Quick to answer questions about finding your way around Linux Mint as a new user.
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Spartacus1964 wrote: ⤴Thu Apr 22, 2021 9:39 am
Wine is the norm.
No, it really, really is not. You e.g. here on the forum find that few use it for anything (perhaps these days Steam's Proton makes for a somewhat larger percentage overall, but that's not "generic Wine" as such).
If you use Linux rather than Windows it tends to make great sense to people to use Linux-programs rather than Windows-programs. To conversely if you use Windows-programs use Windows rather than Linux --- even if only in a VM.
GS3 wrote: ⤴Sun Mar 21, 2021 4:30 pm
... UFW seems too simple and too complicated and not focused the way I analyze things. ...
The problem isn't ufw, it's the way you're analyzing it. You seem to be harboring some Windows assumptions that don't hold in Linux. Gufw with the standard settings is perfectly adequate for the vast majority of desktop Linux users. Especially if you use a strong router password.
For every complex problem there is an answer that is clear, simple, and wrong - H. L. Mencken
Heck, no firewall is perfectly adequate for the vast majority of desktop Linux users. And note by the way that a router password is generally irrelevant: the fact you can login to a router from its LAN-side does not mean you can from its WAN-side (without you very explicitly configuring such). Anyways. Iteration 4325464423 of this same thread...
Spartacus1964 wrote: ⤴Thu Apr 22, 2021 1:17 pm
Nah, they all use Wine.
All it takes is one person who doesn't use Wine to render that statement false; I'm that person (although I would be shocked if there weren't others, as well).
Jeannie
To ensure the safety of your data, you have to be proactive, not reactive, so, back it up!
Is Wine really that common? That surprises me because you'd think most Linux users would want to ditch Windows entirely. I don't use Wine, myself, and I have no interest in it.
I understand that some people "just can't give up that one Windows application", but you'd think the desire to get off Windows would make more people find open source alternatives to those applications. Sure, it may take a bit of learning a new application, and it may not be 100% perfectly the same, but isn't it worth it just to get off of Windows completely?
No, Wine isn't that common; established Linux users have neither want nor need for it and new users simply dual-boot during their switching days. It's (again, other than these days for gaming via Proton) a niche want for e.g. antiquated Windows tax programs --- which then tend to not work anyway.
GS3 wrote: ⤴Sun Mar 21, 2021 4:30 pm
... UFW seems too simple and too complicated and not focused the way I analyze things. ...
The problem isn't ufw, it's the way you're analyzing it. You seem to be harboring some Windows assumptions that don't hold in Linux. Gufw with the standard settings is perfectly adequate for the vast majority of desktop Linux users. Especially if you use a strong router password.
Hogwash. Again, if you want to discuss that issue take it to another thread. I am not interested in hearing for the umpteenth time that I do not need anything that is not what natively comes with Linux. If that is what you want to discuss please take it to another thread. I am not interested in hearing the Linux uber alles party line. Thank you.
Please do not use animated GIFs in avatars because many of us find them distracting and obnoxious. Thank you.
Spartacus1964 wrote: ⤴Thu Apr 22, 2021 4:40 am A number of regulars on here don't seem to want you to use a firewall for some reason. Perhaps they are peeved that you think 'their' version of a firewall is insufficient. Which of course, it is.
Regardless of whether you consider Linux, and all it's associated programs to be 'safe' or 'trustworthy', there is one simple reason to have an application-level firewall, WINE.
Beacuse WINE allows the installation of Microsoft based programs.
I installed the latest version of Opensnitch a while ago, against the 'advice' of some regulars here. Search for my thread. It worked perfectly for the time i used Linux Mint.
I am using Opensnitch on one machine and I intend to keep it for now but I found it just too complex and not worth the trouble of installing it on other machines. If I had any machine where I considered I needed a higher level of firewalling then yes, I would install it but for casual, everyday use and low security or for inexperienced users I would not install it.
And it is not only WINE, although that too. I find the notion that I should blindly trust anything that runs on Linux just ridiculous. Pure fanaticism. Malware, spyware, can be written for Linux just as well as for Windows. Too many programs try to "phone home" and I should be in control of allowing that or not. I have already detected a couple of cases by using Opensnitch.
And yes, it seems in every thread where someone asks how to do something that is out of the ordinary, a bunch of hard core fanatics come out of the woodwork to dismiss the asker as not being pure enough for Linux. These people do more to drive newbies away from Linux than any MS fan could do.
Please do not use animated GIFs in avatars because many of us find them distracting and obnoxious. Thank you.
So, GS3, what did you decide to go with? Anything at all?
Just to throw some more (useless?) opinions into the mix, I would re-iterate, despite what may have been claimed earlier in this thread, that firewalls are not, in fact, obsolete. Firewalls block incoming network connections to existing ports (not hardware!) on a machine that has those ports open. If you don't have any ports open (like most Linux desktops), then a firewall isn't going to be much help, although I'd still advise their use. This logic of most desktop users not having any network ports open is what some people might have incorrectly used to deduce that "firewalls aren't useful". Desktop computers rarely have ports open because open ports are specifically used to listen to incoming connections from software from other computers (web server, email server, Skype, some video games, etc), but Linux servers generally always have multiple ports open to listen for client connections, because they are deisgned as, well, servers. That's their job. And a firewall on a Desktop machine, like the one in LM is still actually useful because if any malicious software opens a network port, or just an application you don't know about, it will block any incoming attempts to connect to it (using the default firewall config). Mind you, to get that level of malware on a Linux desktop, you'd have to be downloading and running quite a bit of bad and untrusted software, which is simply at the human level at that point.
You mentioned in an earlier post you had worries of "someone accessing the webcam". Well, that isn't something a firewall can directly prevent. The solution isn't a firewall magic bullet, unfortunately. Hardware is much more difficult to access on computers than network ports. Firewalls only protect against connections to network ports you may have running (intentionally or otherwise). Hardware isn't "exposed to the network" unless it has software that is exposing it to the network (Skype, Zoom, some games, etc).
The only way hardware is going to get connected to from over the network is if the machine is already comprimized by a malicious application/trojan/malware/virus that then gets a third party to connect to it. That usually happens because of the user downloading and installing something they probably shouldn't. Linux is not as locked down as Windows or Mac OS, so it does require a bit more understanding of these things. And this is not something a firewall is designed to really do, other than to block any connections to incoming ports (which could help in this instance, but not if the trojan/malware/virus connects via an outbound connection).
I don't mean to disparage you or your knowledge or drive you away, so forgive me if you already know all this, but it does play a part in deciding which security solution to go with. The users on here aren't simply spouting "pure fanaticism". Linux is actually more secure than Windows, whether you agree with it or not. There's a reason why many (all?) security professionals use Linux and why most servers that run the internet run Linux. These are facts to which I can attest.
Anyway, computer security is a huge issue, and I do understand a fair bit of it, but I also know my limits. It's important to know how and why certain security solutions work and what they protect against. I'd still advise you to run the basic LM firewall, even on default settings (just turn it on). If your friends/family aren't used to OpenSnitch, I understand, but as I think I suggested before, you can still run it and describe how it works to your more tech-savvy friends if they are used to ZoneAlarm. They should be able to get used to OpenSnitch since all they ever have to do is interact with the popup that looks just like the ZoneAlarm screenshot you provided - at least as far as the "Allow/Deny" functionality works. And you can even pre-configure OpenSnitch for them so they rarely even see that popup - at which point they would never even know it is there.
The other key piece that I think people have tried to impress upon you is that Linux is much more inherently secure than Windows. By a very large margin. Therefore, you can't just bring your security thinking over from Windows as a one-to-one correlation, because it is apples and oranges. To conclude that Linux is "less secure" than Windows is just born of ignorance, unfortunately. There are many ways of securing Linux, and it can get very complicated if you get into complex server deployments. But we've provided a few solutions that will work for most Desktop users. Linux Mint is generally secure enough out of the box for most casual users like, I would guess, your family and friends are.
I'm not a fanatic, and I hope I'm not driving you away, I'm only trying to help you. Bottom line, at least in my opinion, is that Linux Mint is secure enough out of the box for most casual users. And turning on the built-in firewall with default settings and using something like OpenSnitch you will up your security to a level that is beyond what most Linux desktop users really need.
Can you please give me your specific top three main concerns that you want to protect your users/family/friends from? It would be nice to have a few concrete examples of what you are trying to secure and protect their machines from.
Did anyone in this thread say Linux was 'Less Secure'? I was under the impression the thoughts expressed here were more along the lines of 'Linux is not 100% secure'.
Also, when I make a ridiculous unprovable claim (in response to another's), i am lambasted. When a regular makes a ridiculous unprovable claim......nothing
Also, the mentality "I don't use it, so nobody else should be using it" beggars belief.
Nicely ties in with a theme that's been running as of late in the more specifically chatty subforums here. That is, speaker is special, the rest are sheeple, a clique, ...
Yesterday I upon reading newlyminted7's reply was about to comment to him or her how much of a breath of fresh air it was to finally see someone speak of computer security on this or really any end-user computer technology forum on the internet while clearly knowing something about said technology. Abandoned that reply again upon noticing it was in fact rather presumptuous but part of it would've also been how speaking of the technology is in fact in vain since this discussion on the internet is not about technology but about psychology. Very much in the sense of my first sentence above --- but really even in fact in the quite objective sense of "social engineering" being the vastly largest part of computer security as it concerns said end-user.
Glad I didn't in the end but while certainly in vain still, I do feel some urge to impress upon you (Spartacus1964) that, no, you are concerning this subject not quite special. Remains to see if GS3 can still be saved --- although I doubt that as well.
Last edited by rene on Fri Apr 23, 2021 2:28 pm, edited 1 time in total.
Can someone really get the power back and be purified after that? As expressed above "it can be nice to discover applications doing things that they arguably shouldn't be doing, or that you aren't happy with them doing".
t42 wrote: ⤴Fri Apr 23, 2021 6:54 am
Can someone really get the power back and be purified after that? As expressed above "it can be nice to discover applications doing things that they arguably shouldn't be doing, or that you aren't happy with them doing".
Not sure I catch your drift there (nor in your earlier smilie-reply to that statement by newlyminted7). Although I'd personally admittedly undoubtedly find that "can" significanly less frequently fulfilled than e.g. threadstarter, makes general sense to me as a reason for at least wanting an application-level firewall. If, that is, you were saying that to you it does not but as said, not sure I understand what you're saying. I.e., who is "someone" in that? So confused...
Lol, ah the internet, wow. Sorry it wasn't a "perfect answer" for you, boys (but I did actually speak the truth). t42, spartacus, rene, maybe you guys can try answering GS3 directly and constructively yourselves instead of just criticing those who try? What a concept!
Sorry, GS3, good luck, I did my best, apologies that I failed miserably, apparently.
I'll let you guys get back to your flaming and arguing now!
I believe you misread in my case at least: I complimented your answer. It was a good answer and hence (also) my disappointment at seeing it go to waste.
I believe you misread in my case at least: I complimented your answer. It was a good answer and hence (also) my disappointment at seeing it go to waste.
Ah, gotcha, thanks rene. Sorry, I misunderstood.
Anyway, hopefully GS3 can find what he is after!
You've at the very least made me aware of OpenSnitch and while I will no doubt not in fact use it (I use no firewall on individual Linux systems at alll: my NAT router and router-based IPv6 firewall together with me not installing applications I do not trust work for me) that's still interesting.
rene wrote: ⤴Fri Apr 23, 2021 2:37 pm
You've at the very least made me aware of OpenSnitch and while I will no doubt not in fact use it (I use no firewall on individual Linux systems at alll: my NAT router and router-based IPv6 firewall together with me not installing applications I do not trust work for me) that's still interesting.
Well, I'm glad to hear I helped someone, at least!
OpenSnitch is nice and it helped me learn a lot about Linux Mint's own behaviour, as well as what other applications are doing, but no, I'm not suggesting that it is "required" for proper Linux security, not by any stretch.
As far as I'm concerned, applying a "Windows security" mentality to Linux is just not required. Your setup is further testimony to what I consider reasonable Linux security. And people can only benefit by understanding why such a setup is secure and sufficient, and that takes a willingness to learn some things about Linux, which is what prompted me to try to describe what I did in my earlier, lengthy post.
