[Ham-Computers] Internet Security for Ubuntu Linux

jeff jeffv at op.net
Thu Apr 16 14:10:36 EDT 2009 

Jim Hill wrote:
> I'm thinking of installing Ubuntu Linux on an old computer for 
> on-line banking, etc. 

Before you go any further, you might want to verify which browser(s) are 
supported by the banks, etc.  A lot of the Online Idiots *require* 
Internet Explorer.  You can install it in linux (ies4linux) but only up 
to IE6 or a beta of IE7.

Since IE and Windows have more holes than swiss cheese, I try to avoid 
both, especially in sensitive situations.

Btw, most linuxes these days can be booted from the cd and loaded into 
ram without disturbing the existing operating system.  It's great for 
trying things out.  It will also show you what the OS will discover or 
not in terms of your hardware (very little to worry about, esp on an old 
computer).  You can also try running things in virtual machines (go to 
vmware.com and download the free vmplayer).


> What security measures should be taken?  

As was pointed out, as soon as you use online transactions, you're 
inserting holes in the security of the transaction.  If you're ok with 
that, use common sense, make sure the OS and programs are patched, and 
research a bit on security and what exactly is required to complete the 
transaction.

The safest way to generically browse is using a browser like Firefox or 
Opera (much faster) with cookies and javascript turned off and no Flash. 
  That said, most people won't do this, due to ignorance and/or the 
desire for the `prettiest' view they can get, with blinky lights and 
animated graphics and all the other nonsense people feel they need for 
their `web experience'.  Flash has no place in financial transactions. 
It is not safe or secure.

Financial transactions are different.  Make sure you're using a SECURE 
connection.  The url will start with https: and you'll see some sort of 
lock or indication of the secure connection, depending on browser.  The 
moment you have to enter any identifiable info, you had better be on an 
https: connection or you're already screwed.  This can also be spoofed 
but you can generally determine whether the site's security certificate 
is valid or not.

Transactions will more than likely require cookies and javascript.  You 
can generally set the browser to use them on a per-site basis.  Go with 
`originating site only' cookies whenever possible.  Also have the 
browser delete them completely when you exit.  This is how you are 
tracked, whether for a transaction or for advertising.  If you set the 
browser to purge everything when you close it, it's much more difficult 
to track or market to you (by the same token, a site can't `remember' 
you for automatic login).  NEVER use auto login or remember password. 
If your browser auto logs into a site, that means anyone sitting at the 
computer has access to your sites.  Do you want anyone who sits at your 
computer logging into your online banking site as you?

Always use a good firewall (these suggestions apply regardless of OS).

Further anonymity can be had by using a proxy.  If you use Firefox, 
install the Tor plugin (and READ the instructions for Gotchas).  Also 
look up Privoxy.  A proxy is another layer between your computer and its 
destination.



> I'm 
> using a router, and a quick search indicated a software firewall 
> should be used.

Ubuntu is pretty safe but there is a firewall that comes with it or you 
can install any other you choose.


As for Windows, when I have to use it, I use the following:

XP
Comodo Pro Firewall (free)
Antivir antivirus (free)
Spybot Search&Destroy --> Tea Timer active
Firefox with NoScript, cookie manager (default=off), Flash not installed 
or Flashblock
CCleaner - cleans out garbage, cookies, internet temp files

If I have no choice but to use Internet Explorer I go no higher than IE6 
with the security jacked up through the roof, even for trusted sites. 
If I need to back it down, the site I'm trying to use will indicate it 
(usually by not working correctly).


Before you start calling me a nutjob, whenever I virus or spyware scan 
my Windows pc, I don't come up with anything except the defaults.  Safe 
surfing works - period.

Good luck with linux.  It's much more secure out of the box - but 
there's always PEBKAC  (problem exists between keyboard and chair).



-- 
ThermionicEmissions  -  the blog
http://www.lockergnome.com/leftystrat

More information about the Ham-Computers mailing list