So lets break it all down:
zenddnez wrote:I am talking about surfing the net
Firefox and its clones are good, but not perfect, but there is little virus threat to linux. Unless you're pathologically stupid, you should run into no trouble using Firefox. There are plugins available to block annoyances like popups. Flash is theoretically a potential threat, if you're pathologically stupid, so you decide if you need to block flash or if you can restrict yourself enough to not download flash video from places you wouldn't tell your grandmother about.
The "potential threat" that exists is that Flash can be written to include a trojan. Java too. And that trojan doesn't need root access to be a nice keylogger or to siphon unencrypted data off your drive, like email passwords or credit card information you type into your bank's website. It doesn't need root access to redirect you to a fake website. So your system may be secure, but your data may not.
Assuming you're pathologically stupid. I'm convinced that it takes this level of stupidity to allow stuff like this to make it to your computer in the first place. The first line of security, the first line of defense, is common sense.
Assuming your end-users don't have common sense, you can force it upon them by a couple of simple methods. You can use your router, or your firewall, or a proxy server, to blacklist unsavory portions of the internet. Or you can blacklist everything and whitelist only that which you want to allow. Or you can use a DNS service to do this for you. Or you can run a "net nanny" on your firewall to monitor where your users visit and then selectively blacklist sites to prevent future access.
running programs from the net and also on the pc without any internet connection
Not sure what "running programs from the net" means to you, but to me this means Java. This means programs, like games, that run in the browser and are loaded as-need across the internet. This is seperate from software available on the internet which can be downloaded, but which then runs locally on your own computer. Which, technically, Java does also. And Java apps can be saved to disc and run locally also. So there is some overlap.
Simple security: only install trustworthy applications from trustworthy repositories using apt-get.
When you start downloading random debs from random websites and installing them, you might find something doesn't work right afterwards.
I am looking for a way that if something goes wrong i can rollback to a previous state of my operating system
You might look into creating and updating regular backups of your system.
One method is to use remastersys to build an installable DVD iso of your entire install so that if needed you can just plop in the dvd, reboot, reinstall, and be back to where you were.
where all software whether affected or not especially affected are only rolled back to their previous state with all the files wheteher they were deleted or not back to their original state.
yes, thats called a "backup"
I want to know wheteher my computer is transfering data between any pc
This is easy to monitor in a variety of ways. I trust conky to give me good stats, and I'll crosscheck that by comparing conky with my router's log and my firewall's log.
I mean i will get various people using my pc
Anyone who has physical access to a direct console login is a security threat. Vett them or elimate them.
I suggest that what you really need/want is CONTROL. Your issues go beyond ordinary linux install issues, and dive straight into the deep end of system administration. Okay:
1. If they have direct physical access to your hardware, you have a security risk. Remove this risk with physical security. Put your computer in a locked closet and allow individual users to access ONLY a thinclient that boots off of the server. Or alternatively, a shell client that boots on its own but then launches a virtual machine off of a remote server, and applications are sandboxed into the virtual machine instead of being run locally. Or both: they netboot a thinclient, which then launches a VM, and the applications are in the VM. Regardless, you have maximal control over access to your hardware AND you can immediately re-image any user back to a pre-set snapshot point.
2. You need to look seriously at how you're connected to the internet. You need a secure firewall on a seperate computer or appliance which is in between your incoming bandwidth (DSL or cable) and the router. A real firewall. All traffic goes through it, and THEN to the router. A secure router. And from there gets switched out. If you're serious, you run TWO firewalls and put a web proxy server in between them.
3. Encryption is not necessary if people cannot get physical access to your hardware. But if they can, then that data needs to be encrypted. To wit, your offsite backups need to be strongly encrypted. A serious vector that must be considered is a hack that corrupts a backup, which when restored rootkits your system. How serious? As a heart attack. Why? Because a backup is useless if you never test its ability to restore. So periodically you need to restore a backup to test the data integrity. A backup which has been rootkitted will rootkit your system when you restore it. Solution: security AND integrity. I propose strong encryption of the offsite backups.
