I’ve recently decided to up my security game on my Linux machine, and I’m interested in what people are using. After a bunch of research, I’ve settled on ProtonVPN, which is free and has stellar reviews on PCMag. However, I’ve had some difficulty finding decent anti-virus and firewall options. I’m currently leaning towards BitDefender GravityZone Business, but it’s quite pricey. I’ve considered free alternatives like ClamAV, but I’m looking for something a bit more comprehensive. I’d be curious what other people use before I pull the trigger on buying something. Thanks!
edit: Thanks everyone for the replies! I still have a lot to review based on your replies, but I’ve concluded that my first step will be getting firewall set up and configured. I will share additional (if any) steps I take with regards to VPN or antimalware / AV as I take them.
For VPN providers I can not really tell you which one to use but I would never use a free vpn service.
For antivirus you really do not need one. Install packages from the official repository of your distribution.
Hardening your security is not hard with Linux. Start applying more conservative permissions to the files and executable binaries. Start using cgroups for process isolation, do not run pre compiled binaries from none trusted sources. Use sudo only for system tasks like maintenance, access a file that requires elevated permissions.
My advice is be security concision and you will be fine.
If this is for personal use then av is not a great use of time. Making sure apparmor and selinux are is a good start. For the firewall use the built gui helper for your distro and disable all in bound traffic. Opensnitch is a a cool tool to look at but it will be noisy at first since it will ask you if you are ok with each connection.
VPN - for privacy, proton or Mozilla VPN are great options. They can help to sort of annonymize your internet usage.
Firewall - On device, UFW is a simple and effective solution. If you’re on Fedora, the built in firewall is pretty nice. As others have pointed out start with most inbound blocked and open only if you really need it. Even locally, it can help protect from other compromised devices.
On the network, I am using a unifi system for both firewall and traffic monitoring. I.e. if you don’t need tor, that should always be blocked.
AV - Clam AV and others are fine to run as periodic confirmation, but don’t catch things as frequently as you see on windows. To say there is no malware is nieve. Most severs on the internet are Linux, so it’s a major target. But they are targets for data efiltration and maybe ransomware. More likely you’ll deal with backdoors. This is where traffic analysis and firewalls help. If you run everything through a VPN on a certain port, you can strictly block all other ports
All these commercial VPNs completely miss the point of what a VPN was originally intended to do. You use it to connect to another network as if you were in it. For example, you can use it to bypass the mobile data detection of services like hulu. Or to play multiplayer games online that only support LAN. And through an encrypted tunnel.
Linux is not MS-Windows. You don’t go out and find more products to make it work. If you are concerned at all about security then you should always restrict yourself to software available via your package manager. If properly configured this will ensure that the software is up to date with patches - that is your BIGGEST SECURITY WIN.
I’ve settled on ProtonVPN
VPN is a very widely abused term. Unless you are looking for an anonimization service, then, in order to decide on a VPN implementation you need to establish what it is running on the nodes you want to connect to. OTOH if it is an anonmization service you want, then use TOR.
I’m currently leaning towards BitDefender GravityZone Business
Linux is not MS-Windows. Unless you are using this as a file server for MS-Windows machines, there’s little benefit in using Anti-virus. Start with a rootkit checker and an host-based IDS.
As far as firewalls are concerned, all the software I have seen on Linux is just a fancy front end to iptables/nftables. It can be tricky to maintain a complex ruleset - but the only reason you eed to do this is if your host is providing different services across several networks. You’ve not mentioned any other machines than your Linux host.
If you want help in making your system secure then describe the problems you are tring to solve - not the products you’ve chosen to solve them.
If you stick to the repos you don’t really need an antivirus. The security in Linux is all about not running malicious code in the first place, not mitigating it once it’s already on your system. Linux actually has worse security when it comes to internal threats than most other OSes, but I think it’s easily compensated by the fact that most software is FOSS and you get it for a curated repository instead of downloading executables from random websites. There is ClamAV, but it’s mostly meant to scan stuff that’s going to be accessed by Windows machines, like mail servers. If you’re really serious about security you should consider switching to OpenBSD, which prioritizes security over everything else.
A VPN isn’t always a good idea, because you’re just adding another party who can gather data about you, with no real benefit in most cases. This video is definitely worth a watch.
Firewalld (RedHat/fedora) / ufw (mostly ubuntu based) depending on what your distro ships, otherwise iptables is always the baseline.
(it doesn’t really matter how the rule is forced, as long as it blocks/allows by any rule)
ClamAV is the standard and will be usually used for e. x. mail server. Some non free options may be offered by known AV developer like TrendMicro. But if I remember correctly most if not all had major security problems, which were only non critical if you are running it on an offline Server… Usually you really don’t need any AV on linux.
For VPN MullvadVPN has some really good security decisions, everything can be done anonymously. You can generate an account and pay without any traces.
Btw: Mozilla VPN is based on mullvad, just with somehow less security.
VPN provides an encrypted tunnel from client to VPN server, so protects against security threats on that path: devices on the LAN, the router, the ISP. Yes, it is a security mechanism.
VPN is just giving your internet traffic to another provider
My ISP is the company that knows the most about me: my home address, my name, my phone number, etc. I gave (mostly) fake info to my VPN when I signed up. VPN companies are used to customers who want to remain anonymous, and cater to them. ISPs aren’t and don’t. I want to hide as much as possible from my ISP.
And VPN hides my home IP address from destination web sites, and mixes my traffic with that of tens of thousands of other users. So it’s not “just” shifting traffic route.