Peppermint princess

[PerranOak]

I've finally installed "a linux" on my old laptop - Peppermint.

This is the first time I've ever browsed the Internet without proprietary anti-virus protection.

What do people tend to do?

[RoGeorge]

Good for you, enjoy the ride!   

I think I don't understand the question.  Tend to do about what?  If you mean about antivirus, with Linux an antivirus is not mandatory, like it is with Windows.

I've never got into any virus problems in the last years, since I ditched Windows.  Though, back when I was using Windows, with all the antivirus programs, I used to have to reinstall every couple of years or so because of getting the OS trashed by viruses.  No problems since I moved away from Windows (used so far mostly Kubuntu or FreeBSD).

In Linux I am usually browsing with Firefox (I avoid Chrome), and with the 'uBlock Origin' extension installed, an add blocker for a cleaner Internet, not an antivirus.

[ataradov]

You don't need an anti-virus, but out of curiosity, did your old anti-virus actually trigger in any non false positive cases?

The only time you are subjecting yourself to something dangerous with Linux is when you download and run random binaries that are not in a repository or you have to add a third-party repository, as often happens with proprietary software.

[golden_labels]

Welcome to the penguin club!

Nowadays there is no difference, in terms of security, between Windows and Linux systems. Both platforms are equally good, if your threat model is a typical attack aimed at making your wallet thinner or using your resources. If you believe you are safe only because you are now mounting a penguin, I have bad news. You are on a path to a disaster and the only thing protecting you is sheer luck of Linux distros being less popular.

The reason Windows is doomed to be compromised without comprehensive and extensive AV software is not the operating system itself. The vulnerability is located between chair and keyboard. You remain the same user as you were on Windows — and you carry the risk with you no matter what OS you choose. Home Windows deployments are notoriously horribly maintained. Random, unautidable software is allowed to run and often reconfigure system. Acceptance of someone doing whatever they want in user’s system is widespread. Not understanding actions taken or following poor advice is everyday occurance. If you keep that attitude, choosing a different kernel is not going to save you.

Some practices present in Linux distros, like using package managers with declarative packages, being required to understand the system and low availability of software, provide minimal protection. But there is only so much it can do. Observing support channels of some distros is leaving no doubts: breaking stuff by doing the same mistakes that lead to trouble on Windows is common.

[james_s]

I've never used an antivirus package on Linux. I haven't used one on Windows for years either, I keep my browser up to date, use an ad blocker and script blocker and I don't visit sketchy websites. I haven't come across a virus or malware in many years. IMHO most antivirus packages are virtually useless and do little more than slow down your computer and give you a false sense of security.

[Lindley]

As you will find, most linux users do not use AV and often say using one can actually increase your risk, though do check your distro has the firewwall turned on by default.

Typical linux can be very easy to use for  browsing , email  and other popular basic tasks etc, but when it comes to more advanced programs you might find they do not have a linux version.

We have a very old laptop and upgraded it to W10 from W7 ok, might be a bit on the slow side but still does most of what we want.

[Nominal Animal]

One software I do tend to use, is fail2ban, on Linux machines with services open to internet; for example, if I have SSH server installed so that I can log in from anywhere else.  fail2ban basically monitors the service logs for suspicious failures, and based on configurable rules, bans IP addresses for a configurable time (by blocking them at the firewall).

I typically use 24 hour time limit, with three-strikes on SSH, on my laptop (since I have SSH server on it, so I can SSH into the laptop from other machines).  Sometimes the ban list is close to a hundred addresses, sometimes basically empty.  Mostly the attempts are automated script-based or botnet-type ones, using known usernames and passwords, and therefore occur in batches.

Of course, if you don't have any services open to the internet, just a basic workstation Linux installation, you don't need fail2ban either.

[golden_labels]

Though fail2ban should not be seen as a security measure if used for a SSH server. Similar to assigning an uncommon port number, it only limits noise in logs.⁽¹⁾ The reasoning behind using fail2ban for security is that it rises the cost of password guessing attacks,⁽²⁾ which it indeed does. But, if that is needed, there is already a serious flaw in the system: using passwords instead of certificates.

A firewall is a good idea even if you do not consciously start any network-facing services. While the situation is not as horrible as with the majority of Windows machines,⁽³⁾ you can’t exclude a possibility that some program you use will open a port without your knowledge. Or you may not notice doing that yourself.

⁽¹⁾ Making logs cleaner improves security, but the effect is indirect.
⁽²⁾ Where passwords are the iterated variable; it’s only minimally effective when targets are iterated.
⁽³⁾ Which is not a fault of Windows; it’s simply much more popular in the PC and laptop segment and more accessible.

[PerranOak]

Cheers all. I am a bit of a "princess" (hence the title) when it comes to anti-virus software and so on. Frankly, I do get a "warm fuzzy feeling" knowing that my security software is protecting me. 

My Peppermint (i686 for 32bit) installation doesn't come with a firewall. The thing I can't figure out about Linux is how or from where you download software like, for example, a firewall. So, a repository sounds like a place to find things but what is it? Where is it (one)?

I know what people will say: "Do some research!" but I'm now too scared to do anything without, at least, a firewall. 

[tunk]

What linux distro did you install?
Not all linux distros do things the same way,
i.e. to give more specific advice we need to
know which linux distro you're using.
AFAIK, the linux kernel has a built in firewall,
but you may have to install a GUI front end.

[PerranOak]

It is:

Peppermint OS i686

Cheers.

[themadhippy]

I know what people will say: "Do some research!" but I'm now too scared to do anything without, at least, a firewal

don't be scared,ive been to some very dark and dubious corners of  t'internet without a problem

The thing I can't figure out about Linux is how or from where you download software

Try the magic incantation sudo apt get install software name

So, a repository sounds like a place to find things but what is it? Where is it

try having a peek in  /etc/apt/ and kicking the file called source.list

[ataradov]

So, a repository sounds like a place to find things but what is it? Where is it (one)?

Peppermint seems to be based on Debian, so you will have APT package manger and associated commands. There is a GUI tool called Synaptic. Look in the menus, you will find it. It will show you all the packages available.

For the command line the flow goes something like this. You want to find some utility, you use apt-cache like this: "apt-cache search hex converter". you will get a result like:

Code: [Select]

bindechexascii - simple ASCII,binary,decimal and hex converter
gbase - small numeric base converter
gnusim8085 - Graphical Intel 8085 simulator, assembler and debugger
libhex-ocaml - library providing hexadecimal converters (runtime)
libhex-ocaml-dev - library providing hexadecimal converters (dev)
ncurses-hexedit - Edit files/disks in hex, ASCII and EBCDIC
ponyprog - Serial device programmer
python3-yubiotp - Low-level implementation of the YubiKey OTP algorithm in Python
uni2ascii - UTF-8 to 7-bit ASCII and vice versa converter
z88 - Finite Element Analysis Program - runtime
z88-data - Finite Element Analysis Program - data
z88-doc - Finite Element Analysis Program - documentation

You then can get more information about the package using "apt-cache show bindechexascii". It will print a lot of stuff, including version, dependencies, and a full description of the package.

If it sounds like something you like, you run "sudo apt-get install bindechexascii". This is the only command that needs root privileges and "sudo" is needed. Note that the user must be setup for sudo first. stock Debian does not do it by default, but Ubuntu does. Or you can run it as root using su command.

BTW, why such a strange choice of a distro? Generally Ubuntu is more beginner friendly. And if you want more traditional UI style with taskbar and a menu, use Linux Mint. It is Ubuntu with Mate desktop environment by default.

[Nominal Animal]

Peppermint OS is a Debian variant with XFCE desktop.  Haven't used it myself, but I do generally like XFCE desktops on Debian variants; I used Xubuntu for quite a while few years ago.

I do like using Synaptic for package management.  It makes it easy to find interesting programs to try, and install them.  (If additional packages need to be installed, it will tell you, and ask you if that is okay.)  To find something, you can press Ctrl+F, type in the word(s) you're looking for, and select whether those words should be in the name only (rarely) or name and description (typical).  You mark which packages you want to install, then click on the Apply button to actually download and install those packages.

In the Settings menu in Synaptic, there is a Repositories entry.  This is a direct interface to the Debian package manager repository list (apt sources; /etc/apt/sources.list and files in /etc/apt/sources.list.d/).  You basically list there the repositories you trust.  A repository is a repository: a site set up to provide a set of packages.  There are both official ones (and with Debian, with lots of official mirrors, at least one in almost every country, which can speed up downloads a lot), as well as experimental and personal ones (often called PPAs, Personal Package Archives, from Ubuntu, which itself is a derivative of Debian).

As Peppermint OS is a Debian derivative, you should prefer the default Peppermint OS repositories.  However, you should be able to install any Debian package (for the same Debian release as the Peppermint OS release you use; currently Debian 11, "Bullseye"), and use any Debian package repository (that provides packages for that Debian release).  It is highly likely, but not exactly guaranteed, that applications provided by Ubuntu PPAs, will also work fine.

You usually also have a separate update manager, which occasionally checks if any of the packages you have installed have newer versions in any of your repositories.  I don't know which one Peppermint OS uses, and it doesn't really matter: just don't leave Synaptic open when you don't need it, because having one open will block all other ways of updating or installing software, including on the command line.

If you cannot find synaptic in the menus, it probably isn't installed.  You can install it by running
    sudo apt install synaptic
on the command line.  It will ask your password, because as an user, you do not have the privilege of modifying the system configuration.  sudo is a command that grants you superuser privileges, if you can have them.  (It can also do other stuff.)

Do not download packages off the internet.  Use your package manager / Synaptic.  Do not download source trees and compile them yourself, because that is almost always wasted effort.  (The exception is if you need or want to try out bleeding-edge features being developed right now.)  Do not trust installers, that say "download this, and then run this to install it on your machine", unless you're absolutely sure about it; and then only if the installation instructions do not use "sudo" or "su" and the installer does not ask for your password.

(When installing e.g. Arduino development environment, or something like the Teensyduino add-on for Teensy development, you may need to provide your password for the installer to install what are called "udev rules".  These are rule files that allow specific users or groups direct access to for example USB devices, and are needed for the firmware uploaders to work.  So, there are exceptions to the above; just consider the source, and make up your mind, instead of going at it blindly.  A bit of extra suspiciousness in the era of Internet is warranted.)

Though fail2ban should not be seen as a security measure if used for a SSH server.

Correct.  I think it of more as a "oh shut up already" measure, occasionally checking the fail2ban log to see how intense the SSH scripting attacks happen to be; like weather.

This does not mean I claim Linux is impervious to viruses and attacks, because it isn't; I only mean that Linux users do not need dedicated antivirus software to protect themselves.  They do need to be careful and consider their actions as the user and administrator of their own machine.

In particular, by default, files that you save are not executable.  (Any guide that tells you to run a chmod command of any sort must explain exactly why that command is run, and what kind of security implications that has.  Any "guide" that tells you to run chmod 0777 anything is an invitation to disaster, and not something you should ever follow.)

This means that if you say save an image attachment you received via email, and double-click it, and it really is something else like an executable, the user interface should just try to open the file in an appropriate viewer or editor, or prompt you which program to try to open it in; and never try to execute it instead.
This alone, even if considered a nuisance by some users, stops a lot of worms.

Viruses that infect a Linux user by piggybacking on something (say, exploiting a bug in a viewer or editor), are also either limited to the privileges of the current user (and unable to modify system binaries, only files the user owns), or need to also exploit local privilege escalation flaws.  Without privilege escalation, running on the user privileges alone, a virus cannot modify the firewall settings, or replicate itself into the system.

On Linux desktops, viruses are very rare, for many reasons.  Perhaps the biggest one is that only a tiny fraction of all desktops run Linux, and those that do run Linux, run on wildly differing Linux distributions, making them vary too much to offer an interesting target.  (Linux servers are much more often targeted.)
Instead of antivirus programs that try to detect viruses and worms, Linux users are currently better off keeping their systems up to date with respect to security updates, and especially adopt safer practices wrt. files and attachments of dubious origin.  Instead of downloading an installer from who knows where, you use package manager, which uses known "trusted" package repositories.  (But those repositories can be compromised, though; even Debian has been.  They're usually detected very quickly, though.)

[Lindley]

Do not know why you chose Peppermint, but distros like Linux  Mint and Ubuntu are probably the most popular and well supported.

Might be worth giving them a try ..   easy and quick enough to install. 

https://www.linuxmint.com/

[james_s]

Frankly, I do get a "warm fuzzy feeling" knowing that my security software is protecting me. 

That's exactly what a false sense of security is though. The software isn't protecting you, it's just making you feel protected, which can actually encourage risky behavior.

[bd139]

Usual security products are mostly useless on Linux yes, but a mandatory access control framework like apparmour or SELinux is not so I'd gravitate to a distribution like Ubuntu which bundles it personally.

Imagine what happens when you click on a web page that trips a fresh CVE buffer overrun in Firefox, which then opens your ~/.profile for append and uses that to deliver payload next time you open a shell. apparmour prevents that by setting Firefox's "reach".

[BrokenYugo]

I'm not sure I've had an anti virus program (or problem as a result) since I stopped running windows XP in 2011, on multiple web connected windows and linux machines. And I torrent a fair amount, download PDFs off sketchy websites, etc.

[xrunner]

Do not know why you chose Peppermint, but distros like Linux  Mint and Ubuntu are probably the most popular and well supported.

Might be worth giving them a try ..   easy and quick enough to install. 

https://www.linuxmint.com/

I've been using Linux Mint for quite a few years, but mainly to run projects such as SETI@Home and now Einstein@Home projects on a dedicated computer. Recently I felt it was time to move on from an older Windows laptop I was using in the evenings while watching TV. I built a new PC and decided to use Linux Mint instead of Windows for it.

Of course it ran Firefox just fine and a few other things and I was happy. Recently I found out that Apple TV+ was the only way to watch Friday night baseball. Apple bought the "TV" rights and it was not even on cable TV as usual. So they said if you had an Apple Account you could watch it for free on your apple device or the internet at Apple TV website. Well I logged in using Firefox / Linux Mint and watched the whole game and had no problems at all.

Linux is a whole lot better (more tolerant to hardware issues) than it used to be like ten years ago. For example I swapped out several video cards in the aforementioned PC due to some experimenting with others in the house. Some cards were Nvidea and others Radeon. Linux Mint never had a problem detecting and using the correct drivers.