Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello everyone.
I am a Linux Newbie,having been using my first distro, Xandros 2.0 for about 3 weeks and enjoying it as well as enjoying being away from MS. One of the security issues about Microsoft that bothered me(other than vulnerability to Viruses and Hackers) is the amount of info MS collects on its users.I may be wrong but I believe that some of their applications like Windows Media player(the later versions) send info back to MS on what people are watching and XP of course has info on your computers configuration.What I am wondering is how would a Linux newbie know if their distro of choice has access to their computer or monitors their activities etc? For example while using Xandros I use the Xandros Networks sites to install programs,updates etc which are all done in root mode.....does this give them free rein on my computer?I don't have anything in particular to hide nor do I presently do any sensitive transactions on line(banking for example),but am still concerned about privacy and security. I plan on trying out a few distros so am interested in hearing what others have to say about my Q's
Thanks
One of the differences in linux, is that you are actually allowed to (and encouraged) to look at the source code. If you don't trust the binary packages from Xandros, you can download the source code for most applications and review it literally line-by-line, then compile it if you wish. The same applies to patches. Occasionally you'll come across a piece of proprietary software where that's not an option, but again this is linux, so there are likely Open Source packages that are the equivalent and do have full source available.
One of the nice things about Linux (and other alternative operating systems) is the community that creates and supports them. Any vendor or distro creator that willingly introduces spyware or other malware into their disto would quickly lose their support and standing within the community. Some distro creators will include proprietary software, but in general they are harmless and in many cases there are open source equivalents. Contrary to what some proprietary software vendors would have you believe, the Linux community does police itself.
Capt_Caveman and Stickman,
Thanks for your replies.I find this site is great in that someone always replies promptly to any Q's that are posted and are eager to help.I'm not yet at the stage where looking at source code would do me again(I wouldn't know what to look for),nor do I yet know about compiling code.So for the time being if I have any concerns(security or otherwise) about a particular distro I will check with users, some of whom have probably fiddled with the source code, and/or check with the Linux community at large.I'll ask one more Q if u don't mind.Besides Xandros I will be soon experimenting with Mepis and Libranet. The reviews I have read about then have been positive,Have either of you(or anyone else out there) heard of any negative feedback about either?
Thanks again
Smiles_A_Lot
Apart from the answers given, you could find out by logging traffic. One way, if you don't know what to look for could be to start by adding a LOG target rule on Iptables' out chain, then check who those addresses belong to. If you have specific addresses to watch, fire up Tcpdump or Ethereal, add a filter to only log to/from that address. Let it run for a while then collect the dumps and check the contents. Like already said I don't think Xandros will be extracting much info from your system w/o your consent tho. In the end it will only harm their reputation.
UnSpawn,
Thanks to you, and all, for your replies and advice.From all the replies I've received I'm quite confident that Gnu/Linux Distros have good ethical standards as applies to security/privacy,as they have in their licensing and other software matters .As someone once told me there are a lot of " clued in" people in the Linux community that would notice if anything untoward was happening with a distro.For now I will read,learn and seek advice from the Linux Pros out there when I have Q's, and, as I become more comfortable/knowlegeable about Linux, if I have any concern about a distro, I can check it out myself(and maybe help out a future newbie!) So far I'm enjoying the move to Linux and my experience with it and the community has been positive,(This forum is great,stacked with helpful info and links and friendly people!)
Regards,
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.