Hello and a couple of security questions - Solved! :)

Hello everyone, having just gotten back on cable internet again-I've decided to experiment with Linux after using windows (2000,XP and a little bit of 7) for many years. Having found Zorin recently and dabbled with it some the last day or two on a back up desktop after trying linux mint that wouldn't restart properly (Zorin does just fine!)-I'm planning to put it on my main system but had questions regarding security.

1. When I turned the firewall on, I went to check the 'Shields up' website https://www.grc.com/x/ne.dll?bh0bkyd2 I use to check out various firewalls on my XP system, (found Comodo to be the best for windows). The site reported that the Zorin firewall stealthed the ports but 'pinged' back, how bad is that and is there an easy way to stop it?

2. How do you get ClamTk to work? I know Linux is supposed to be far better than windows in terms of not getting viruses/malware-but I'm paranoid and want at least a decent antivirus on my system.

3. Using Firefox/Opera or another major browser that's compatible-how secure are financial transactions, like e-bay for example? Has anyone had any problems?

Sorry for all the questions-but I'm jumping into a whole new world and don't want to get burned!

Hi,

1. Zorin uses the default Ubuntu based firewall, GUFW:

For full documentation, go here:

https://help.ubuntu.com/community/Gufw

Which should help you configure your firewall as you would have it.

2. Clam AV: http://www.clamav.net/

Clam TK: http://clamtk.sourceforge.net/

You may just want to search for Anti-Virus in the Software Center/re or just search for 'clam' in Synaptic Package Manager (Menu | Sytem Tools | Administration | Synaptic Package Manger) - the search bar is in the middle of the panel that opens near the top.

For a discussion of AV products for Linux:

https://help.ubuntu.com/community/Antivirus

3. Firefox is probably the most secure out there - you should really turn that question on its head and ask 'How secure is it to do financial transactions with e-Bay?'

http://www.theregister.co.uk/2015/04/30 ... cher_says/

Just to add I don't touch internet banking period - I do it all by analog phone!

As for security, always check what is inside a tarball (tar.gz, tar.bz, zip) before running:

viewtopic.php?f=5&t=6076&p=28820&hilit=Blackwolf+ubundows8#p28820

All right, I've made progress with ClamTK, I checked it out in the software manager and found some helpful comments:

-leave this page up<<software center on clamtk
-hit the link for "Developer Web Site"
-firefox should open the clamtk home page, under "Latest news" the latest destro (5.00 as of this post) hit link for "Homepage"
-scroll down to downloads, select your destro and hit link
-hit "Open with (Software Center)" then "ok"
-The open sofware Center page will refresh for the download, hit "install" for new install or "refresh" if you've installed a previous version
-close Software Center page and firefox, open Clamtk and set preferences

following these tips led me here: https://code.google.com/p/clamtk/ EDIT: page now https://github.com/dave-theunsub/clamtk/wiki
and I ended up downloading the one for "Debian or Ubuntu 14/15 DEB"

then I used this tip: Go to terminal and enter: sudo freshclam and this will down load the updates for the antivirus definitions

That got me the latest version of ClamTK ( 5.19 which is newer than what is up at the software center )

I tested it out by scanning a folder containing files I had copied from my previous windows installation that I wanted to save, I got some detections (about 20)
One was a game program I had saved (think it was due to my checking the 'PUP' option-which can nail even innocent programs at times) but the rest were mysterious .dll files I wasn't sure of, so I deleted them all. Not much in terms of real time shielding, but since I don't surf around outside a few trusted sites and youtube, it shouldn't be much of a problem, but this will be good to double check things in case I want to send someone an e-mail attachment, I can double check it to make sure there's nothing in it along for the ride!

As for the firewall issue, my checking out some of the links I was given led me here: https://help.ubuntu.com/community/UFW and I found these instructions:

Note: Security by obscurity may be of very little actual benefit with modern cracker scripts. By default, UFW allows ping requests. You may find you wish to leave (icmp) ping requests enabled to diagnose networking problems.

In order to disable ping (icmp) requests, you need to edit /etc/ufw/before.rules and remove the following lines:

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

or change the "ACCEPT" to "DROP"

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

I found the file mentioned, but how exactly do I edit it?

http://joshua14.homelinux.org/blog/?p=1065

The above explains it much better than I could.

Ok, I'm missing something here-I know that the commands I need to set to are:

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

What I'm missing is exactly how to do that, is that done from the terminal or something else I'm missing?

OK, the file is located here:

/etc/ufw/before.rules

you open the file using 'gedit' - text editor - make sure you make a backup before you start editing.

Great! I went to /etc/ufw/before.rules and tried gedit but it said I didn't have permissions to edit the file. Glancing around on google I found a suggested command line and tried:

sudo -i gedit /etc/ufw/before.rules

That got me in! Then I saved a copy of that file to a flash drive and made the changes to 'DROP', then I saved the newly edited file and rebooted my system. Went back to GRC's 'shields up' and got this test result:

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

Looks like I'm running silent-excellent! Thanks!

This sure isn't windows!

Glad to be of help friend!

[UPDATE] LXF Magazine have produced a 'Hackers Manual 2016' - I picked it up to browse what it states about security:

Vectors that affect both Windows and Linux to be avoided are:

Adobe Flash

Adobe Reader

Java

The only other issue are 'drive-by' hits visiting websites with 'dodgy applets' that get clicked on.

You have been warned!
[Footnote: Chrome42 refuses entry to Adobe Flash - time for some HTML5 - but that too has security issues - a flaw was found where malware can use HTML5 coding to fill up your drive rendering it useless!:

http://gizmodo.com/5987707/thanks-to-ht ... with-trash

http://feross.org/fill-disk/

What is interesting is none of these sites seem to have updated news since the discovery in 2013?]