Web space - CHAPTER 9 HOW TO SECURE YOUR COMPUTER
CHAPTER 9 HOW TO SECURE YOUR COMPUTER Installing new software: Be careful in choosing programs to download and install. Because Linux works on the basis of open-source code, anyone can theoretically tamper with a program, and then offer it for download by the unwary. This very rarely happens in real life. Even so, it s wise to avoid downloading programs from unofficial sources, such as web sites you find online via a search engine and whose authenticity you cannot totally trust. Instead, get software from the web site of the people who made it in the first place or, ideally, from the official Ubuntu software repositories (discussed in Chapter 
. Updating your system: Always ensure your system software is completely up-to-date. As with Windows, many Ubuntu programs have bugs that lead to security holes. Crackers target such vulnerabilities. Downloading the latest versions of Ubuntu software ensures that you not only get the latest features, but also that any critical security holes are patched. As with most versions of Linux, updating Ubuntu is easy and, of course, it s also free of charge. You ll learn how to get online updates in the next section. Locking up your PC: Limit who has physical access to your computer. Any Ubuntu system can be compromised by a simple floppy boot disk, or even the Ubuntu installation CD. Booting a PC using such disks gives anyone complete root access to your system s files, with no limitations. This is for obvious reasons; the idea of a boot disk is to let you fix your PC should something go wrong, and you cannot do this if you re blocked from accessing certain files. When Linux is used on servers that hold confidential data, it s not uncommon for the floppy and CD-ROM drives to be removed, thus avoiding booting via a boot disk. Such computers are also usually locked away in a room or even in a cupboard, denying physical access to the machine. WHERE S THE ANTIVIRUS? At first glance, it may appear that there are very few Linux antivirus programs. Actually, many of these exist, but they re designed to work on server computers and primarily guard against Windows viruses, in addition to the handful of Linux viruses. The idea is that they protect Windows users who access the server. Very few antivirus products are aimed at the Linux desktop. However, one example includes F-Secure s Anti-Virus for Linux Workstations. This costs around 80 euros (just under $100) and is available from www.f-secure.com/estore/fsavlinuxwks.shtml. AVG (www.grisoft.com) and Kaspersky (www.kaspersky.com) also produce Linux workstation versions of their antivirus products. The main issue with all of these programs is that they re not open source, as with most of the Linux software included in Ubuntu. If you absolutely must have your entire system running free software, consider ClamAV (www.clamav.net). This is a product designed to work on Linux servers but is flexible enough to run on desktop computers, too. ClamAV is included in the Ubuntu software repository, and so is available via the Synaptic Package Manager program. Be aware that ClamAV is a command-line program, however. You ll need to read its man page to learn how it works. In addition, you might choose to read the online documentation at www.clamav.net/doc.