Security and Privacy Forum

Suggestions and feedback for Linux Mint and the forums
Forum rules
Do not post support questions here. Before you post read: Where to post ideas & feature requests

Does Mint Need a "Security and Privacy" forum?

Yes
99
49%
No
4
2%
Probably Yes
15
7%
Probably Not
6
3%
This would be very useful!
46
23%
Recent News says that we really need this
30
15%
Dumb Idea
3
1%
 
Total votes: 203

ouch.e

Privacy is a right. Ergo AdBlock & Encrypt always

Post by ouch.e »

MishaSherpa wrote:I suggest that Linux Mint make a "Security and Privacy" section of the Board and pay attention to it, i.e., actively participate in answering questions.
With a sticky explaining how you forfeit privacy, while trampling the Expectation of Privacy when you allow yourself to become the commodity by using "social" media.
Chiefahol

Re: Security and Privacy Forum

Post by Chiefahol »

Out of 127 votes, we're now seeing only 6 votes against the idea. (So 95%+ support.)

I would say we are clear to go on this.
With a sticky explaining how you forfeit privacy, while trampling the Expectation of Privacy when you allow yourself to become the commodity by using "social" media.
Yes that can be one of the first threads, good idea.
User avatar
Fred Barclay
Level 12
Level 12
Posts: 4185
Joined: Sat Sep 13, 2014 11:12 am
Location: USA primarily

Re: Security and Privacy Forum

Post by Fred Barclay »

Absolutely we need this! And the sooner the better! :D
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein
Ark987

Re: Security and Privacy Forum

Post by Ark987 »

Linux Mint aims to be user friendly, it will be a great challenge to make make security user friendly.
Indeed too much security reduces usability or even stability but users needs at least needs to know where to find information.

A great topic was published in DW: http://distrowatch.com/weekly.php?issue=20160314#tips
While we have received a number of interesting technical suggestions for checking the legitimacy of ISO images (with varying degrees of practicality), the reason we are not implementing most of them is the problem the Linux community faces with regard to corrupted ISO files is not technical, but (I believe) educational.
A compilation of resources where to go and check and what needs to be checked is needed.

Because not many uses read the tech news or follow up on the forums, IRC, etc. I would even go to the next step, since Mint already have it's own update manager software and it requires an active Internet connection. Why not come up with some kind of RSS feed about related security updates related to the pending update packages, in addition to some security trends news. Maybe this can be a standalone X-app.
Dr.Flay

Re: Security and Privacy Forum

Post by Dr.Flay »

Locks and puzzles, Rule Number 1:
If man can make it, man can break it.

The Linux world needs to wake up before it is too late, just like the Mac world has to.
"Malware" is more than old fashioned viri.
My thoughts that follow are free-flowing.....

In my news feeds I regularly see Linux exploits and now more frequently malware.
Core parts of Linux itself have been found to have some serious goofs.
Linux can host something that is not bothering it and act as an instigator or plague carrier.
Cross platform solutions such as jscript, Java, and almost all Adobe products will punch great big holes though protective layers of any OS.
Some hardware based malware such as bad USBs can go straight for the BIOS and don't care about the OS.
People always assume their machine is at threat rather than them simply being used as a pawn in a bigger game.

Surely the past 2 years have shown SSL flaws effect almost all of us at the same time ?
With every OpenSSL update, I make a posting at the Trillian and Vivaldi forums so people can manually update.

1 factor I don't see that anyone has contemplated, or I have not yet seen mentioned;
The most common hand-held computers on the planet are Android devices.
Android is a cut-down Linux, and can be upgraded or replaced with a full Linux.
The new most desirable target with the lowest hanging fruit to hack and abuse is the mobile phone market.
Thankfully the Android world has shown the value of not having access to ROOT, but ways have been found to gain privileges.
Certain paranoid nations engaged in lots of hacking are very pro-Linux (understatement) and becoming much more used to digging into the guts.
More newbie hackers than ever are now getting to grips with Linux because they have to, and on that journey into peoples phones they are learning lots of handy new tricks they can use in a full Linux too.
The army of Linux powered/aware hackers is growing fast.

The choice of Linux AV needs regular re-evaluation. Clam AV often shows it has serious problems, and the lack of promoted options on offer is worrying as we march forwards.
I often see ClamAV false positives in VirusTotal, or worse that it does not recognise a bad file.
Many AV companies use a Linux Live CD with their recovery tools, and some have now started making AV for Macs.
I am confident we will start to see more Linux AV released as full installs, as it becomes more needed.

Until there is a good range of quality Linux desktop AV, I recommend that knowledgeable security devs look into making a front end for VirusTotal or http://www.herdprotect.com
We need to start caring more about the platforms we are not on, eg. a Linux PC must recognise it is storing a file that will only infect a Mac etc. or every OS becomes a hidey-hole for malware, just like any external drive. It sits and waits until it can be used.
VirusTotal and https://anubis.iseclab.org have started to include cross platform definitions, and you can be sure they will be including Linux binaries once the threats get more common (if they don't already).

Even in Linux I install all the same malware and exploit protection in the browsers.
Man in the middle attacks are just as valid against Linux, and extensions like Perspectives, Calomel, WorldIP, HTTPS Everywhere, Web of Trust are just as useful. Many AV vendors also offer standalone browser extensions.

Choosing a secure authenticating DNS with DNSSEC capability is also something Linux users should do.
HOSTS files can protect all OSs from every kind of bad site if filled with the right IPs. This includes ads and trackers so you can add a base level of protection to all browsers used (useful for protecting dumb...*ahem*.. IE and Edge users).

In short, yes I think all Linux forums should have a security and privacy section.
Pretending the problems do not exist, or are not getting worse every day helps no one but hackers, and by the time disaster strikes they will not have any experience or knowledge.
Apple owners get the heat taken from them by the protection being done by the mother company. They are having their hand held, but other OSs don't have that.

Finally, and to put it very very bluntly.
Linux Mint is now a laughing-stock, and people are being told to stay the hell away due to shoddy security of the site and included software (I just tell people get the OEM distros without the CoDecs).
The TWiT channel is not doing you any favours by constantly reinforcing this any time people ask about leaving Windows.
This site needs to make a very loud and very public focus of security and privacy issues.
Yesterday if not sooner.

*EDIT*
http://arstechnica.com/security/2015/03 ... -weakness/
http://arstechnica.com/security/2015/08 ... avascript/
And now today
http://arstechnica.com/security/2016/03 ... rowhammer/

http://www.securityweek.com/vmware-patc ... s-vrealize
http://www.theregister.co.uk/2016/03/10 ... h_updates/

http://www.databreaches.net/private-tra ... e-exploit/
User avatar
Tomgin5
Level 6
Level 6
Posts: 1029
Joined: Sat Mar 19, 2016 2:37 pm
Location: Beaverton, Oregon USA

Re: Security and Privacy Forum

Post by Tomgin5 »

Amen to that Dr.Flay. Many of your posts are the basis of my going to LM17.3 cinnimon64. My browsing habits are changed as well. No more Google. No Chrome, No M$.
Habitual

Re: Security and Privacy Forum

Post by Habitual »

MishaSherpa wrote:I suggest that Linux Mint make a "Security and Privacy" section of the Board and pay attention to it, i.e., actively participate in answering questions.
How is the "Security and Privacy" section going to enhance the Desktop Experience
for the average user?
Rehash all the same things we've been preaching for 15 years?
Talk about Truecrypt?

LinuxMint is not responsible for my "Security and Privacy". I am.
Can you say that?
Chiefahol

Re: Security and Privacy Forum

Post by Chiefahol »

Habitual wrote:How is the "Security and Privacy" section going to enhance the Desktop Experience
for the average user?
If a user has a question on the topic, they would have a more appropriate place to put it. That's it really, more of a forum improvement then a desktop one TBH.
Rehash all the same things we've been preaching for 15 years?
Talk about Truecrypt?

LinuxMint is not responsible for my "Security and Privacy". I am.
Can you say that?
You can say that, plenty of times, in the new 'Security and Privacy' forum that most people want. :mrgreen:
User avatar
Fred Barclay
Level 12
Level 12
Posts: 4185
Joined: Sat Sep 13, 2014 11:12 am
Location: USA primarily

Re: Security and Privacy Forum

Post by Fred Barclay »

Yep, I'm afraid it's "back to business as usual" here.
Have we forgotten the pain of the hack already? :roll:
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein
Habitual

Re: Security and Privacy Forum

Post by Habitual »

Dr.Flay wrote:This site needs to make a very loud and very public focus of security and privacy issues.
Yesterday if not sooner.
Just what the Doctor ordered!

I think Fred has a point.
Habitual

Re: Security and Privacy Forum

Post by Habitual »

Chiefahol wrote:If a user has a question on the topic, they would have a more appropriate place to put it. That's it really, more of a forum improvement then a desktop one TBH.
Organized insecurity?
Chiefahol

Re: Security and Privacy Forum

Post by Chiefahol »

Habitual wrote:
Chiefahol wrote:If a user has a question on the topic, they would have a more appropriate place to put it. That's it really, more of a forum improvement then a desktop one TBH.
Organized insecurity?
I'm not quite sure what you mean? :oops:
Mohr

Re: Security and Privacy Forum

Post by Mohr »

Did I miss anything?
No reaction during four years of discussion and uttering this wish from The Team?
User avatar
majpooper
Level 8
Level 8
Posts: 2076
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: Security and Privacy Forum

Post by majpooper »

Most security and privacy remedies actually have little or nothing to do with the OS. How to protect yourself from DNS spoofing or DNS leaks, VPNs etc. Since if we have no problem discussing dogs, gender, football or whatever extraneous topic comes to someone's stream of consciousness, a section devoted to security and privacy does not seem superfluous. But I suppose including security and privacy with topics such as dogs, gender, football and so on is better than nothing.
Marie SWE
Level 5
Level 5
Posts: 713
Joined: Wed Feb 28, 2018 7:32 pm
Location: Sweden

Re: Security and Privacy Forum

Post by Marie SWE »

Interesting suggestion and poll.. a lot of votes, low on post and the topic is even more important now 2023 then it was back in 2013 and even when the last post was made in 2018.
if you want my attention...quote me so I get a notification
Nothing is impossible, the impossible just takes a little longer to solve..
It is like it is.. because you do as you do.. if you hadn't done it as you did.. it wouldn't have become as it is. ;)
Post Reply

Return to “Suggestions & Feedback”