Nearly everyday, I'm told that users of Linux distros don't need to worry about malware on their computers. After all, many newer users rationalize that since most malware targets Windows, securing a Linux based workstation is a non-issue.
My response to these individuals is that anything that executes code is potentially in danger from malware of one form or another. Realizing this, I thought it might be interesting to look at how the threat of malware and other security issues might be something Ubuntu users should be more aware of.
It begins with unknown commands
I consider anything that threatens my PC’s stability and/or security to be a potential threat. With this in mind, I submit that even a simple line of code is a security threat.
In the hands of knowledgeable users, on the other hand, this same line of code is considered a tool for accomplishing a task. As with any operating system, how the code is used and the context it's presented in will dictate whether it's a threat.
The same code I linked to above, presented to a newbie Ubuntu user, could spell real trouble. Without thinking, a newbie tends to punch in their password without a second thought.
This in turn leads to a whirlwind of opportunity for newer Ubuntu users to get themselves in trouble. Worse, as things stand now, there is nothing out there except experience that prevents newbies from making code execution mistakes.
While it may not be a big deal yet, wait until it's bundled into an executable file that someone runs. Perhaps then, basic workstation security will be taken a little more seriously.
No IT available
For many companies out there, this is an IT problem. This means that everything is already taken care of, leaving the typical end user to do what they need to do.
Unfortunately, though, there are a multitude of companies, that may not have the luxury of ongoing support. Perhaps it's a two-person company and they're using Ubuntu to save on licensing costs? They could literally be running the entire enterprise from a book and a little bit of knowhow. We like to think this isn't happening, however in these economic times, people are cutting back and that means more are doing it themselves without help from an IT department.
For companies and uses in this kind of situation, below I’m offering my recommended list of security software options that are easy to use and reasonably effective. In this list, I will focus primarily on Ubuntu software that works best for workstation users.
Ask any experienced Linux enthusiast and chances are they will laugh at you if you inquire about running an antivirus on your workstation.
Why? Because at this time, there really isn't enough of an immediate threat to cause anyone to install this kind of security software. The very idea seems really silly to many people.
Now here's the reality check: Running decent antivirus software makes a lot of sense if you interact with Windows computers, especially when sending files back and forth. Just because Windows malware isn't going to affect your Linux workstation doesn't mean that you can't accidentally share something that might harm someone else.
One of my all-time favorite examples was discovering an infected file on my own system. Even though it posed no threat to me, it was still possible that I could have shared it with a PC, which would have been affected. This left me with two choices. Forget about it and assume this will never be a problem, or instead, install a simple-to-use antivirus software solution to keep the system clean.
I have used a lot of antivirus software programs on Linux over the years. And on Ubuntu specifically, I've found that these programs are generally the best all-around performers.
ClamAV/ClamTK: With both of the Clam antivirus options here, you'll be working with open source software. ClamAV offers reliable CLI antivirus control while ClamTK allows GTK users to enjoy the same functionality with a fairly simple user interface. Scan specific locations, or setup scanning on a schedule is easy to do as well.
The downside to both Clam antivirus options is that updating the GUI and the engine isn't happening via your repository updates on Ubuntu. And all ClamTK will do is alert you to something being out of date, so you'll have to update it manually. If I was going to use Clam antivirus, I'd lean toward the CLI ClamAV with its switches and options.
Bitdefender for Unices (Unix/Linux): Unlike the free, open source option above, Bitdefender isn't for everyone. However, Bitdefender provides outstanding antivirus/anti-malware software.
While I'm not a huge fan of setting myself up for a sales call when downloading the app, it makes sense as this is an enterprise tool offered as trialware. Unfortunately, merely trying to get to the software itself is a royal pain. I followed up with the web form, yet I am still waiting to see the download links. Very disappointing.
I cringe at the thought of this, but I wonder if Bitdefender is actually sending out these emails manually? If so, they are most definitely losing potential leads. Even if it's an issue with my own mail server, I should have been presented with a download link immediately after completing the form. This is customer lead generation 101.
The touted feature set includes tight desktop integration, archive and mailbox scanning. Even though I wasn't able to try out the latest version, I was impressed that Bitdefender offers an app, scheduled software and definition updates. Bitdefender is compatible with both 32-bit and 64-bit Linux distributions.
Avast! Antivirus: Avast is offering their software in the right way. I can immediately download and install it. With regard to functionality, it's on par with Bitdefender. When I installed it on my 64-bit PC, it installed using Gdebi without any issues whatsoever.
After running the definitions update, the software gave me an error and asked to close. When I tried to restart Avast, I received yet another error message. The message I've been dealing with was "can not initialize avast! engine: Invalid argument." After a bit of poking around, I got it working by tweaking a kernel variable. I did my troubleshooting by running Avast in the CLI.
As root (not sudo), I entered this into the terminal:
echo 128000000 >/proc/sys/kernel/shmmax
Now the next hurdle was to discover that Avast wants to me seek out a license key. Unlike Bitdefender though, this release of Avast isn't trialware. So asking me to fill out a form and then wait for 20 minutes is just stupid. Finally, the registration code arrived and I was able to get everything registered.
From the Unity dash, I launched Avast. I was again asked for my registration code. I entered it and I was finally ready to use the software. Unlike ClamTK/ClamAV, Avast doesn't offer scheduled scanning. Instead, you can only schedule virus definition updates. On the plus side, I've "heard" that Avast does a little better with malware and rootkits, than other programs. So for that reason, I find myself leaning with Avast more than other programs.
Now that we have had a look at handling malware, it's time to think about more Linux specific security concerns.
On any Linux distribution, including Ubuntu, your firewall needs are going to be handled differently than you might be used to on Windows. To take the sting out of this – and assuming that firewall protection for the Ubuntu workstation takes place exclusively at the local level – I recommend using GUFW.
Using Ubuntu's firewall tool, known as "uncomplicated firewall" or UFW, the GUFW application adds a nice user interface to UFW for newbies. Adding or removing ports for specific applications is brain-dead easy with this software. Even better, you can go to advanced mode and handle specific ports over varied protocols.
File sharing considerations
Another area to be wary of is file sharing. Many of us, might be tempted to simply run with Samba shares and let our data flow freely between PCs. This is a bit messy and potentially puts your system at risk.
Instead, I recommending sharing folders over OpenSSH. And when using SSH, do not rely on SSH passwords for protection. Regardless of which port you setup for SSH, you will be hit all day long by brute force password attacks.
I recommend going with a RSA key instead. It's also worthwhile, in my opinion, to disable "PermitRoot" and run SSH on a non-default port. All of these things together will help to "harden" your SSH security.
Updates and encryption
Two other items on my basic security list are keeping your workstation updated with the latest updates, and if you like, encryption for sensitive data.
The updates, are fairly obvious _ when Ubuntu prompts you to update security updates, do so. As for the encryption, I recommend reading up on encfs for folder encryption and GPG encryption for email. Neither of these two options are a "must do," however they do offer you privacy from prying eyes.
And last but not least, if you're visiting a coffee shop or perhaps browsing on a public wi-fi network, I recommend looking into Tor for browsing privacy. Because software is readily available that lets other users snoop on what you're doing online, even your login details for various sites, privacy matters.
To be clear, this isn't a replacement for https on websites for banking or other sensitive matters. Instead, Tor merely offers you a means of adding a layer of privacy on the data being sent into the Tor network.
If the Tor installation you're using is only for coffeeshop web browsing, I recommend the Tor configured release of Firefox. It's ready to go out of the box and dead simple to use. If you need better protection, then you might look into OpenVPN instead.