Excellent advice in this link for securing a home computer running Linux: BasicSecurity - Ubuntu Wiki
Here is a part of what is offered there: Linux Vulnerabilities
The majority of new users are coming from Windows environments, where security focuses mostly on anti-virus software. To understand security on Ubuntu, you must shift your thinking from this point of view. In the following bullets, we're going to analyze what threats actually effect you as a Ubuntu user.
- Myth: If I install an anti-virus program I'll be fine.
- Reality: At the time of writing, there are no known viruses on the big bad web designed to target Linux. A few targeting Windows can execute in a manner that could allow compromise of a Linux system via an interpreter layer like Wine. Very few people recommend existing anti-virus software for Linux machines, in part because there are few decent free anti-malware solutions available. Enterprise class solutions are good, but the consumer-grade products aren't on par with their Windows counterparts enough to warrant their use. Moreover, if you focus entirely on viruses then you are ignoring the vast majority of real threats to your Ubuntu machine.
- Myth: Security through obscurity keeps me safe.
- Reality: It's a favoured argument from Linux supporters, but Linux/Ubuntu is not that obscure to “crackers”. They may be obscure to you or your friends, however, there are many who know how to exploit Linux vulnerabilities just as easy as Windows, Mac OSX, Solaris, AIX, or any other operating system's vulnerabilities. The best defence is knowledge and preparation. Relying on an “obscure” operating system to hide behind is NOT a good strategy.
- Myth: I can browse however I want to because malware on the web is mostly designed for Windows.
- Reality: While the majority of malware does target Windows, this statement overlooks the fact that an entire spectrum of web based attack vectors exist that work on any operating system. Cross Site Scripting, Cross Site Request Forgery, Click-Jacking, Session Riding, and many other methods can be used to exploit weaknesses in a relationship of trust between you and a website, or a website and you, regardless of your operating system. For things like this we have browser add-ons which will be discussed in the browser security section.
- Myth: I don't need to use fancy browser add-ons when using public access wifi because I use Ubuntu.
- Reality: An absurd statement. Most attacks carried out on public wifi include several varieties of man in the middle attacks. If you want to utilize public wifi, it is highly discouraged to do anything more than trivial in nature with it unless you are an advanced user and you know how to set up a virtual private network (VPN), a VPN via Secure Shell (SSH), or use Secure Sockets Layer (SSL) in conjunction with SSLstrip.
- Myth: I don't need a firewall because Ubuntu has no open ports by default.
- Reality: This is a matter of risk tolerance. Added protection, particularly that which takes only a few minutes to set up, is always worth it. Firewalls are discussed in more depth later in this document.
- Myth: Windows malware can not compromise Ubuntu.
- Reality: Ubuntu CAN be compromised by Windows malware if you're using Wine. This is not to say that Windows malware can infect a Linux system directly, however it CAN, if targeted properly, utilize the Wine interpreter to send system calls to the Linux kernel. This is a very rare case, and it is highly unlikely that it would occur as it would be a very targeted attack. But for completeness sake we should mention that it CAN happen.
- Myth: Ubuntu is harder to exploit than Windows, Mac OSX, whatever else - and it's targeted less than those other operating systems as well.
- Reality: The process of discovering a vulnerability and exploiting it is pretty much the same across the board, regardless of operating system.
These are just some common myths associated with Ubuntu and security. This list is not comprehensive, but it covers the largest misconceptions held by new users. This does not mean that Ubuntu is inherently insecure, or is less secure than previous versions, or is more/less secure than any other operating system. It is just an effort to dispel common myths and get the reader (you) thinking in a positive direction toward improving their system's security posture. If you follow the steps in this Wiki, you will have a decent defense built to protect your machine from viruses as well as the other more pressing threats out there.
And of course, we'd be remiss not to mention social engineering. What information you're putting into public view? Do you know who you're giving valuable information to? Social engineering
is important to understand but beyond the scope of this Wiki.A bit more:Make Your Browser More Secure
The majority of threats to your machine come from your browser, even when you use common sense. You have absolutely no control over vulnerabilities on someone else's web page as an end user, so it's important to defend yourself against any malicious activity originating from a compromised web page. If you are interested in learning how browser exploits happen, you can read this summary of the top ten vulnerabilities
in a poorly designed web page.
Secure your browser. We will discuss Firefox because that's the browser packaged in Ubuntu. However, other browsers have similar features. We recommend that you use the following services. As mentioned before, these measures may inhibit functionality until you manually configure them. Again you must weigh the need for security against the need for functionality as it relates to your personal situation. Preferences
Find Preferences in the menu bar of Firefox. Under the privacy tab you can tell web sites you don't want to be tracked and you can choose to never remember history. You can choose to whitelist sites for specific needs using exceptions, allow for session at most; clear history when closing the browser. Choose "never remember history" so that if someone hijacks your browser section, they won't find any valuable stored data. Don't use "hardware acceleration". NoScript
If you unknowingly visit a compromised website, this will prevent scripts (i.e. programs) from running on your system. It can be a tricky tool to use at first glance as it blocks all scripts from running at first. If you spend a little time getting familiar with NoScript
, you will find it easier to use. As a user, you tell NoScript
what sites to partially or fully trust. Don't "allow all scripts globally" under any circumstances! Here
is an excellent explanation why we recommend NoScript
is notoriously daunting to the new user. A helpful guide to configure NoScript
is included on a separate page, https://wiki.ubuntu.com/BasicSecurity/NoScript
You can tell by the name that it (surprise!) blocks annoying ads, but it can also block those ads from collecting personal information about you. Adblock Plus
provides a default list of blocked ads. Additionally, you can block any individual ads or scripts that show up by adding them manually.The material on this wiki is available under a free license, see Copyright / License for details.