Thanks for the info. I don’t know what half of these things mean, but I will take a look. As for the problems I’m trying to solve - I just want to make sure that my system is secure, since I have some data on it that I would like to keep private and also for privacy-critical things like online banking
Linux-specific malware is not unknown: Linux malware - Wikipedia
It’s not true that (as some people say) you’ll only ever see Windows malware on Linux. Programs such as chkrootkit and rkhunter are full of signatures of Linux-specific malware.
And now Linux desktop users are using the same browsers etc as the Windows people are, so threats there are more likely to exist on Linux too. Same with PDF docs and Office macroes. And with cross-platform apps such as those running on Electron or Docker, and Python apps. And libraries (such as the SSL library) used on many/all platforms.
Add to that the growth of the Linux desktop population, and use of Linux in servers and IoT devices, and Linux exploits and malware become more valuable. Expect to see more of them. Practices that have been sufficient for decades may be sufficient no longer.
Some indications of how things are changing:
https://threatpost.com/mac-linux-attack-finspy/159607/
https://www.bluefintech.com/2019/06/22/new-malware-designed-to-go-after-linux-systems/
And of course Linux users are vulnerable to the same platform-independent threats as other users: phishing, business email compromise, social engineering, SIM-swapping, typo-squatting.
You will rarely find any malware software on Linux (can tell from experience)
How do you know if you don’t run AV ?
I ran Sophos AV manually (until they dropped free edition for Linux). A couple of years ago, it found that poisoned node.js library (EventStream ?) on my system.
you’re just adding another party who can gather data about you
I’m shifting traffic visibility from my ISP (who knows a lot about me, and I don’t trust) to a VPN (which knows little about me, and I don’t trust). That’s compartmentalization.
with no real benefit in most cases.
Hides my home IP address from destination web sites, mixes my traffic with that of tens of thousands of other users, lets me change geo-location, adds another jurisdiction or two in the way of anyone who wants to DMCA or sue me. And my main VPN also includes an ad-blocker.
My guess is that the free tier is just a way to onboard users, so that they can convert them over to the paid tiers. I’ve been using free tier so far, and the connection speed is not great, so I’m considering upgrading.
In my country, ISP provider are under more rules of confidentiality and data security than VPN. VPN in other countries can do anything their want with you internet traffic, according to their country. There is no guaranty that your VPN will not sell you data or use it for other purpose, while in my country ISP can’t do that. Not having your “real” IP (nobody shows his real IP anyway) doesn’t prevent your data to appear.
Then throw your current plans in the bin and start again.
-
read some of the hardening guides available on the internet
-
Identify what software is running your machine and disable the stuff you don’t need
-
ensure automatic updates are configured and working
-
get a good password manager (I suggest password safe or keepassxc)
-
Configure encryption on your partitions containing /tmp and /home
Thanks for the links! I too feel that the viewpoint “you don’t need an antivirus/malware if you use Linux” is a bit unwarranted. Any software can have undiscovered vulnerabilities and, as you said, it’s not like there’s no incentives in play.
Linux malware
The following is a partial list of known Linux malware. However, few if any are in the wild, and most have been rendered obsolete by Linux updates or were never a threat. Known malware is not the only or even the most important threat: new malware or attacks directed to specific sites can use vulnerabilities previously unknown to the community or unused by malware.
^([ )^(F.A.Q)^( | )^(Opt Out)^( | )^(Opt Out Of Subreddit)^( | )^(GitHub)^( ] Downvote to remove | v1.5)
(idk what an av is so i assume it means antivirus)
I know because most of the software I use on Linux was recommended by members of moderated forums, and it’s also (free and) open-source software. It’s a trust thing, really.
Just check the sources, check trusted forums like your Linux distro’s subreddit or a general Linux forum, investigate a bit, see if you can trust the software you want or not. If you take care, it will be fine.
Also, if it’s in the official software repository of your distro, it means the repo maintainers have checked the software for malware, and didn’t find any. Or, that’s for the “big” distros like Debian based, Ubuntu based, Arch based, Gentoo based, then the big RPM distros as well like RHEL, Fedora, CentOS Stream and I think SUSE.
(edit) I also know it wasn’t malware because my machine’s still fine and I didn’t notice anything out of place.
I’m shifting traffic visibility from my ISP (who knows a lot about me, and I don’t trust) to a VPN (which knows little about me, and I don’t trust). That’s compartmentalization.
Personally I’d rather trust my ISP than a VPN company that’s obviously in the business of harvesting my data. Though I suppose with particularly shitty ISPs it does make sense.
Hides my home IP address from destination web sites, mixes my traffic with that of tens of thousands of other users, lets me change geo-location, adds another jurisdiction or two in the way of anyone who wants to DMCA or sue me.
Yeah that’s all included in the video I linked.
VPNs do have some privacy/anonymity benefits, but security-wise (which is the topic of this post) they don’t do much, since the majority of traffic is already encrypted, and even if it’s not, you can’t be sure that your VPN provider isn’t snooping on your unencrypted connections.
And my main VPN also includes an ad-blocker.
That seems useful. I just use DNS adblocking (with my own resolver, so my queries aren’t sent to my ISP, Google or Cloudflare), but if it’s possible to selfhost a VPN to filter connections I’ll definitely try it out.
If you knew the required amount of maintenance & runtime bills for a VPN service you would drop your jaw. u/2cats2hats is right, if you do not pay, then you are being farmed.
VPNs encrypt and route your traffic through the VPN servers instead of your ISP servers, so your ISP can’t see what you’re doing but the VPN providers can. If a VPN looks sketchy, stay tf away from it.
The ISP, however, can see that you’re using it, they just don’t know what for.
Or that’s my understanding correct me if I’m wrong.
In my country (USA) we have many examples of ISPs selling your data or injecting ads or maintaining super-cookies.
And both your ISP and my ISP know far more about us than our VPNs do. Malice or a breach by the ISP can do a lot more damage than malice or a breach by the VPN.
It’s a trust thing, really.
I’d rather have defense in depth.
it means the repo maintainers have checked the software for malware
Nah, a new release of Firefox comes out, 30 million lines of code, of which 10K have changed since last release. No one’s going to check that. The maintainer is going to make any distro-specific tweaks, get it to build, check that it seems to run okay, and put it in the repo.
a VPN company that’s obviously in the business of harvesting my data
I pay for my VPN(s). They’re fairly small companies so I doubt they have big “harvesting” contracts with Facebook or whoever. A large ISP would be a much more attractive data source. And as I said, you can give fake ID data when you sign up for VPN, they’re used to that from customers, all they care is that payment works.
I see. In that case would you recommend I switch to their paid tier then, or just move away from ProtonVPN in general? If the latter, is there a VPN service that you would recommend instead?
I read some reviews about ProtonVPN. One, on Security dot org, claims that ProtonVPN has a no logging policy and annual transparency reports to back this up. However, PCMag says that they would like to see an infrastructure security audit to confirm this no logging policy. I am not very technical in this respect, so I don’t really know what is the security standard here.
Yea, this is more or less my understanding. I think with a VPN your traffic still passes through your ISP. It’s just encrypted when it does so. That way, a VPN can protect you from a snooping ISP, a compromised router, or other compromised hardware on the path to its destination. So, in the end, it’s a question of whether you trust your VPN provider more than your ISP.
Not to mention the five eyes alliance which throws a big monkey wrench into the idea of an honest vpn. It takes some real research to find a vpn that won t stab you in the back it they are cornered by big govt.
Oh yeah I was gonna mention that, some apps are tweaked accordingly to the distro like Firefox you said.