Linux Mint Forums

Grub wrote:

If you are running Windows in VirtualBox would you install anti virus within that environment?

- if you install Windows in VirtualBox it will never effected your main operating system. In fact you may install many operating system too. It is just as a testing machine so you don't need to worry about the virus attack as it is just within the VirtualBox. For your information, many tech savvy would use it as a test machine to test new os before installing it as a main os. Plus to test it endurance

Hope that this answer will help you

DrHu wrote:

Kaye wrote:The good news is that JavaScript is very easy to avoid! When you first run Firefox, go to Tools -> Add-ons, search for NoScript, and install it. With NoScript, these cross-platform JavaScript attacks will never be able to make it through to your browser. Yay!

And for the browser specifically, the LSO (Local shred object) should be eliminated, Flash magic cookies.
--for that a search on these forums will show how, easy in Linux.

As for removing LSO (sometimes called supercookies) I suggest using a Firefox add on called BetterPrivacy.
You need to go to its options tab and uncheck the always ask option. Otherwise it gets a bit intrusive.
but it does work well to remove LSO cookies.

There's a lot of good discussion in this thread, which I can see has been going for quite a while. I'll just add a few comments.

I've been running Linux on all my home machines for several years now. I've never installed AV and never had a problem. I work in the IT security field, and several times I've been challenged by managers or auditors who demand to know how I can possibly run Linux servers without AV on them. Now, there are perfectly good reasons in some cases for wanting to run AV on a Linux server - if it's a mail server that Windows clients will be downloading attachments from, for instance. But trying to keep the server itself from becoming infected is not generally one of them.

This demand for AV on everything (not just Linux, I had a manager once demand that we run AV on our HP-UX boxes!) is often the result of a "checklist" mentality, rather than any kind of risk assessment. Sadly the "checklist" mentality is often accompanied by a distrust of free software of any kind, so these folks will usually reject ClamAV and insist on paying Symantec or some other company big bucks for an AV solution. So I have spent some time looking into these "premium" AV suites for Linux. Even in their marketing materials, they are pretty hard-pressed to come up with examples of the kinds of Linux malware they can defend against. One of them (Symantec or McAffee, can't remember) was touting something from 2002 last time I checked.

My point is this... when considering AV on Linux, if you're trying to protect Windows machines who will get files from you, this is a great thing to do. You're helping out your OS-disadvantaged friends. But if you're worried about Linux viruses, ask the vendor how many signatures they actually have for *Linux* malware. I'm guessing there ain't much. : )

This is not to say that Linux boxes don't get hacked, however... they do! But it's generally not by the kind of widespread, automated attack that plagues the Windows world. Just keep your software up to date, use root only when necessary, and think *long and hard* before opening up any service ports to the public net. You'd be surprised how many bots will come around trying to guess your SSH passwords!

wow...i'm a newbie here, thanks kaye... your post is very helpful and informative!

Kaye,

Thanks for the posting. Very helpful to this newbie.

Dougzak

mruss, about this:

think *long and hard* before opening up any service ports to the public net. You'd be surprised how many bots will come around trying to guess your SSH passwords!

Would you happen to have a couple of decent links handy that have solid information where I can find out more about this? Both in regards to how to decide to allow what for what ports, and in regards to how to actually enforce that decision.

Thanks,

Matt

Very well written and stright to the point. I really like this thread. Keep helping newbies understand linux, we really appreciate it.

Rifferation：

Let me mention it: Recovery disks usually don't recognize hard drives that have been completely modified; you may like to play the "safe side" sometimes, that's understandable.
I have tried out JFS and Ext4, but now I prefer running under JFS.

I have some things i have to point out here:

1. I just want to point this, even if virus isnt very often is as much as around 10% of unix based computers(In Asia) infected! Think about all the new viruses that is being programmed just because of Android(That is linux if im not completely wrong)

2. And how can you know if a program you install here are doing something bad or not? It could be "virus"(trojan) in the program code e.g+++

3. As i pointed is 10% of unix based computers in asia infected(Only 1% or less than that of all computers ofcourse) but since Ubuntu now are a big hit in China/Taiwan(Most of asia) since they struggle badly with Virus infection and attacks(when i was in thailand they said on the news that around 80% of the computers in south-east asia where infected with malicious software!!)

And think about all that worms, trojans, trojanworms ++ that are spreading from them to the west and back(Soon 100% of windows computers will be infected) Specially now with the new "Supervirus/malicius software" Called «Duqu» (Read more about it at
https://www.securelist.com/en/blog /667/The_Mystery_of_the_Duqu_Framework )

Do some of you have a guide to how to find out that you not are hacked the hell out of(When you really are? Because when you are you cant see it, at least not very easy, specially now when more and more do so you connect up on a Remote Desktop that is a true copy of yours) It will say you connect trough the server, back to your computer/network and for a while maybe you can feel the computer struggles since it upload your computer to a remote destination, and everytime you log in to internet(It will say physically, since virtually you can still be connected) Of course this will use much more data to start with, but after your computer have been completly rainbows you can think about your computer as a server(One of a big network) with all services.

This is at least possible with windows, it seems maybe a little hash, but trust me it is more than possibly, it is the new way of doing it. The attacker will have completly full control, and you have no chance of finding it out(Only if you log the network activities with the router to an server or something) But this way if you install lets say ubuntu from Windows, they can really make you think you are installing it(And you really are, just not quite the way you want) "anyting is never as it seems" could be the scenario here. This is more and more possible now with fibreoptic(100mb/s up and down everywhere) SSD disks, 32gb ram, The technology is litterraly growing to fast for the software.. And we have tried this scenario on our self on lan though, and it seemed frightning realistic, just have some problems with the interface to graphic, but if you spend 100-200.000$ and on some cheap(on and with) but good programmers in asia this is a possibility.. So think about the goverment that spend that much on pencils in week on every damn school in the budget When the 5% with all the money understand that computers are power, it will become really deangorus on the internet) Remember this is 50% hypothetical, but it is possible to do with a few computers if it is a targeted attack that goes over months!

I wont go as far to mean that is something you need to worry about, at least not yet(but in some years).. Before we tried it i never tought it will work without

I just Love linux becouse of these options... :

Thanks have just installed the Noscript addon

Someone should at least remove the résumé from the initial posting in order to avoid serious harm.

Linux file systems will mostly fragment over time, maybe not much though. (Anyway, Windows has had automated defragging for years now, so maybe defragmenting tools are even more important than on Windows. )

And Linux needs malware checkers like ClamAV, and be it only for shared networks with Windows users in it. While it is true that it is - compared to being exploited - unlikely to get an actually dangerous Linux virus unless you do stupid things (like surfing as root), your machine should be safe to the outside too.

Very good post. Thank you. I envision thousands now and in our future learning of your efforts.

Would backing up the partition and restoring it be a means to remedy fragmentation (using clonezilla)?

ddurdle wrote:Would backing up the partition and restoring it be a means to remedy fragmentation (using clonezilla)?

No. You don't remedy fragmentation under Linux as it is by design. The first post in this thread explains this.

dagon wrote:

ddurdle wrote:Would backing up the partition and restoring it be a means to remedy fragmentation (using clonezilla)?

No. You don't remedy fragmentation under Linux as it is by design. The first post in this thread explains this.

Yes, it starts with that but it also then goes on and states:

"linuxviolin made a good point in response to this thread. All filesystems (even ext3) will fragment after enough use and could eventually need defragmenting. Although this defragging would be very occasional, and not something you would have to worry about when starting out on Linux, it may want to be something you consider in the future"

So what "eventually need defragmenting" method is recommended for that "very occasional" use case.

Then I don't think cloning would work. I think it basically would recreate the fragmented drive like it was.
(Not that I ever use Clonezilla though (I probably should...))

dagon wrote:Then I don't think cloning would work. I think it basically would recreate the fragmented drive like it was.
(Not that I ever use Clonezilla though (I probably should...))

I guess rsync would be the candidate if anyone ever runs into a situation requiring defragmentation on linux. I would have never suspected simply rsyncing the / file system would work. But I recently reviewed a few articles discussing easy ways of converting your existing linux install to include LUKS. But of course, you need to take care of setting up the boot up after rsync, but it'd still be relatively painless way of defragging

Modern Operating Systems defrag in the background without any user interaction necesarry. My windows 7 system has been running for a few years without me ever having to initiate defrag.

Thanks a lot for the info