Hello I'm Chris

[CrazyElf]

Hello world! I am Chris and I live in Canada.

Currently, I'm using Linux Mint 18 x64 Cinnamon. I've made a few minor updates (currently updating regularly to the latest Kernel, which right now I believe is 4.85, although I think 4.86 just got released a day ago; will update soon).

I'm hoping to use Linux as my main daily driver, as I have become increasingly worried about my privacy given the direction that Microsoft is going. I recently had a close friend of mine get hacked and I have been thinking about how to secure my data considering how vulnerable we all are. I would imagine that Linux Mint would take security relatively seriously given the recent attack this year on this site and that Linux overall is going to be more secure than Windows.

The only time that I plan to use Windows going forward I think will be for applications that need it. Microsoft Office 2016 (unfortunately the world of business revolves around Office and not LibreOffice) and games mostly, but there are a few other Windows only software that Wine doesn't seem to work that well with.

I would consider myself to be an intermediate user of Linux. I've been using it on and off, hopping between various distros. The main ones being OpenSUSE and Ubuntu. I have settled though on the idea of Mint being my daily driver for now though.

I built my own PC and I am thinking about how to secure right myself right now:

• Buy a Trusted Platform Module 2.0 (it's actually hard to find the 14 pin TPM 2.0 variant here in Canada)
• Set up LUKs for my main partition on my Mint SSD (a Samsung 850 Pro 256 GB)
• For now encrypt my Windows disk with Bitlocker AES 256 bit (a Samsung 850 Pro 512 GB with 7.5% overprovisioning) - not a perfect solution
• Thinking about looking for a good password manager
• I've set up 2 factor authentication for my main email
• I also have a personal email on my website and I'm thinking about using RSA 4096 bit for my sensitive emails

I think it's become necessary given the state of security these days.

[jimallyn]

Welcome aboard, Chris!

[xenopeek]

Welcome to the Linux Mint forums!

Some of the things you mention are only useful to protect your data from people who have physical access to your computer, not from remote attacks while you are logged in to your computer. For most home users their web browser is the most vulnerable point of attack. You can be tricked into clicking a link or downloading something; you can improve your security is this regard by for example installing an ad blocking add-on in your browser as most malware is reportedly distributed through ad networks. Specially crafted content could also try to use known or unknown bugs to get your web browser to do things it shouldn't. Aside from 2 factor authentication on important online accounts and a good password manager (with 2FA!) your other measures don't do anything to protect you online. I would suggest you look into something like firejail, which is a security sandbox that protects your operating system and personal files from being attacked or stolen through exploits of known & unknown bugs in your programs. I would recommend to use it at least for your web browser.

[The-Wizard]

Welcome to the Mint family forums

wizard

[Crewp]

Welcome to Linux Mint, and the Mint forum.

[GoLinux]

Welcome Chris. Enjoy the ride!

[phd21]

Hi "CrazyElf" (Chris),

Welcome to the wonderful world of Linux Mint and its excellent forum !

It would help to know more about your system setup. If you run "inxi -Fxzd" from the console terminal prompt, highlight the results, copy and paste them back here, that should provide enough information.

Something to think about, you can go "overboard" with too much security and make your system unstable, or extremely slow, or both.

I'm hoping to use Linux as my main daily driver, as I have become increasingly worried about my privacy given the direction that Microsoft is going. I recently had a close friend of mine get hacked and I have been thinking about how to secure my data considering how vulnerable we all are. I would imagine that Linux Mint would take security relatively seriously given the recent attack this year on this site and that Linux overall is going to be more secure than Windows.

To help prevent hackers:
Linux and Linux Mint are much more secure than other operating systems already. The event you are referring to was a cowardly attack to the Linux Mint website, not by breaking into active Linux Mint operating systems, and they have now secured their websites. The hackers did alter some of the Linux mint download ".iso' files, but that has also been corrected, and anyone can verify the Linux Mint download files to make sure they are from the original Linux Mint developers and are okay to install and use.

Secure your hardware router (enable its firewall, allow only trusted access by network card Mac address and or IP addresses), use a good password and change its password at least monthly, Enable your Linux Mint software firewall (ufw, Gufw), Change your local ISP's Internet connection's default DNS servers to secure ones from OpenNic project, dns.watch, OpenDNS, etc... in the router or at the computer desktops, use a VPN provider for your network connection(s), use a good Linux Mint login password, use "Firejail" for all Internet enabled applications, etc... When not using your computer for extended periods of time, away from your computer for more than an hour, overnight, etc... then disconnect from your Internet connection by simply clicking the Network Manager icon in your system tray panel, and clicking "disconnect" from your Local ISP connection. You can easily re-connect to your local ISP Internet connection when you want using the same procedure. Or, just shutdown your computer when not in use...

The only time that I plan to use Windows going forward I think will be for applications that need it. Microsoft Office 2016 (unfortunately the world of business revolves around Office and not LibreOffice) and games mostly, but there are a few other Windows only software that Wine doesn't seem to work that well with.

LibreOffice is an excellent MS office alternative (getting better all the time with updates as well), and it can read and write all but the most complicated MS Office documents, spreadsheets, etc... You can always use MS Office Live Online for those exceptions, or Google's Docs and other Google Office stuff. You can install MS Windows into VirtualBox or VMware, and run anything related to MS Windows in that while still in Linux Mint without dual booting, including MS Office or games.

The "Steam" system that is available for Linux is a great option for gamers, and it is getting better each week ...

[*]Buy a Trusted Platform Module 2.0 (it's actually hard to find the 14 pin TPM 2.0 variant here in Canada)

I am not familiar with this (yet), so no comment from me.

[*]Set up LUKs for my main partition on my Mint SSD (a Samsung 850 Pro 256 GB)

You can setup encryption for your "/home" folder during the initial install of Linux Mint. A note of caution regarding encrypting a drive, or its partition, or the entire "/home" folder, if you encounter an error of some kind, hard drive error (bad sector, etc...), or some other kind of error, then you can easily loose access to the entire drive, partition, or your entire "/home" folder and all of its contents.

[*]For now encrypt my Windows disk with Bitlocker AES 256 bit (a Samsung 850 Pro 512 GB with 7.5% overprovisioning) - not a perfect solution

You can install a program like "VeraCrypt" to create a super secure area of a drive or external drive (USB flash drive stick) to put secure data and files in that.

[*]Thinking about looking for a good password manager

"KeePassX" (v2.x) and "KeePass2" are superb secure password managers an d are available in the Software Manager or Synaptic Package Manager (SPM).

[*]I've set up 2 factor authentication for my main email

I am assuming from your comment that you are using the excellent "Gmail" services. If you want to use some really good 3rd party programs for secure chat messaging, etc... then using 2 factor authentication may make that more difficult, or impossible. Of course, you can change that at anytime. The only true secure email is by using GPG (PGP) encryption which requires setting up GPG keys for you and your email contacts. Fortunately, it is an easy thing to do, and Linux Mint has applications for this "GPA", "SeaHorse" (Passwords and Keys), KGpg, Kleopatra, the console terminal command prompt, etc... Thunderbird has "Enigma", etc...

[*]I also have a personal email on my website and I'm thinking about using RSA 4096 bit for my sensitive emails

Again, this requires that you and your email recipients have GPG (PGP) encryption keys that you exchange with each other.

Hope this helps ...

Enjoy using Linux Mint ...

Have a great day !

[CrazyElf]

Thanks everyone for the greetings!

Welcome to the Linux Mint forums!

Some of the things you mention are only useful to protect your data from people who have physical access to your computer, not from remote attacks while you are logged in to your computer. For most home users their web browser is the most vulnerable point of attack. You can be tricked into clicking a link or downloading something; you can improve your security is this regard by for example installing an ad blocking add-on in your browser as most malware is reportedly distributed through ad networks. Specially crafted content could also try to use known or unknown bugs to get your web browser to do things it shouldn't. Aside from 2 factor authentication on important online accounts and a good password manager (with 2FA!) your other measures don't do anything to protect you online. I would suggest you look into something like firejail, which is a security sandbox that protects your operating system and personal files from being attacked or stolen through exploits of known & unknown bugs in your programs. I would recommend to use it at least for your web browser.

Yeah it's a good idea.

Right now I'm using:

• Disconnect
• Ublock Origin
• No script
• CookieMonster
• Encrypted Web 5.15 (fork of the EFF's HTTPs everywhere)

To help prevent hackers:
Linux and Linux Mint are much more secure than other operating systems already. The event you are referring to was a cowardly attack to the Linux Mint website, not by breaking into active Linux Mint operating systems, and they have now secured their websites. The hackers did alter some of the Linux mint download ".iso' files, but that has also been corrected, and anyone can verify the Linux Mint download files to make sure they are from the original Linux Mint developers and are okay to install and use.

Secure your hardware router (enable its firewall, allow only trusted access by network card Mac address and or IP addresses), use a good password and change its password at least monthly, Enable your Linux Mint software firewall (ufw, Gufw), Change your local ISP's Internet connection's default DNS servers to secure ones from OpenNic project, dns.watch, OpenDNS, etc... in the router or at the computer desktops, use a VPN provider for your network connection(s), use a good Linux Mint login password, use "Firejail" for all Internet enabled applications, etc... When not using your computer for extended periods of time, away from your computer for more than an hour, overnight, etc... then disconnect from your Internet connection by simply clicking the Network Manager icon in your system tray panel, and clicking "disconnect" from your Local ISP connection. You can easily re-connect to your local ISP Internet connection when you want using the same procedure. Or, just shutdown your computer when not in use...

Yeah definitely something to consider - I"ll have to look into Firejail.

I just wish there was a more friendly way to do what has been done with Qubes distro.

"KeePassX" (v2.x) and "KeePass2" are superb secure password managers an d are available in the Software Manager or Synaptic Package Manager (SPM).

Thanks - will look into those. Right now I do prefer an open source password manager (a non-open source one could mean that the software developer has your password with no way for you to find out).

[*]I've set up 2 factor authentication for my main email

I am assuming from your comment that you are using the excellent "Gmail" services. If you want to use some really good 3rd party programs for secure chat messaging, etc... then using 2 factor authentication may make that more difficult, or impossible. Of course, you can change that at anytime. The only true secure email is by using GPG (PGP) encryption which requires setting up GPG keys for you and your email contacts. Fortunately, it is an easy thing to do, and Linux Mint has applications for this "GPA", "SeaHorse" (Passwords and Keys), KGpg, Kleopatra, the console terminal command prompt, etc... Thunderbird has "Enigma", etc...

[*]I also have a personal email on my website and I'm thinking about using RSA 4096 bit for my sensitive emails

Again, this requires that you and your email recipients have GPG (PGP) encryption keys that you exchange with each other.

Hope this helps ...

Enjoy using Linux Mint ...

Have a great day !

Yep - that's a big problem, both sides need to have GPG keys for each other. I wish there was a more user friendly way to send GPG keys than the status quo.

[dehawkinz]

Right now I do prefer an open source password manager (a non-open source one could mean that the software developer has your password with no way for you to find out).

KeePass is fairly secure in that regard, since you have both the manager and the password database on your computer, the developer has no access to the password you used to lock the database(s) with
(I actually have multiple databases and split my passwords between them - eggs in one basket and all that)

[kc1di]

Hello Chris and Welcome to Linux Mint Forums,

As you can already tell you can get a wealth of Information just for the asking.
Enjoy!

[phd21]

HI "CrazyElf",

Yep - that's a big problem, both sides need to have GPG keys for each other. I wish there was a more user friendly way to send GPG keys than the status quo.

It is pretty easy to exchange your "public" GPG or PGP encryption keys (key certificates) with someone you want to have secure email and messaging communications with. You and your people (recipients) that you want secure encrypted communications with can just "export your "Public" GPG PGP key" (or key certificate) to a file using any of the aforementioned encryption applications in whatever operating system, then just attach that key file to an email, or a secure chat messaging application, or meet in person to exchange them, or if they are published keys, then you can just look them up and import them into your system. You might consider naming the exported key certificate file with the associated email address it is for to avoid confusion, like "YourEmailAddress.pgp" or "YourEmailAddress.asc". It is safe to exchange key certificate files because no one should have your secure key certificate password to "decrypt" any of your communications using your encryption key (they use their own encryption key and their password). And, you need each others encryption keys to "encrypt" communications with your recipient's GPG PGP keys (or key certificate). Tip: When encrypting messages, always include your own encryption key along with your recipient's encryption key, so that you can "decrypt" your own sent messages if you want to.

Hope this helps...

[pdhunter1987]

Welcome to the Linux Mint community Chris!...aye.

[all41]

Hi Chris--You're gonna fit right in
Here's a big welcome for you

[CrazyElf]

Thanks everyone.

HI "CrazyElf",

Yep - that's a big problem, both sides need to have GPG keys for each other. I wish there was a more user friendly way to send GPG keys than the status quo.

It is pretty easy to exchange your "public" GPG or PGP encryption keys (key certificates) with someone you want to have secure email and messaging communications with. You and your people (recipients) that you want secure encrypted communications with can just "export your "Public" GPG PGP key" (or key certificate) to a file using any of the aforementioned encryption applications in whatever operating system, then just attach that key file to an email, or a secure chat messaging application, or meet in person to exchange them, or if they are published keys, then you can just look them up and import them into your system. You might consider naming the exported key certificate file with the associated email address it is for to avoid confusion, like "YourEmailAddress.pgp" or "YourEmailAddress.asc". It is safe to exchange key certificate files because no one should have your secure key certificate password to "decrypt" any of your communications using your encryption key (they use their own encryption key and their password). And, you need each others encryption keys to "encrypt" communications with your recipient's GPG PGP keys (or key certificate). Tip: When encrypting messages, always include your own encryption key along with your recipient's encryption key, so that you can "decrypt" your own sent messages if you want to.

Hope this helps...

Yeah looking around, the only thing that could happen (and this is more for the paranoid) is if someone modified your public key with their public key, which an MD5 Checksum should rectify.

I will probably move any technical questions to the correct sub-forum going forward, but thanks for the advice.

[pdhunter1987]

Hi Chris! Welcome to the Linux Mint community!