# New to Linux - Antivirus & Firewall?

## Makhaira

Hi, I've just installed Gentoo 2007.0 (many thanks to all those involved in the 2007.0 handbook, fantastic piece of documentation) and have the predictable Windows' user fear for security. I know Linux is much more secure, but what do I need in the way of firewall and antivirus? Or anything else that is important for linux security?

Some background info - it's a fairly minimal install on a 1.5ghz Celeron M laptop, using XFCE, speed is important to me, and yes, it will be frequently connected to broadband and also wireless networks.

Which brings me to my second question - how can I secure/turn off my wireless card easily when it's not in use?

Many thanks in advance, and thanks once again for all the excellent documentation that people have made available.

----------

## ningo

>  but what do I need in the way of firewall and antivirus?

You don't need either. The concept of a personal firewall and antivirus (what I suppose you're talking about) is ridiculous and exists under windows only with the purpose of stealing your money.

> how can I secure/turn off my wireless card easily when it's not in use?

Have a look at OpenVPN and IPSec

----------

## Cyker

You don't really *need* a Firewall or AV, but they are available.

I know AVG does a free-for-personal-use AntiVirus, and then there's the more Linux-friendly source ClamAV.

Firewalling is built into the kernel - Look for stuff on IPTABLES.

It's a bit complicated to set up for 'normal' people 'tho, so lots of reading required!  :Smile: 

If you don't have a hardware switch to turn the wireless on/off, which frankly is the most secure way, then at worst you should still be able to bring the interface off-line by running "/etc/init.d/wlan0.net stop" or similar depending on how you configured your Wireless.

There are usually other ways too (KDE provides apps for this; Gnome probably does too)

Not sure what ningo was talking about (OpenVPN and IPSec can turn your wireless card off?!  :Shocked: )

----------

## ningo

> Firewalling is built into the kernel - Look for stuff on IPTABLES. 

IPTables is not a firewall, but a userspace-tool to control Netfilter, wich itself is just a framework for intercepting and manipulating packets.

> Not sure what ningo was talking about (OpenVPN and IPSec can turn your wireless card off?!  :Shocked: )

He was talking about _securing_ his WNIC. Turning it off would be the most secure method, indeed.

----------

## phajdan.jr

 *ningo wrote:*   

> > Firewalling is built into the kernel - Look for stuff on IPTABLES. 
> 
> IPTables is not a firewall, but a userspace-tool to control Netfilter, wich itself is just a framework for intercepting and manipulating packets.
> 
> 

 

However would you name it, together etc. it is a firewall - it controls which packets get in, which get out and does everything a firewall does. Of course there these things called "application firewalls", but on Linux you would search for IDS/IPS-es instead. On a non-server computer however, I don't think they're required. Firewall is not critical too (but it's good to make sure you don't expose potentially vulnerable services). And generally, for average user, iptables is just for that - to prevent exposure of potentially vulnerable services.

----------

## Makhaira

So to summarise, forget about antivirus, and check out IPTables for security? Many thanks for the info!

----------

## Ishiki

Shorewall (it's in portage and there is a guide to it somewhere in the forums) is easier to configure than pure iptables. You can have a look at it.

----------

## NeddySeagoon

Makhaira,

You don't at the time of writing need antivirus, mostly because virus writers don't target Linux systems. There are a few 'proof of concept' virii around but not in the wild. You do need to take care though.

Windows runs any email attachment you happen to click on - its trying to be helpful but this is a double edge sword. If your run Windows as Administrator, the attachment can do anything, if you are a normal user, it can do a bit less.

Linux will not run anything that does not have execute permissions set - not even for root and you must explicitly set that. You can view email attachments with a double click as you can in Windows but not (by defualt) run attached programs. In linux, you never use root unless you need to, so at worst, a virus can wipe out your normal user, not your entire install. ... and you would have to give it execute permissions first, which would make you think.

You should run a firewall on linux. IPTables in the kernel provides the raw materials then there are severall user space tools to set rules.

However, security comes in layers. First, don't run anything listening to the internet you don't need. The more software you run, the more likely it is you have a security issue. 

If you want more security than good use of usernames, groups and a firewall provides, consider a hardened install, which adds more layers to your security system.

----------

