Any recommendations for Linux Mint anti-virus and internet security?

[Faust]

...... Having said that if a piece of malware got on your system and fooled you into authorising a transaction that's probably a grey area. But if it nicked your log on details and then went on to drain your bank account the bank should cover you.

I agree that it's a very grey area .

I can easily picture a scenario where a customer suffers fraudulent transactions on their account , but the bank denies any liability or responsibility
because the customer did NOT do x , y or z .
This could be anything from running with no AV to using an AV that is not on the bank's approved list , or using a browser that is not " approved " .
eg. one that is a fork of Chrome or Firefox ( despite them often being more secure ! ) .

Then add-in the fact that most GNU/Linux users neither use nor need an AV .

I started thinking about this issue when a bank began pushing " Trustee Rapport " , with a recommendation that all customers install it on their systems .
I refused it , simply on the grounds that there is so little info available on what it does , and how ,
( but the bank would claim that this was for security reasons ) .

Does that make me legally culpable for any fraud on my account in the future ?

From a legal perspective , I think the bank would be on shaky ground since it's them that are pushing so hard
for customers to manage all of their banking online , or via mobile phone .

The relentless closing of smaller branches , particularly in rural areas , is one of the results of this business model .
It's particularly hard on elderly customers who may have used the same bank for their whole lives , yet now have to make a journey
into the nearest large town / city to do basic banking transactions , simply because they don't have a computer , or even a mobile phone !

[sleeper12]

No one mentioned Shields Up, so I will:
https://www.grc.com/x/ne.dll?bh0bkyd2

[smurphos]

...... Having said that if a piece of malware got on your system and fooled you into authorising a transaction that's probably a grey area. But if it nicked your log on details and then went on to drain your bank account the bank should cover you.

I agree that it's a very grey area .

I can easily picture a scenario where a customer suffers fraudulent transactions on their account , but the bank denies any liability or responsibility
because the customer did NOT do x , y or z .
This could be anything from running with no AV to using an AV that is not on the bank's approved list , or using a browser that is not " approved " .
eg. one that is a fork of Chrome or Firefox ( despite them often being more secure ! ) .

Then add-in the fact that most GNU/Linux users neither use nor need an AV .

I started thinking about this issue when a bank began pushing " Trustee Rapport " , with a recommendation that all customers install it on their systems .
I refused it , simply on the grounds that there is so little info available on what it does , and how ,
( but the bank would claim that this was for security reasons ) .

Does that make me legally culpable for any fraud on my account in the future ?

From a legal perspective , I think the bank would be on shaky ground since it's them that are pushing so hard
for customers to manage all of their banking online , or via mobile phone .

The relentless closing of smaller branches , particularly in rural areas , is one of the results of this business model .
It's particularly hard on elderly customers who may have used the same bank for their whole lives , yet now have to make a journey
into the nearest large town / city to do basic banking transactions , simply because they don't have a computer , or even a mobile phone !

As far as I know in the UK at least no bank can enforce use of particular software to access their services other than by making such services technically dependent on that particular software, and as the law stands failure to undertake recommended steps such as installing security software does not make you culpable for any loss, unless the bank can successfully argue that you knowingly authorised the fraud (in which case technically its no longer fraud).

They can and do break their services if you are using a mobile banking app on a rooted phone, or don't keep your banking app current and I guess most will break their websites if using a dangerously outdated browser. Basically it's up to them to make sure their services can be accessed securely and if they want to keep their customers to make sure that can be done via a variety of platforms without too many hoops to jump through.

[rbmorse]

hi smurphos and taking the time to answer this question...my least secure password is the one i use here to access the forums...howsecureismypassword.net tells me that this particular one im using is...

It would take a computer about

552 QUADRILLION YEARS

to crack your password

my most secure password protections are all different of course and are for my protonmail.com and my banking and insurance info...

It would take a computer about

177 UNDECILLION YEARS

to crack your password

needless to say my banks and insurers are more than well satisfied with this...lol

However, it would take a key logger the time it takes to type your password to crack your password. Security is not simple.

[DAMIEN1307]

single user machine in a single household with no other person in breathing distance...lol...keylogger would be quite difficult to install without physical access...behind 3 firewalls with brave browser, ublock origin, privacy badger, and absolutely nothing enabled by default.

ps...its been checked out by friends of mine from white sands and holloman...they tell me its more secure than what they shoot missiles with...thats a scary thought isnt it.

[carum carvi]

what a by default enabled firewall does for newbies is interfere with perfectly legitimate LAN-traffic; making services undiscoverable, disallowing connections to internal network resources; turning LAN networking decidedly non-Plug 'n Play, and causing these forums to flood with messages from newbies about why Linux is so difficult and ridiculous when "everything Just Works on Window".

I always enjoy helpful tips for newbies like the above. Because experienced users know the ins and outs well enough, but newbies dont.

Furthermore I like to mention the quote by longtime forummember Jimallyn who has experienced a virus free Linux OS for many years and he also mentions that he doesnt know of any other Linux users with problems with virusses. That's reassuring to know.

What's possibly much more troublesome than the security of our personal pc's are all our identity records in unsecure databases stored at companies. We cant control how companies watch over our database records. Breaches are happening all the time. I recently tried to visit the website of my hospital. Firefox wouldnt allow a connection because the security certificate was invalid. That's the same hospital that holds all my personal records. I reported the firefox security warning to them weeks ago. Nothing has changed. We live in a world of AMATEUR security provided by government and private companies.

Just yesterday a 500 million account of Marriot hotel guests was found online with birthdates and creditcard numbers. Just another staggering example of identity theft:

https://www.theregister.co.uk/2018/11/3 ... ds_hacked/


Quote worth mentioning:

A Practical Guide to Red Hat Linux by Mark G. Sobell, Third Edition (Prentice Hall), page 989.

After forty years in the commercial computing business, the one idea that has been drilled into me by security professionals is the fact that there is no such thing as a secure computer system, only levels of insecurity. Therefore the cost of keeping the information and system secure has to be balanced with the cost of losing that information or system, or having it damaged.

[lsemmens]

hi smurphos and taking the time to answer this question...my least secure password is the one i use here to access the forums...howsecureismypassword.net tells me that this particular one im using is...

It would take a computer about

552 QUADRILLION YEARS

to crack your password

my most secure password protections are all different of course and are for my protonmail.com and my banking and insurance info...

It would take a computer about

177 UNDECILLION YEARS

to crack your password

needless to say my banks and insurers are more than well satisfied with this...lol

Of course, now that you've shared your password with "hosecureismypassword" Your security has dropped to almost nil. If they had the desire, thay would also just record your password and IP and, guess what?

[smurphos]

Of course, now that you've shared your password with "hosecureismypassword" Your security has dropped to almost nil. If they had the desire, thay would also just record your password and IP and, guess what?

A fair concern but unfounded in this case. On that particular site your password never actually leaves your PC, all the calculations are done locally. You can test by loading the site in your browser, switching off your wireless and Ethernet and then inputting stuff in the password field - you still get results despite being offline.

[Pjotr]

Of course, now that you've shared your password with "hosecureismypassword" Your security has dropped to almost nil. If they had the desire, thay would also just record your password and IP and, guess what?

A fair concern but unfounded in this case. On that particular site your password never actually leaves your PC, all the calculations are done locally. You can test by loading the site in your browser, switching off your wireless and Ethernet and then inputting stuff in the password field - you still get results despite being offline.

That's not a conclusive test, because you can't be sure that your password (and IP address) isn't being recorded on that website whenever there *is* an internet connection....

Personally, I wouldn't dream of ever entering my OS password on such a website. Or on any website at all, for that matter.
https://www.youtube.com/watch?v=_kKXvDaJIzQ

[Moem]

Personally, I wouldn't dream of ever entering my OS password on such a website. Or on any website at all, for that matter.

I agree. I would rather use something that's constructed the same way, but completely different from the actual password.

[DAMIEN1307]

smurphos is correct though i neglected to say that yes, i always run that check "offline"

[majpooper]

Personally, I wouldn't dream of ever entering my OS password on such a website. Or on any website at all, for that matter.

I agree. I would rather use something that's constructed the same way, but completely different from the actual password.

Exactly - and this is so easy to do with a password generator like Lastpass but there are tons of them around. I checked a random 12 character password that uses upper and lowercase, numbers and symbols and it showed it would take a Massive Cracking Array 1.74 centuries to crack and the other methods even much longer.