I am a linux newbie. I am currently running two OSs at home. The first is my desktop computer (running Fedora Core 2 Kernnel 2.6.6-1.435.2.3) which has a broadband connection to the internet thru a network card (eth0) and the second is a really old laptop running Win98 (I tried to install a linux OS but besides its age the hardware was made for Win98) which is connected thru a network card to my desktop on the eth1.

I installed the firestarter firewall and locked out my linux services (I am not running file server, web, telnet or ftp services) from any incomming tcp/udp/??? packet (eth0). I also configured NAT in order to provide internet access to my laptop computer (sharing the linux connection). I am not using an anti-virus software.

From your experience, what should I do prevent attacks from viruses and spyware? I understand that there are very few threats to linux systems but as I mentioned I am a newbie and I am concerned about making my system vulnerable. My main concearn is related to Win98 vulnerablilities. Can these vulnerabilities spread into my linux system (I have no firewall between these systems).

Thank you for your help! :)

Alnilam

Hey Alnilam,

Your win98 system can't do harm to the fc2 system. Spyware and such can't execute on
that system!! But if you are going to share files, you could use a antivirus programme like clamav
on the fc2 system. So you are sure that no viruses get on the win98 thru fc2.

http://clamav.sourceforge.net/

For your win98 system I can recommend zonealarm for a firewall and
antivir personal edition for the antivirus application.

http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp
http://www.free-av.com/

If I am wrong please correct me!!!

Tashiro

If you're worried, just use your firewall to block all traffic destined between the two machines (and only open up services you want to allow access to such as file sharing). Routed traffic passes through the forwarding chain so will be unaffected.

Ned

What you have done so far is a good start. By putting your Win98 machine behind the Fedora firewall you reduce the chance of Windows vulnerabilities taking down your Internet sharing computer. Just keep updating and scanning and you should be OK. This applies to any OS.

Hi!

I am considering letting Win98 access ports # 22, 80, 8080 only through this connection. Locking/Hiding other ports may improve security.

ClamAV seems to have a very good reputation among more experienced linux users. I´ll take a closer look.

I will pay closer attention to those update alerts that FC2 displays. I understand that despite of being more stable/secure than Windows systems linux is a "work in progress".

Thank you all for your replies!

Alnilam

Your description fits the configuration that your FC2 PC become the firewall & routing gateway for the Windoze PC.

I am sure that is already working for you. This case your Linux firewall should default block all uninvided incoming and allows internally initiated connections. ;)

This config is a pico-sized LAN with one Firewall gateway and just one inside node.

But the problem is your FC2 PC must not be turned off when Windozes PC wants the web. You power off your firewall your web in down for inside (the only) node.

You are still not protected against virused incoming emails & web pages.

For a pico-size LAN it might not be worthwhile to setup Linux web proxy & mail proxy to block virus - essentially for Windoze's sake :D only. Unless you want to do so for the experience or experiment.

If you just want a protection for practical uses, any regular shareware AV will do, just install it inside Windozes. Linux is immued to majority virus since they are made to attack Windozes only. :rolleyes:

If you are the only user for both the PCs, then just try to use Linux for most web browse & email functions, download files intended for Windozes also in Linux PC then then SAMBA share or FTP over to Windows. That way, you are already very safe. No AV software needed.

AV software cost you CPU cycle + RAM + performance / speed + time wasted to wait and maintain / manage the silly updates etc.

P :mad:

Personally, I quited using AV for windows, after I used Linux. In similar strategy, I just simply prevented my windozes PCs to connect to internet. Linux in the front line, the fragile Windozes hiding behind it. My system survived free of virus thais way the past 2 yrs!

I am also safer when I don't use any POP/IMAP, I rely mainly on webmails hosted on strong protected servers. They blocked virus for me, and allow me to delete SPAM/virus just after viewing their listings without downloading anything more than their mail headers.

99.9% of virus in my emails stopped at webmail. When I was stupid enough to download that 0.1% I can see what they are, but still I am safe, because of Linux. :p