Most of the malware attacks on computers today are not done by thrill or attention seeking hackers. They are created by criminals who seek to use them to relay unsolicited commercial email (spam) or worse. They could care less about making Windows look bad. They are completely agnostic as to Microsoft, Apple, or your Linux distro of choice. It only stands to reason that while it is more difficult to trick a saavy Linux user into installing malware with root privliges, efforts will almost certainly escalate as the popularity of Linux distros like Ubuntu gain popularity.

There are several free and open-source tools that can be easily installed and used to scan for viruses, rootkits, and other nasties on your computer. Clam AV, rkhunter, and chkrootkit are three tools that are easy to use. Clam even has a GUI. All three tools are available in the Ubuntu repositories. They are almost certainly available in others, but aren’t difficult to install manually either.

If you use Ubuntu, you can install the three packages:

sudo apt-get install clamav-daemon rkhunter chkrootkit

If you want to try the GUI, it is called ClamTK (sudo apt-get install clamtk)

Update the Clam AV scanning definitions by running sudo freshclam

It is probably easiest and most intuitive for most to use Clam via the GUI and not the command line – This installed under Applications > System Tools > Virus Scanner on my Ubuntu Intrepid 8.10 desktop.

Clam does not scan your files on access – so it takes up very little resources. You can schedule scans as cron jobs or simply run scans manually on a regular basis to be sure your system is clean.

To scan for rootkits, simply run sudo rkunter --check and sudo chkrookit as root. It is safe to run them side by side. They will not change anything on your system, they will simply alert you to the presence of suspicious files. (a few warnings are pretty normal).

Ubuntu ships with a Linux firewall called iptables installed by default. Most people find the text file configuration to be cumbersome. Firestarter is a very simple GUI option for iptables that makes it easy to manage. A good firewall will go a very long way to prevent any system from being compromised.

sudo apt-get install firestarter

To run Firestarter, go to System > Administration > Firestarter. When you first open the program you will be asked some questions. Don’t worry if you get them wrong, you can re-run the wizard any time… You will most likely want to choose yes and tick the box for DHCP. You’ll then need to set up a policy. This is very simple. If you are not sharing your computer, do nothing for Inbound policy – it will block inbound connections from starting a session on your computer. If you use Bittorrent, ssh, ftp, etc on your desktop you will need to create rules to allow those services Inbound. Again, very easy to do. For Outbound you usually want to allow all services out except those you block intentionally – so select “Permissive by default, blacklist traffic” – which will allow you to go out to the Internet freely but give you an option to block outbound traffic you do not want to allow. This is the default configuration on most commercial firewalls also. You can make outbound restrictive, but be prepared to add rules for every software you run that needs to establish Internet sessions… (updates, web browsing, backup programs, dropbox, skype, etc, etc…)

Any system should be backed up. I really like sbackup sudo apt-get install sbackup – you can find documentation online. It isn’t difficult to use and the defaults work well – though you may wish to change the default backup location. You can also backup to remote computers via ssh.

Keep your updates current. Ubuntu will alert you by default when updates are available. You can also use System > Administration > Update manager.

One last additional precaution I take is to use the laptop’s built-in security features to password protect the boot process. While this isn’t un-breakable, it will definitely slow down a casual thief who swiped your laptop. For a more secure approach, encrypt your hard drive’s file system.