It is important to highlight user account security

[Neal ManBear]

ternor,
We are not discussing changes that you will be forced to make. How you work and how secure you are depends on you; you make the decisions.     
What is in discussion is the methods/ways and means whereby we may better inform users of the ways they can increase their useraccount security.     

[Just17]

Here is a thread which explains a previous attempt to achieve 'safe-browsing' .....  it might not be exactly what is needed, but it is, IMO, a starting point at least.

No doubt there are alterations which could be made to make it more secure, and most likely could be used for other 'internet-facing' applications the user might wish to use.

http://www.pclinuxos.com/forum/index.php/topic,73799.0.html

[Just17]

I wonder if anyone has implemented sandboxing for internet access on a PC?

My present opinion is that this is the weak link in most situations (well not really as it is the user in most cases  )

But sandboxing the internet connection would tend to protect the user from themselves 

[gseaman]

Maybe FirefoxOS can run in a VM?

Galen

[Just17]

Maybe FirefoxOS can run in a VM?

Galen

[izto]

"I wonder if anyone has implemented sandboxing for internet access on a PC?"

Chrome/Chromium do that, one sandbox per tab. So what I do is use them in Incognito mode, so when I close a tab, anything related to it goes away.

[Archie]

Thanks for chipping in izto. Each of us with a bit more knowledge have our different ways. We may actually have similar but not exactly the same methods on sandboxing Chromium. It would really be nice if there'd be a foolproof method for users who just want to click away on links unmindful of the pornographic popups hiding behind the main browser to keep their user data safe.

I don't mind retyping my passwords to sites I trust after clearing cache and cookies after a session. It's all automated on my end. But undoubtedly there are users who'd use a "qwerty" for their Yahoo!Mail password and forward a chain email to everyone on their contact list for a miracle that's not gonna happen.

It's really just knowing how to add an extra layer of security ... still, others won't even bother.

[mag]

Interesting thread for someone like me who recently moved to linux, mainly because they were feeling paranoid about windows security measures and spending all their time scanning stuff!

Since then I have maybe become too lax about security - I use one account for everything.

I run chromium browser with seccomp sandbox enabled to try to keep any bad stuff from getting out, and also have bitdefender trafficlight to try to warn me in advance about dodgy sites.

(I haven't seen seccomp mentioned in this thread, which surprised me (maybe I just missed it). I thought it was 'a good thing' for user security - maybe I am misunderstanding).

I am trying to avoid noscript or other blockers that require user input to maintain browser functionality - mainly because I am not the only user of the machine - and I suspect the other user would soon be seeking to get me to ditch linux and go back to windows if she had to fuss with such things. In windows she had on-access web, script and file malware scanners, and behaviour shields and such like to put your faith in (wisely or otherwise!).

I may henceforth have two user accounts - one only for browsing, and one for other stuff.

I notice that comodo have recently released a free real time linux av - though they admit that at present it only looks for windows malware.

[jqball2u]

I have a question that I've been wondering about for some time now, regarding security of my personal data. If I install an OS like say Windows 7, then install a really good firewall, then install a really good AV, then install either VM Player (or Workstation) or Virtual Box, then install (on the virtual machine) a Linux distro with a firewall installed, and use only the VM OS on a daily basis, for like my personal info & to access the internet, etc. ... will I be 'safer' than if I just used either OS installed on the physical machine (with, of course, the usual 'normal user')?

The reason I ask is, I have games and other programs that require Windows and, yes I know about Wine, VB, as well as PlayOnLinux but I know that there are *some* programs (and games) that none of the aforementioned are truly developed enough to handle as well as the OS itself does.

Yes, I know the host OS is connected to the internet and the only way to protect whatever is installed on the host OS is to disconnect it from the internet when I don't need to access it (as well as to not install questionable programs). But, a hacker/cracker/or whatever you want to call them, would not expect to see a virtually blank canvas (the host OS, with just a few games installed [like via CD/DVD or downloaded onto a USB drive via the VM]), and if the VM is not always on - that's all they'd see, right? Plus, if the VM OS is running (Linux) then they wouldn't expect to also have to hack/crack/shack/whatever into a Linux??

Please feel free to correct me if I'm wrong or how I'm wrong ... I ask this because I've just been wondering how much safer I would be doing the above.

Thanks,
QBall

[kjpetrie]

The VM might not always be on, but its folder and files would always be present and could be stolen just like any other files, so you wouldn't be any safer.

Once someone has downloaded your VM they can attach its files to a new VM, start that VM, mount the virtual disc and read all the data.

[menotu]

I have a question that I've been wondering about for some time now, regarding security of my personal data. If I install an OS like say Windows 7, then install a really good firewall, then install a really good AV, then install either VM Player (or Workstation) or Virtual Box, then install (on the virtual machine) a Linux distro with a firewall installed, and use only the VM OS on a daily basis, for like my personal info & to access the internet, etc. ... will I be 'safer' than if I just used either OS installed on the physical machine (with, of course, the usual 'normal user')?

The reason I ask is, I have games and other programs that require Windows and, yes I know about Wine, VB, as well as PlayOnLinux but I know that there are *some* programs (and games) that none of the aforementioned are truly developed enough to handle as well as the OS itself does.

Yes, I know the host OS is connected to the internet and the only way to protect whatever is installed on the host OS is to disconnect it from the internet when I don't need to access it (as well as to not install questionable programs). But, a hacker/cracker/or whatever you want to call them, would not expect to see a virtually blank canvas (the host OS, with just a few games installed [like via CD/DVD or downloaded onto a USB drive via the VM]), and if the VM is not always on - that's all they'd see, right? Plus, if the VM OS is running (Linux) then they wouldn't expect to also have to hack/crack/shack/whatever into a Linux??

Please feel free to correct me if I'm wrong or how I'm wrong ... I ask this because I've just been wondering how much safer I would be doing the above.

Thanks,
QBall

Apologies if I'm teaching you to suck eggs  

I think I'd do it t'other way round - use Linux as your host and install Windows 7 VM as your guest.

VirtualBox allows you to create Snapshots letting users to go back to "a point in time" . You could set up the Windows 7 VM and install any security applications you may need and set it up just as you want it and then take a Snapshot of the VM's current state, allowing you to go back to it if required.

Also, bear in mind that antivirus/security applications sometimes can't protect a users system as Java applications/plugins etc can be used to "insert/inject bad code" which can then do lots of nefarious deeds such as

http://www.pclinuxos.com/forum/index.php/topic,108588.msg949245.html#msg949245

http://www.pclinuxos.com/forum/index.php/topic,109264.msg933718.html#msg933718

http://www.pclinuxos.com/forum/index.php/topic,111044.msg947889.html#msg947889

And it's easy to copy a VM's  .vdi file as a backup or for a rainy day

Some people think that Java and JavaScript one and the same thing but they are two completely different beasts.



And of course we've got to include users into the mix  (but that's a topic for another day     )

Hope there is something useful for you

[YouCanToo]

I have a question that I've been wondering about for some time now, regarding security of my personal data. If I install an OS like say Windows 7, then install a really good firewall, then install a really good AV, then install either VM Player (or Workstation) or Virtual Box, then install (on the virtual machine) a Linux distro with a firewall installed, and use only the VM OS on a daily basis, for like my personal info & to access the internet, etc. ... will I be 'safer' than if I just used either OS installed on the physical machine (with, of course, the usual 'normal user')?

You are only as safe as that which the host OS is. And Windows doesn't have a good safety record. Doen't matter how good you think your antivirus/spyware etc is

The reason I ask is, I have games and other programs that require Windows and, yes I know about Wine, VB, as well as PlayOnLinux but I know that there are *some* programs (and games) that none of the aforementioned are truly developed enough to handle as well as the OS itself does.

Yes, I know the host OS is connected to the internet and the only way to protect whatever is installed on the host OS is to disconnect it from the internet when I don't need to access it (as well as to not install questionable programs). But, a hacker/cracker/or whatever you want to call them, would not expect to see a virtually blank canvas (the host OS, with just a few games installed [like via CD/DVD or downloaded onto a USB drive via the VM]), and if the VM is not always on - that's all they'd see, right? Plus, if the VM OS is running (Linux) then they wouldn't expect to also have to hack/crack/shack/whatever into a Linux??

Please feel free to correct me if I'm wrong or how I'm wrong ... I ask this because I've just been wondering how much safer I would be doing the above.

Thanks,
QBall

[jqball2u]

The reason I thought to use Windows 7 as the host OS is I've not had very good results with either my laptop (which has built-in WiFi) nor my desktop (which does not have a built-in WiFi but I have been using a Linksys USB adapter - I can't remember which one, as I haven't used my desktop in a while but I do remember that it has dual-band capability) when installing a Linux OS lately. They seem to not like my WiFi, either in my laptop or the Linksys adapter on my desktop ... it got to be a headache where I just decided to leave off for awhile.

My laptop is a Toshiba Satellite C655: Intel Pentium CPU B960 @ 2.20GHz, 2200 Mhz, 2 Core(s) / INSYDE 1.30 BIOS / 4GB RAM / Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC

The Linksys adapter I used on my desktop was supposedly one on the Linux 'supported list'.

Thanks for the info ... I'll keep that in mind if I ever decide to go that way!

QBall

[Just17]

My laptop is a Toshiba Satellite C655: Intel Pentium CPU B960 @ 2.20GHz, 2200 Mhz, 2 Core(s) / INSYDE 1.30 BIOS / 4GB RAM / Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC

I have a Toshiba Satellite C660 with a RTL8188CE 80211b/g/n Wifi Adapter  which runs without problems using the RTL8192ce driver.

It seems rather similar, if not the same .....

[Tony]

I read this thread fully, as I have very little knowledge of Security of a User Account in PCLinuxOS.

I understand the concerns, but coming from a intense Windows security background, all I can do at this point, as people whose knowledge I respect seem concerned, is add some thoughts.

As far as Firefox, my default browser, I use Adblock plus, I clear all History, Cookies, and LSO's ( Better privacy is the Addon), at the end of the day, or Session, and use Keypassx, so I have very strong passwords for Logins to sites.

I used to use a MS app called 'Drop my Rights', which when applied to a Launcher, or Shortcut, for example, the execute command first went to Drop My Rights, and the program then ran with very limited rights. This was pre Vista, and was one of the little gems people posted about, in a Security minded Community.

Kind of sounds like a Script of this sort, which lessens priviledges of any program a user feels may be a risk, theoretically is a good idea. Also sounds like a huge undertaking.
As already said, making a New User, with Limited rights for using Internet apps, Browsers, et al. seems best way to limit attacks from the Internet.
You can easily turn Java, and Flash off, as we all know.

I have no real answers, being a noob, but I like this discussion, as Just17, whom I regard as knowledgable seems worried about security.
I don't see any problem with a "Security User Account" which people could choose to initiate, or not. It would limit whatever we believe are threats.

Bit befuddled that no real talk of exact, and real "Threats" has not been mentioned, (listed) just a need for someone to do something, but it seems this discussion should continue, and try to state what dynamic User Account threats are.

I'm thinking what could be a huge 'Hole' , are Panel Widgets. I don't know if they have been rigorously security tested, they are addons really, that someone has scripted.
And just comes to mind, downloading Wallpapers in KDE. Just off the top of my head this could be a huge threat, where instead of a Wallpaper you download Malware.

Just some thoughts, please understand Linux Security to me is; to only use our Repos, and don't Login as root