Linux Desktop Security (and Why It’s More Secure than Windows)
When I first began researching Linux distributions, it was both an exercise in technical curiosity and a financial experiment. Would it be possible to work, manage my business and write, all while relying on open source and without paying a single dollar?
While my answer was yes (minus some web hosting costs and other misc. expenses), my research uncovered something unexpected. Linux, it seemed would provide a more secure desktop operating environment than Windows. This recurring theme was echoed on technical sites and blogs across the Internet. My decision was made.
Some accounts went so far as to suggest that no security measures needed to be taken at all. But some, though still steadfast in their support for Linux’s superiority, did encourage at least a minimalistic approach to securing your Linux desktop. I decided to err on the side of caution.
Viruses on the Linux platform have indeed been few. Is this because the operating system is more inherently secure? Possibly. With so many developers, potential vulnerabilities can certainly be more quickly identified, and corrected.
I also believe there is something else to consider. The numbers have been debated, but at last count, Windows dominated the desktop with close to 90% of the market. It’s no surprise then that people looking to exploit vulnerabilities would direct most of their efforts toward the dominant platform, in this case Windows.
In a world where computer systems were isolated, Linux users might collectively exhale in the knowledge that they were immune. However, as most of us still interface, either on the same networks or via email, with Windows computers, the potential for virus or malware exposure exists. Opening a tainted Microsoft Word document probably won’t infect your system, but there is the possibility that you can pass it on to someone else.
The Ubuntu website maintains a list of known viruses and worms and other network threats.
What all this means, is that even though your chances of infection while using Linux are slim, it makes sense to employ some type of protection from outside attack. Let’s talk about some ways in which you can secure your Linux computer.
Linux Security Tools & Techniques
The first, and perhaps easiest thing to do is to patch and update your software. Most distributions automatically notify you when updates become available. You just need to click a button to perform the update. And if you’ve turned off this functionality, you can manually check for patches on a set schedule, say bi-monthly.
One thing to note is that if you’ve installed software via tarball, and not the repository, then the operating system won’t update it. In this case, you may have to configure software to perform these checks.
Most virus threats are Windows based, but email scams and phishing attacks are not unknown on Linux. As a first line of defense, you should only click on email links to sites that you know. And I think you should also consider installing anti-virus software.
• Secure Passwords
If you’ve registered for any community websites recently, you will have noticed the increased emphasis on secure passwords. You should apply this same rule to your Linux desktop. Strong passwords are not invulnerable, but are less easy to crack.
A firewall is sometimes all that stands between your precious data and the dangers lurking about on the Internet. Firewalls can be both hardware (included as part of your wireless router) or software based.
• More Stringent Control with SELinux
SELinux (Security-Enhanced Linux) was created by the NSA and is a kind of security enhancement for Linux. It has stronger access controls, allowing admins greater flexibility in deciding which users have access to files and network resources.
Some don’t like the performance hit associated with its use, but for many the benefits outweigh this. You can be the judge, find out more about SELinux.
• Check Those Services!
A Linux service is an application that runs in the background waiting to be used. By default, many services are started at boot-up, some unnecessary for basic desktop operations. Things like httpd, ssh, telnet, etc. are needed for servers, but do you really need them for your desktop machine?
In order to minimize the security risks associated with these services, they should be locked down, or removed. You will need to review and edit your /etc/inetd.conf or /etc/inittab file and comment out services you don’t need.
Linuxtopia has detailed instructions on how to do this.
Final Thoughts on Linux Security
While security concerns with a Linux computer may be less of an issue than on their Windows counterparts, having a sound security plan, no matter the platform, is the best way to ensure the safety of your data.
Security implementation of some of these tools vary depending on the Linux distribution, so its always good to start with the website or wiki for your Linux distribution for specific information.
For those new users, this is a good stating point to ensuring your Linux experience is the best — and safest — it can be.