viruses you're unknowingly sharing with Windows PCs.
Additional security tips to consider
Previously, I mentioned using iptables to help keep your system secure. Considering that not everyone is probably going to want to roll up their sleeves and do this the hard way, there are some handy front-end options that can make this much less intense. The first option that comes to mind is for the Ubuntu desktop and it's called Gufw. Based on Ubuntu's own adaptation of working with iptables, Gufw allows you to run a simple GTK application that offers you the following functionality:
- Allow/Deny specific ports.
- Allow/Block incoming or outgoing traffic.
- Make changes based on application name or based on port type.
There are also KDE options out there as well, in addition to other enterprise solutions for handling iptables. The takeaway here is that using a firewall on Linux can be as simple or as advanced as you would like it to be. You, the end user, are in the driver's seat. With the simple act of blocking ports, you can help to prevent anything undetected. Obviously, though, a firewall by itself isn't a silver bullet.
A learning experience
Personally, I've found that keeping a close eye on the software I run, along with paying attention to how my home network is configured, allows me to run freely within my various computers throughout my home. This isn't to say that the issue seen with the anonymous OS distribution isn't questionable, but it certainly doesn't affect how I seek out new distributions to try or how I install my software. I think that, more than anything, it reaffirms that security risks sometimes just happen. It's unfortunate, but it's life.
In addition to using a commonsense approach to keeping my PCs safe from malware, I also make it a point to be aware of where the distributions I install are coming from. When I seek out a new Linux distribution to try, I remain vigilant by only downloading ISO images from trusted sources.
After all, the real threat has nothing to do with Linux at all. The single biggest threat to Linux security is sitting in front of the keyboard and monitor. Sadly, there isn't a security suite designed yet that can protect us effectively from ourselves.