I’m asked this all the time: is using Linux on the desktop more secure than Windows?
Considering that security suites aren’t commonly used with Linux on the desktop, this is a legitimate question and worthy of being answered in depth. In this article, I’ll look at how malware affects the Linux community, what vulnerabilities often get ignored and what you should do about it.
With the revelation that some in the Windows security industry feel that the concept of the antivirus is dead, it’s reasonable to ask -- how does this affect Linux?
Antivirus for LinuxBelieve it or not, there are antivirus programs available for various Linux desktop distributions, such as Ubuntu among others. What most people may not realize is that these programs are merely for scanning and containing Windows threats, usually on Windows partitions. This isn’t to say that viruses don’t existing for Linux, rather software designed to combat viruses isn’t built to protect Linux installs in this way.
This brings up the next question -- do you need an antivirus program for your Linux installation? The short answer is no, unless you’re looking to protect Windows directories.
The key is that Linux isn’t susceptible to the same types of threats found pounding away on Windows. No, I’d say that at this point there isn’t a need for a Windows-like security suite for desktop Linux. There is however, a need for making sure certain security considerations are attended to.
Keeping things updatedWhile an antivirus might not be a requirement on your Linux distro, keeping it up to date is critical. Not only does updating your distribution keep things running securely, it can also protect against potential vulnerabilities yet to be discovered, by keeping the path to patches flowing freely.
At the end of the day, the single most important thing you can do to keep your Linux installation secure is to update frequently and to make sure you don’t put things off in this department.
Phishing and hackingPerhaps the biggest threat to understand with Linux isn't malware, but rather falling victim to having your account hacked. In recent years some web services have taken precautions to try and better protect user accounts, but despite these precautions, anything is possible.
Phishing attacks are most common among less experienced computer users. Still, using strong passwords and, going a step further, a good password manager can go a long way to protecting your important data.
Unfortunately a good password isn't going to protect you against a phishing attack, since you're volunteering to login from a fake website or otherwise giving up login details. This can happen on any operating system, even the most secure Linux distribution. Because this happens due to the end user choosing to give up their details, the only way to be sure to avoid a phishing scheme is to manually type in the address.
Email or social media links prompting for a login should be avoided if at all possible. Unless you're typing in the destination address, all hyperlinks should be considered potentially suspicious. A good rule of thumb: SSL first, or as a fall back try to stick to logging in from trusted networks only.
Another thing to remember is to make sure, when you're logging into a site, that it's SSL ready. While using https isn't always foolproofthanks to various security concerns, it's still safer than the alternative. Using a non SSL protected website is begging for trouble.
If logging into a site with SSL isn't possible, at the very least make sure you're logging into the target site from a trusted network, such as your home.
Disable unnecessary servicesAnother important consideration is to disable unused services. Not only do these services tie up system resources, but they can also create new targets from which malicious users can attack.
Bluetooth is one such example. All too often, Bluetooth is left on and in discoverable mode...which can lead to a potential attack should someone in your vicinity has hacking skills.
A much more commonly attacked service is SSH. Despite SSH being used as a means of securely connecting to remote machines, it is often a target of dictionary attacks run by those using port scans to look for easy targets.
What's really frightening is that some people use weak passwords to secure their SSH servers and as a result, these machines are easily broken into by random port scan users. In some instances, SSH was only used legitimately once, then promptly forgotten about. As a result, the SSH service is left running and the vulnerability of this service running rears its ugly head as the attacker easily compromises the target machine due to poor security practices. While there are ways of hardening SSH, running it when it's not being used is just using poor judgment.
Blocking ports with a firewallLinux has benefited from a great firewall feature called IPTables. Using this tool, you can keep port sniffers from trampling through your computer and also make sure you're in full control of what accesses the Internet from your computer as well. Distributions such as Ubuntu have gone even further to make using this tool simpler.
With Ubuntu's uncomplicated firewall, using terms like allow or deny translate into an easy to follow method for blocking unwanted port access.
The biggest benefit in having a firewall on the Linux desktop comes down to controlling the data flowing back and forth. If there is random data flowing in and out of an insecure port, then it's reassuring to have the ability to easily block it. While it might not be an immediate threat, in the future, that same port could be used maliciously. So port control is a nice feature indeed.
Nothing is truly secureAs we've learned during the well documented Heartbleed incident, nothing that executes code is ever going to be 100% secure. Claiming otherwise is misleading and inherently false. To the casual end user, the only difference with regard to security is that installable malware isn't an issue. Phishing, hacking exploits, and issues of a compromised network are still things to remain vigilant about.
To further summarize and offer actionable tips to keep your Linux box secure, remember the following:
- Don't execute random code. If you don't know what it does, don't run it.
- Be wary of untrusted, non-distro official software repositories. It may be safe, but you should always be aware you're using these user repositories at your own peril.
- Use strong passwords and a password manager. If your password is a word from the dictionary, you're playing with fire.
- Don't run a web server on your home machine. Unless you know exactly what you're doing.
- Don't run unnecessary services on your computer. If you're not needing a mailserver with open ports on your home computer, disable and uninstall it. Same applies for other similar applications running on their own ports.
- Use a good firewall. While you may have a great router in place, I recommend following this guide to using a firewall on Linux and stay safe.