4

So on my Windows 7 install, I've got multiple free malware/virus scanners and a firewall up. But I've heard that Ubuntu (or Linux in general) is much more secure by default.

So what additional security measures should I take, other than the obvious precautionary measures (aka avoiding shady PPAs)? Should I install a lightweight firewall or something of the sort? Or is the security I get with Ubuntu out-of-box going to be enough for daily web-browsing? I'd rather not have to install too much software, I'd like to keep this PC running as fast and light-weight as possible.

Also, if I should have the misfortune of getting my Linux install completely messed up (say, I install a malicious software package), is there any way I can prevent this digital fire from spreading to my Windows partition?

In general, I'm just trying to find out whether or not I can just jump into cyberspace with nothing but common sense and Linux's built-in protections to safeguard me.

Alex
  • 1,478
  • 6
  • 16
  • 28
  • While slightly off topic, the answers to this questions could be of help to help you deter unwanted web traffic such as phishing, malware, ad-pop ups etc http://askubuntu.com/questions/158572/what-is-the-best-way-to-restrict-access-to-adult-content-on-ubuntu/159896#159896. OpenDNS and the solutions shown here in this question and answer will protect all your devices, Ubuntu, Windows, smartphones with the same level of integrity – stephenmyall Jul 13 '12 at 08:20
  • Linked question: http://askubuntu.com/questions/30032 – fossfreedom Jul 13 '12 at 08:46

2 Answers2

4

Note : Not intended as Answer , just specifying some useful links.

do I need a firewall, anti-virus, anti-spyware tools?

Creating a Firewall for Your Ubuntu Desktop

Basic iptables how-to

Ubuntu Basic Security Community guide

Do i need firewall in Ubuntu.

atenz
  • 12,772
3

Should I install a lightweight firewall or something of the sort? Or is the security I get with Ubuntu out-of-box going to be enough for daily web-browsing?

  • If you are usually connected to networks behind their own firewall (college wi-fi, coffee-shops, home wi-fi/routers, etc.), that's sufficient. If you directly plug into a cable modem/DSL router, or somehow your college hands out unfiltered public IPs (very rare), you should just use the built-in ufw (Ubuntu's firewall), and set a default policy blocking all inbound connections.

Also, if I should have the misfortune of getting my Linux install completely messed up (say, I install a malicious software package), is there any way I can prevent this digital fire from spreading to my Windows partition?

  • Well, malicious packages for Linux are rare; your Windows partition (and data in general) is much more susceptible to plain human error ;)
  • If you want to be very cautious, and you dual-boot, you can create a 5-10GB FAT32 partition or so for sharing between Win and Lin, and mount your Windows partition read-only in Linux.
    • Wubi is riskier than dual-boot because it must, by definition, have read/write access to your Windows partition
  • If you are using a virtual machine, well, you're completely isolated -- just make sure you choose the shared folders carefully, and make any that contain important data read-only to prevent any errors in the Ubuntu VM from affecting them.
ish
  • 139,926
  • You're right, my router's firewall should protect me well enough, and I'll mount the Windows partition as read-only just for extra protection. I might also look into configuring gufw to only accept the common ports I use.

    Still, in the end, I guess I really don't need to worry much about virus/malware protection in Linux until people bother writing malicious software for Linux.

     – Alex Jul 14 '12 at 17:38