Security and Linux
Vložit
- čas přidán 4. 06. 2023
- Linux is NOT secure by default! .
►► Digital Downloads ➜ christitus.com/downloads
►► Reddit ➜ / christitustech
►► Chris Titus Tech ➜ / @christitustech
►► Twitch ➜ / christitustech
►► CZcams Early Access ➜ / @titustechtalk - Krátké a kreslené filmy
Can you do a secure Linux guide, in multiple tiers. Home user basic, home user advanced, crazy person that implements enterprise security at home.
I second this, I too would love a seacuring the Steam Desk video, as i think it would help open the eyes of some users to the fact that linux CAN be secure but isn't always out of the box secure.
At least with Linux you don`t need to fight like with Windows, that have bulit in malware from Mocrosoft.
microshaft
Lol defensive much, I think the point is for the layman type computer users (Aka most people in the world). Linux is not for most regular people
@@philscimath9489 I agree that is why I found tsul kalu original comment was a defensive reaction. When a person begins sentences with the words “at least” …… subconsciously they agree with the main point of the video
@@philscimath9489 Fedora is very secure by default, why are you comparing a tinkerer, barebone distro with Windows, it's not fair
Also, micro$oft is spyware.
It seems corporate backed distros like Fedora are more concerned about security. They have SELinux and firewalld configured by default and I think they also have a decent score on audit tools like lynis. Also they were one of the first to set Wayland as default on GNOME and KDE.
I love Fedora and RHEL
You are a great Linux ambassador and a realist. Very helpful comment for new users. Fedora is a great choice for many
I'm not a linux newbie. I have been using it for many years. I've learn many security measures to use in linux. Sure nothing is guaranteed, but i feel my linux system is quite secure.
No root password on the Steam Deck means that you can't use a password to access the root account remotely. It's not the same as having a blank password. While that one setting isn't a golden ticket to security, it's wrong to say that particular decision is insecure. Any machine is hackable if you have unmonitored physical access to the box. While it would be nice to ask users to set their user name and password on first login, they don't enable ssh out of the box and expect most users to leave it default. This combination means that physical security is the only thing the user has to worry about.
Exactly. Chris sometimes speaks non-sense. Like everyone else, he may know a lot, but he doesn’t know all. Not a criticism, just a fact.
@@corvoattano8531 It is not nonsense per se, because it is not about easy remote access (at all) it is about to not even get the slightest warning if some executable grabs elevated access. But who wants to blame windows user that are annoyed by UAC to get rid of that as well.
I'll argue that most Linux distros are more still more secure by default from the start, lacking a registry that can be attacked and malwared to do big harm (yes, Linux HAS a registry, but it works much differently than in Windows and never posed as a security feature, unlike Windows Registry which was supposed to be a security feature, and STILL is insecure), the root/user logins being active by default to limit users in ways Windows UAC can't (if users can't install software, change the software settings, or delete it you won 90% of the battle already regardless of OS); the relative lack of malware that attacks Linux compared to Windows malware still being created, and the Linux file structure itself that limits damage because user applications install differently than in Windows so if they get corrupted or attacked the OS itself doesn't go down with it. (I never went that deep on my old Mac, so I'm leaving them out of the discussion).
AND YES, the other steps Chris said are important: firewalling, passwords/biometric log-ins, and root vs. user accounts. Any hardware/gaming box maker or user that doesn't do them should be sternly lectured until they repent and sin no more. I have root and user accounts as the the sole user, and I have to use a password to log in. My laptop firewall is always on regardless of where I am (by the way try testing your firewall at the Shields Up! website; you might be surprised what you find out). And if you're at home, is your modem/router's firewall set for high security? How about your Wi-Fi devices?? With Internet providers allowing people to use your modem for mobile access without your express permission, you might want to check those firewall and security settings as well because we all know your cable/ISP provider would NEVER place YOUR privacy at risk by setting everything at the lowest-possible security level...🙄
Disagree with the root user thing. By default, the first user you create with desktop linux distros intended for consumers has sudo access. It's an admin. The first user you create when setting up Windows is an admin account. Any extra accounts you add after that are _standard,_ NOT admin, by default.
Also, you're way off base with the registry. It is not, and was NEVER intended, to be ANY sort of "security feature", and I have no idea where you pulled that idea from.
The Windows Registry's first inception was as a central place to register COM components, hence the name "registry".
As Windows evolved, the registry essentially became a centralized configuration store, for both system and user settings/configuration data, since it was realized that having a common way to do that across all users, system, and programs was a useful feature.
@@Acorn_Anomaly Admin and sudo is not related in any way really
Could you make a tutorial on "how to stay safe on Linux for dummies"?
I would love to switch to Linux but I don't know what I'm doing and I bet there are decent "out of the box" solutions that would not require to dig deep on the ecosystem to just use it as a normal daily OS.
I put my Downloads folder on an extra partition, mounted it w/ "noexec, nodev, nosuid" flags and run internet-facing applications within flatpak/firejail.
I mount my entire /home partition like that
nice to know
when people talk about security on Linux, its generally concerning malware, not sudo rm -rf /*
They're referring to it having such a small user base there for a small malware target. I think the guide I followed setup some security because I'm primed for passwords when I mess with the system and change stuff. Unfortunately when I setup arch back in the day the drive lettering portion of the guide was not very well described, was hard to convert to the way my hardware was setup. But I love arch, I'd rather start with a super clean system than receive a bunch of crap I'm never going to use that concept makes arch so amazing.
Greatly appreciated Chris Titus on information about Linux understanding
What how about making a video on how to protect to the maximum in linux?
First thing to do on Arch is change the umask. I use 027 as a compromise between convenience and security. I really wanted to set up AppArmor, but I couldn't figure out how to properly do it, especially as I have an unconventional filesystem layout with additional highly vulnerable locations. SELinux seems even worse. As it is, I use half-broken firejail configs for some stuff, and the rest I just use Flatpak for, minimizing the perms with Flatseal and hoping that's sufficient. Also I only use Wayland, and I use doas instead of sudo. I really should fix this...
Regarding the steam deck, it should just have a console-unique password printed inside the box or in the manual or whatever
There is a linux firewall that controlls everything? Similar to simplewall?
Yes, ufw
linux is about freedom, and if you care about security you have the freedom to secure it but most users dont really care about computer security enough to act on it.
Question: is it necessary to encrypt my Linux upon install if it's a desktop, or is it just superfluous?
I didn't hear anything about why linux isn't secure by default, or why arch is less secure than windows, just because a distro doesn't use apparmor doesn't mean its not secure by default, that's like saying if you don't wear a seat belt in a truck you're just as likely to injure yourself in a crash as you would be if you didn't wear a seat belt in a car.
I'm not aware of any major Linux distro stock install that will pass lynis on initial install.
Most distros do these things like default
just dropped into say your hyprland videos were the best and are missed
Did someone tell the guy in chat talking about grub2 being used only by RHEL that in most distro "grub" is grub2 by default and that the old grub is now referred as grub legacy? Jeez, there's already enough misinformation around
This is why for those who do not want to config everything, distros like Fedora come pretty hardened out the box.
portmaster is important too .
I got a question man. I was hacked bout a week ago. I changed all passwords and reset my p c is there anything else I need to do😊
which AV software do you recommend for a W11 user?
Window s defender is pretty decend , but If you still need a third part AV I would suggest Malwarebytes
Linux. Linux is perhaps the best antivirus for the virus known as windows 11.
you don't really need a realtime protection most of the time, i use malwarebytes free version with no realtime scans, but when i download something i scan it, also i run weekly scans and thats all.
@@Thunder00643All it takes is ransomware word document and it’s game over.
Very True...
Wait a minute... From a technical point of view, arch linux might be more insecure than windows or mac, if you don't adjust anything, but in real life it's just not like that, right? How often are Windows and Mac patched, how often Arch? How many viruses are there for linux globally, and how many for the other two systems? I would always choose Arch, which my grandmother set up, rather than Windows or mac... Thank you! :)
Most regular people cannot install arch though , let’s not be defensive and fanatical. 😂😂😂
@@professormoriarty703 OK, I didn't really think that my grandmother could set up Arch linux... :D
I don't accept that arch is more insecure than windows, I have no idea what makes him think that
install linux and then secure it before connecting to the internet which is impossible if you don't have the software already downloaded--huh ?
If it is not a secret, what are some few simple steps to make Linux more secure ? To call/pay a Linux server administrator ?
This person's attempt to sound knowledgeable about Arch has backfired somewhat.
"I would take Mac or Windows over a stock Arch implementation any day of the week. Arch is extremely insecure by default. Most times they don't even have App Armor installed."
"Most times they don't even have App Armor installed"?! While this is technically true, the stock Arch installation includes almost nothing by default. Not even a basic text editor is installed by default. Not even a bootloader is installed by default! Out of the box, it is not a ready-to-use system like MacOS or Windows.
Arch is meant to be built up by the user with whatever applications and configurations are needed or desired. In the case of Arch, the absence of software installed by default is representative of user choice. If someone wants to use a firewall then they can install it along with the other packages they will need.
Being critical of the applications that are not installed by default is missing the point somewhat. Ultimately it is up to user choice how secure or insecure an Arch installation will be.
Yep, I would take any linux distro over windows
Idk.. I'd rather just use windows and not deal with all of this
The problem is that if a Linux system is infected by a Windows virus, it can infect Windows systems WITHOUT its user knows.
I wish there could be an open source REAL TIME AV software for Linux.
Not clamAv...
I mean real time security.
I don't know if its open source, lets be fair it ain't, but I do know Microsoft have Linux native software to protect Windows systems. At the end of the day its not up to Linux to protect a Windows system, that's up to Windows.
@@notjustforhackers4252
Your Linux might become a virus hub for other systems to be infected.
That's a huge security risk caused by Linux and its community.
Since the majority of users from Windows, Linux should solve this problem to keep its reputation.
there are but it is mostly corporate oriented rather than consumer
@@John7No
I wish there could be for public and ordinary users as well.
Actually, I intend to make one in opensource...
@@SkyFly19853 I hope it turns out great !!!
It would be beneficial for many
Linux is always secure compared to WINDOWS.
The security holes are the browsers and any other software that connects to the internet.