On Thu, 14 Apr 2011 04:02:39 -0700 (PDT), Fred wrote:
> I'm going to try follow some of the suggestions in
Since you are running Ubuntu the majority of your malware problems are
> 1. If I use a firewall that only allows 1 port for accessing the internet,
Then I will guess it is not going to work very well, if at
all. More than one port is needed.
> how can I get a 0day attack?
By the method dictated by the 0day malware.
> 2. If you download malware onto a VM, it's restricted to the VM.
Most of the time. Not always.
> Other than this, how do VMs increase one's security?
Define security. The malware can run in the VM unless you delete the
guest machine after each use.
The really smart malware can detect that it is in a VM and will not
infect the system.
> 3. How does a HOST file increase security
Not by much. All you could have there is a few know malware ip addresses
compared to number of malware infected systems on the Internet.
>if you have a firewall that blocks ports?
If you are using a hosts file to block known malware infested sites,
it will only prevent access to those ip addresses for all ports.
You need to learn how a firewall works. Your basic firewall will block
all inbound connection attempts. You should be running a firewall to
prevent inbound connections to any deamon/service you have enabled on
your system. Your fancier firewalls will allow you
to block outbound connections by application.
Your signature based AV software is almost useless for real time
detection/protection. Last stat I saw was 7,000 new malware apps per day.
Good news, very little malware will run on your linux OS. 8-)
The majority of criminals and malware writers no longer attempt
inbound access to your system. They are coming in via exploits of
applications you use to view content on the Internet and by putting their
payload in files/media you download (flash, pdf, gif, MP3, WMA, WMV, MP2,...)
For intrusion detection I will recommend aide.
I suggest privoxy instead of a hosts file and for your starter rules list
there is http://www.neilvandyke.org/privoxy-rules/
I run firefox with the NoScript add on torqued down pretty tight to
keep java* exploits down to a minimum.
I use different linux accounts for browsing and any internet account
needing a login and password. I use sudo to pop into the account as
needed. Click a desktop shortcut and I am good to go. You can set the
account's .bash_logout to submit a "at" job to delete and tar in a
pristine copy of files.