Top 10 Ways to Protect Your Linux Home System


by Mark Rais, Senior Editor Reallylinux.com and author of Linux For the Rest of Us 2nd Ed.


As a result of articles referring to the threat of Worms and Viruses attacking Linux systems, many new Linux users are in a panic. They are running around wildly, weaping to their mothers for help... or maybe not? I find very few new users who are either panic stricken regarding worms & viruses or for that matter even concerned. The few beginners who've asked me about the need and options tend to be curious rather than consumed by FUD related materials.

To help them out and calm any panic stricken nerves, I've completed a brief, encouraging and straightup list for protecting your Linux home system. Obviously, if you're using a Linux server in a business environment you'll need to go beyond some of these tips.

As I prepared for my Linux Security interview with Jon Watson, it became obvious to me that for the average Linux home user, there's not really much regarding viruses, at least when compared to the nightmares some of my Windows using friends have encountered.

So, in a bit of off the cuff humor, I've created a Linux Top Ten Countdown. It's nowhere near as funny without a drum roll, so perhaps you can download and listen to one while reading the list.

Hopefully, these tips will help settle some upset stomachs and calm any panic induced by some haphazard reports regarding Linux security.

Top 10 Ways to Protect Your System

Number 10.

Visit a local computer software store, drift through the aisles filled with internet security and spyware protection products and simply walk on past them. You don't need to spend $49 to protect a home Linux system. Even if you are seriously concerned, there are plenty of Free Open Source solutions available to you that I list later.

Number 9.

Get online and download or order a large set of Knoppix Live Boot CDs and share them freely with your Windows using friends.

This is especially important if you know of a Windows user who recently purchased a DSL or Cable Modem connection and asks you earnestly, "what's spyware?" Save them, for the love of humankind! Get them using Linux before their system is infested with a dozen spywares consuming their bandwidth and system resources. In fact, these handy "live-cd" releases are good for many things including Emergency Booting a Windows PC! One of my friends foolishly ignored this advice and within 60 seconds of connecting his WindowsXP system on my DSL line had a slew of spyware rooted on his hard drive. Ironically, I had been using the same DSL for six months with a basic SuSe 9.3 release and zero issues crept up. Yes, he took a Knoppix CD home with him that night!

Number 8.

Get familiar with the world of OpenSource on sites like Freshmeat.net and see just how much is available to you regarding every aspect of Open Source software. I'm not just talking about security utilities. I'm also referring to the exceptional power of programs like: Firefox web browser, OpenOffice.org 2.0, Apache projects, and MySQL 5.0, among over 105,000 others.



I've been considering printing the full list out in 4 point font and carrying it in my notebook case for that not uncommon moment when someone asks me "is there much software available?" I can just whip out the 100,000+ listing and hand it to them.

Number 7.

Take the time to download and install a patch if a critical update is announced. How frequently do such advisories occur? For the most part only a few times a year at most (obviously, this depends on your applications as much as your Linux flavor/kernel). The important thing is to realize that home Linux use does not require you to patch every time an announcement is made. Just keep your ears out for critical security related patches, if they come.

In the Windows world there is a tendency towards hyper patching. As a result, some of my technically savvy Windows friends switch over to Linux and start patching their systems on an almost daily routine. Then they come to me, panting and sweaty saying, "Oh man, so many patches!" Ironically, even as Microsoft pointed the blame at RedHat for releasing far more patches, they failed to also point out almost none of the RedHat patches were critical security updates. Patch when critical updates come, otherwise relax and enjoy your stable, quality home Linux PC.

Number 6.

Never run executable programs as root. If you login as root and find odd programs you don't recognize, please take the time to move them to a user space. Never run such programs using the ultra powerful root... unless you're particularly bored one day or partial to self-flagellation that is.

Number 5.

This takes me to the next point (about Linux not flagellation). There are multitudes of websites out there offering "free" software and downloads. Please avoid Trojans and other problems by downloading your software from reliable sites. Most websites will provide MD5 checksums and verified downloads protecting you from issues. Stick to known and reliable websites. Hey, not all the points are funny okay!

Number 4.

Lots of people forget that even though your Linux system may be far less vulnerable to viruses and malware, your Windows systems on the same home network remain vulnerable. One major vulnerability of Windows systems on a Linux network is that the Linux machine inadvertently passes along viruses or malware that did not affect it. You can cover this weakpoint by downloading and using Linux based antivirus software. Although it is unlikely your AV software will protect your Linux box from anything malicious, it is highly likely it will keep things away from your Windows systems. Ironic but quite true. You can download a few AV Linux software from:here, or here, or here. You can also find several commercial anti-virus, anti-spam, and anti-malware options.

Number 3.

Yep, this goes in line with tip number 6. Please do not do your internet surfing or day-to-day work on your Linux system as root. Take a brief moment in time and create a secondary login. If you ever need to get superuser powers just use the su command instead of habitually using root, which opens a potentially large hole for fouling up your nice and stable Linux system.

Number 2.

You should enable and use your Linux firewall. The good part is that your Linux flavor is entirely likely to come with a preconfigured firewall that is sufficient. Please be sure this is enabled when you surf the internet. Most Linux flavors come with a very robust and capable firewall preinstalled, but configuring this may be simplified with some of the graphical firewall interfaces including: Firestarter and Guarddog. The key point about your firewall is that you should enable and use it!

Number 1.

Finally, the number one tip for protecting your system from worms, viruses, spyware and malware is to use Linux. You end up avoiding a good volume of issues regarding security and often enjoy better home PC performance to boot!



If you enjoyed this brief listing and want more details regarding each point, you may benefit from listening to the interview on The GNU/Linux User Show. You can also use this quick link page to get to your flavor's security patch and updates page.

For a good review of how Linux is an improvement over other operating systems you may also enjoy this HUMOR article: Granny Picks Linux Over Windows...



Linux is a registered trademark of Linus Torvalds. Windows, Microsoft, WindowsXP are trademarks or registered trademarks of Microsoft Corporation both in the United States and Internationally. All other trademarks or registered trademarks in this article belong to their respective owners.