Security Software Recommended?

8 respostas [Última entrada]
Hein

I am a member!

Desconectado
Joined: 07/30/2022

Hi Trisquel/Triskel users!

Does anyone know whether it is recommended to use additional security software with Trisquel/Triskel?
If so, which one should I use and is it free/libre?

Cheers,
Hein

iShareFreedom
Desconectado
Joined: 12/20/2021

LibreJS and JShelter active permanently in your Abrowser, running Tor as a proxy, can be good defense. Have too them two addons in Icedove too.

Hein

I am a member!

Desconectado
Joined: 07/30/2022

Cool thank you! So there is no security software recommended for the system itself? (Sorry if this question sounds like it's coming from a long time (ex-)windows user but it is haha)

iShareFreedom
Desconectado
Joined: 12/20/2021

No, isnt needed remmeber install and use only free software. Trisquel dont distribute malware or nonfree software, so you are safe using it.

Hein

I am a member!

Desconectado
Joined: 07/30/2022

Ok, I see. And what about files I bring over from another computer? Is there any danger there?

iShareFreedom
Desconectado
Joined: 12/20/2021

Depend of the file, but normaly not, for example a image, PDF, odt, etc. No problem with them. But if you know that file is part of a nonfree portable program, of if you go to keep a file executable who can take the control of your computing, be careful, and if you cant know it, I recommend delete it. Anyway be careful, but with normal files dont worry, dont forget you can do all your computing with free as in freedom software!

WizardHemp
Desconectado
Joined: 11/28/2021

PDFs can actually be malicious. Postscript is a turing complete programming language and if there is an error in your PDF viewing program then it can escape its sandbox and do harm. There is a free program called dangerzone https://github.com/freedomofpress/dangerzone that can turn the PDFs into non malicious ones but it is not in the repos. It says it uses docker containers to do this which may not be good because docker containers have a tendency to include nonfree software automatically (It is possible to make docker containers that use only free software).

andyprough
Desconectado
Joined: 02/12/2015

Firejail is a good security program that will sandbox your applications so that they cannot make malevolent changes to your system.

I think that to install it on Trisquel you would do:

sudo apt install firejail firejail-profiles

Then to use it, you would start your programs with the preceding command 'firejail'. For example,
firejail abrowser
should open an instance of abrowser that runs pretty normally, but that is in a sandbox and is restricted from accessing or changing certain of the user's own files and system files.

Geshmy
Desconectado
Joined: 04/23/2015

I think it's worth trying to learn how to be aware and prepared as the threats are ever evolving.

There is a virus detection program, Clam. You set up freshclam to get daily or even hourly virus signature updates and clamscan to activate a scan. There is a gui version clamtk. Some say it is only looking for Windows viruses and there is a Windows version called ClamWin but actually they are looking for viruses that affect other OSes as well. It's available in our repository. You could use it to scan the files you want to bring over from another system.

clamscan -r -i your_folder

You can use rkhunter if you are concerned about rootkits and such. It always gives some warnings that require research. Lots of 'suspicious' files, processes using deleted files and shared memory segments that are considered too large. Another common warning is about common commands that have been replaced with scripts.

If you want to go really deep (at least in my book) you can set up tripwire. Basically you create a snapshot of a newly installed system and it will monitor changes that occur and warn you. It's really quite involved to setup though. A lot of steps.

Check out StevenBlack's host file:
https://github.com/StevenBlack/hosts
currently over 100,000 domains known to serve up advertising and malware. If you use it as your new /etc/hosts file it will prevent your browser ever contacting those domains.

If you like to worry about security, I recently started perusing this web site:
https://threatpost.com/
Here's a good one: https://www.intezer.com/blog/research/new-linux-threat-symbiote/

There are lots of good reads about how to harden a GNU/Linux system.