Top 10 Ways to Protect Your System

Number 10.

Visit a local computer software store, drift through the aisles filled with internet security and spyware protection products and simply walk on past them. You don't need to spend $49 to protect a home Linux system. Even if you are seriously concerned, there are plenty of Free Open Source solutions available to you that I list later.

Number 9.

Get online and download or order a large set of Knoppix Live Boot CDs and share them freely with your Windows using friends.

This is especially important if you know of a Windows user who recently purchased a DSL or Cable Modem connection and asks you earnestly, "what's spyware?" Save them, for the love of humankind! Get them using Linux before their system is infested with a dozen spywares consuming their bandwidth and system resources. In fact, these handy "live-cd" releases are good for many things including Emergency Booting a Windows PC! One of my friends foolishly ignored this advice and within 60 seconds of connecting his WindowsXP system on my DSL line had a slew of spyware rooted on his hard drive. Ironically, I had been using the same DSL for six months with a basic SuSe 9.3 release and zero issues crept up. Yes, he took a Knoppix CD home with him that night!

Number 8.

Get familiar with the world of OpenSource on sites like Freshmeat.net and see just how much is available to you regarding every aspect of Open Source software. I'm not just talking about security utilities. I'm also referring to the exceptional power of programs like: Firefox web browser, OpenOffice.org 2.0, Apache projects, and MySQL 5.0, among over 105,000 others.


I've been considering printing the full list out in 4 point font and carrying it in my notebook case for that not uncommon moment when someone asks me "is there much software available?" I can just whip out the 100,000+ listing and hand it to them.

Number 7.

Take the time to download and install a patch if a critical update is announced. How frequently do such advisories occur? For the most part only a few times a year at most (obviously, this depends on your applications as much as your Linux flavor/kernel). The important thing is to realize that home Linux use does not require you to patch every time an announcement is made. Just keep your ears out for critical security related patches, if they come.

In the Windows world there is a tendency towards hyper patching. As a result, some of my technically savvy Windows friends switch over to Linux and start patching their systems on an almost daily routine. Then they come to me, panting and sweaty saying, "Oh man, so many patches!" Ironically, even as Microsoft pointed the blame at RedHat for releasing far more patches, they failed to also point out almost none of the RedHat patches were critical security updates. Patch when critical updates come, otherwise relax and enjoy your stable, quality home Linux PC.

Number 6.

Never run executable programs as root. If you login as root and find odd programs you don't recognize, please take the time to move them to a user space. Never run such programs using the ultra powerful root... unless you're particularly bored one day or partial to self-flagellation that is.

Number 5.

This takes me to the next point (about Linux not flagellation). There are multitudes of websites out there offering "free" software and downloads. Please avoid Trojans and other problems by downloading your software from reliable sites. Most websites will provide MD5 checksums and verified downloads protecting you from issues. Stick to known and reliable websites. Hey, not all the points are funny okay!

Number 4.

Lots of people forget that even though your Linux system may be far less vulnerable to viruses and malware, your Windows systems on the same home network remain vulnerable. One major vulnerability of Windows systems on a Linux network is that the Linux machine inadvertently passes along viruses or malware that did not affect it. You can cover this weakpoint by downloading and using Linux based antivirus software. Although it is unlikely your AV software will protect your Linux box from anything malicious, it is highly likely it will keep things away from your Windows systems. Ironic but quite true. You can download a few AV Linux software from:here, or here, or here. You can also find several commercial anti-virus, anti-spam, and anti-malware options.

Number 3.

Yep, this goes in line with tip number 6. Please do not do your internet surfing or day-to-day work on your Linux system as root. Take a brief moment in time and create a secondary login. If you ever need to get superuser powers just use the su command instead of habitually using root, which opens a potentially large hole for fouling up your nice and stable Linux system.

Number 2.

You should enable and use your Linux firewall. The good part is that your Linux flavor is entirely likely to come with a preconfigured firewall that is sufficient. Please be sure this is enabled when you surf the internet. Most Linux flavors come with a very robust and capable firewall preinstalled, but configuring this may be simplified with some of the graphical firewall interfaces including: Firestarter and Guarddog. The key point about your firewall is that you should enable and use it!

Number 1.

Finally, the number one tip for protecting your system from worms, viruses, spyware and malware is to use Linux. You end up avoiding a good volume of issues regarding security and often enjoy better home PC performance to boot!

A tad oversimplified, and maybe just a little overconfident. But hey, hackers love that attitude.

These steps are fine for a server - keep the applications that are installed patched and out of the root userspace, and configure the built in firewall, then you are good to go. However, on a workstation these steps are inadequate at least. Even servers that are dealing with a high level of untrustable content (such as an FTP, SMTP or Peer-to-peer server or even chat server) should take additional precautions.

The first step is to install a strong antivirus application. Although there are less known viruses that affect Linux in circulation, there are more known Linux viruses in existance - most hackers got their start on Linux systems. And as viruses become more adaptable and the operating system landscape more varied, there will be more potential for cross-platform infections. There is already malware in circulation that specifically targets Linux systems for use in botnets, and the last line of defense is anti-virus software.

The next step is to install a strong two-way firewall. On a production workstation, the firewall built into Linux is insufficient. Although the firewall will prevent incoming connections, it does nothing to monitor outgoing traffic. This is an important step in detecting and preventing backdoor attacks.

Next, it is essential to make sure that only software and services that you will actually be using have been installed on the system. This requires going through the services list on Linux and removing anything you will not be using. Most Linux installers have gotten better at not installing extraneous packages. However, some installers still install Apache on workstations, or FTP servers on home PCs. If you won't be using it, it shouldn't be on your computer.

Finally, make sure you have enabled the automatic patch system that is part of your Linux distro. This utility will run in the background and alert you to important patches for your operating system and much of your software. These patches range from security updates to performance and stability fixes. Expect to be applying patches 1-2 times a month. With the background updater, many patches may be applied without you needing to take any action at all. Be aware, however, that the background patch utility may not handle all of the applications on your system. You may need to manually update other programs.

__________________
The best way to learn anything, is to question everything.