There is no problem asking a question about your mac as long as it related
directly to ubuntu - which would assume that you are networking with a ubuntu,
installing it on your mac - etc.

First off lets start with your security problems. If you are NOT using a
firewall and then you are opened to being hacked. So, use a firewall and virus
protection.

Second, a mac is not fool-proof. As Apple has built on top of a solid system,
they have created more problems.

I just checked on this site you mentioned for a pc and its down as they are
moving. But I dont personally know anything about them. You can purchase a dell
with ubuntu on it or even better, purchase a barbones kit and install ubuntu on
there.

As you said, an computer can by hacked. It all depends on how you set it up.
What ports you open, etc.

As for someone tracking you, that is pretty scary. But consider this: even if
someone knows my ip address, I have a firewall on my modem and a firewall on my
computer. This gets into a whole area that is difficult to discuss here but, if
someone hacked your windows pc and then your apple pc, I have to think right off
you dont have a firewall up and second, you might be exposing yourself by using
programs that are known to have problems.

To answer your overall question: I have ubuntu setup just as a fresh install and
I install firestarter. I can see people pinging ports like crazy but I have
little to worry about since they are all closed.

I had an EXTERNAL FIREWALL on....Alpha
Shield, all the OS (Tiger 10.4) locked down tight, and ALL SHARING,
turned OFF.

And the internal firewall turned ON.

This was on a I-Mac G-5.

This psycho exploited I-Chat, and the Dashboard programs, there are
some kind of 'back door' exploits there that Apple has failed (so
far) to FIX.

OK, so does Unbuntu need an anti-virus program, or not?

Can you burn music CD's on Linux/Unix?

How hard would it be to lock down a Linux machine to where it's very,
very hard to penetrate by a hacker?

Could you explain how you might do this.

Does Linux have it's own INTERNAL FIREWALL? If so, is it a good
firewall?

I did read you post and it said, "Im considering putting out Alpha Shield..." so
that tells me its not.

Anyway, I would still check out the Dell and XPC barebones system.

Here's what I said:


"I'm considering putting our Alpha Shield (
http://www.alphashi eld.com/ ) external firewall in FRONT of it and
also Linksys wireless router with the firewall set as high as it can
go."

What I was TRYING to say is that IF I PURCHASE a Linux machine I
would probably do this......


Does Linux NEED ANTI-VIRUS?

I heard Linus Torvalds who developed the Linux kernel discuss his own personal
computer and he sounded paranoid about giving people access to his computer
because he develops on it. Security is a major concern for him. He uses a
firewall and closes most ports usually used by others. This is one extreme and
the other is somebody who takes no precautions.

Linux can be tailored to anyone's needs. It is the most flexible OS there is. It
just depends on what you are trying to do. Total security is possible, but it
means that you lose connectivity, too. You must make compromises and it is all
about what you want to do with your computer and how willing you are to take
risks and what extremes you are willing to go to to manage those risks.

I have been getting hammered for about
four days now from a group of IP's probing certain ports repeatedly.
Those ports are closed but still, just the banging on the firewall was
enough to hack me off.

I made the settings on my modem firewall a bit stiffer and the next
thing I know - gaim looses connection. First google chat, then yahoo,
then aol. Then my weather applet wasnt updating. So I had to redo some
things.

But yea, you can definitely make it much much more secure if you are
willing to take the time.

Does Linux NEED an anti-virus?

Will it burn music CD's?

Mostly we surf the internet, write list e-mails (such as this) and
burn music CD's.

I goof around at YouTube some.

That's about it.

I just NEED a really SECURE computer, as we've wasted about $4,000.00
on 6 PC's that are now trash from being hacked.

Do you know of THIS company, are they reliable?

http://www.zareason.com/shop/home.php

Does it need it: no.
Can you use it: yes.

First, install ubuntu.
Second, run the apps you want to run.
Third, install Firestarter.
On the Status tab of firestarter down at the bottom take note of the apps ports
that are in use.
On your modem close all the ports except those that are show on the status tab.

For example:
App Port
Firefox 80
gaim aol 5190
gaim mmcc 5050
gaim xmpp 5222

Unless you need to be more secure - then close the chat ports.

Does Linux NEED an anti-virus?


Yes and no. It probably doesn't because Linux viruses are so rare. However, you
can still propagate Windows viruses and pass them on to unsuspecting friends
using a less secure environment. It is just good etiquette to take into account
the needs of others.


However, using an anti-virus program under Linux is different. For the most part
it does not scan files automatically. To do this you need to use dazuko which is
hard to configure for most newbies and it can be finicky to my way of thinking.
Most people need to scan things manually and many do not bother due to the
hassle.

Will it burn music CD's?


You bet. There are many great programs in Linux to do this. In fact DRM and many
things that get in your way in other OSes are not issues in Linux.

Mostly we surf the internet, write list e-mails (such as this) and
burn music CD's.


Surfing. No problem. There are more good browsers for Linux than any OS. I have:
Opera, Konqueror, Galeon, Ephiphany, Firefox, Kazehakase, Midbrowser, Iceape,
Iceweasel, Swiftfox, Safari (in Wine), and Internet Explorer 6 (in Wine) all
running on my computer.



In addition I can run a full version of Windows XP in Virtual Box with a Gnome
menu bar at the top and an XP menu bar at the bottom. In can run just about
anything this way.


For email you have a choice of Evolution which is a suite, like Outlook,
Thunderbird, and a host of ones that support IMAPI and pop3 that are very fast
and light weight.


Does burning CDs suggest that you download? If so there are many p2p programs.
You can also access Songbird and iTunes. The best programs are either Rythmbox
(good) or Amarok (better) for listening to all kinds of music and managing
collections and syncing with devices. There are many podcast programs as well.



I goof around at YouTube some.


Caution. I use a 64-bit version. Setting up multimedia is possible but not
straightforward if you are using a 64-bit version of your favorite Linux distro
(I use Ubuntu 7.10 64-bit). Stick with the 32 bit version if you don't want
hassles. There is no 64 bit version of flash, Real Audio or Quicktime. You can
make them work, but it takes some tweaking.



If you go with the regular version of Ubuntu you can get all to work with no
problem. You need to do some post-installation to get them to work with Ubuntu
because it does not include restricted drivers by default.
You need Flash or Gnash (open source) and w32codecs and vlc which will do just
about anything from play DVDs to music.



That's about it.

I just NEED a really SECURE computer, as we've wasted about $4,000.00
on 6 PC's that are now trash from being hacked.
Do you know of THIS company, are they reliable?


Canonical is reliable. They are now selling servers with Ubuntu
pre-installed to Fortune 500 companies. Sun Microsystems is backing
Ubuntu by installing it on servers they are selling.


I cannot vouch for your ability to set up a secure system though. You can
install Truecrypt which will encrypt everything and you can install firewalls
and hardening software galore. You can control the flow on information in and
out depending on your capacity and willingness to be able to do it. You can even
set up things to run from a VM so that if it gets corrupted then the integrity
of the host computers are untouched. It is just a question of the degree to
which one is willing to go.

http://www.zareason .com/shop/ home.php

I have not read over this entire thread, but here is what I think.

1.) Linux should have an anti-virus to keep from passing viruses to
other (non Linux/ Ubuntu users.)

2.) Put Ubuntu on the machine with the default setup and run updates
and the machine should stay secure. Don't
install any software not from Ubuntu servers. (More secure packages.)

3.) Change all your email addresses, logins, password, and change your
Internet Service Provider.
They can't hack your stuff if you disappear. Start a new web persona.

I would agree with all of the above - especially point 3 - but would
also add replace your Alpha Shield and router. Chances are your hacker
'friend' has managed to compromise them and you can no longer trust them.

Don't forget that AV programs don't just help protect against viruses,
but also against trojans, and there's a lot more of those being
written for Firefox these days ...

Whereas there's no guarantee that you'll be 100% protected if you've
got even an up to date anti-virus program, it's still always better to
have one than not!

I understand that Linux machines are now becoming the Holy Grail for
hackers who can claim lots of status for succeeding in hacking one, so
go for the av, go for the firewall, go for the anti-spyware, go for as
much security as you can get, make sure it's set up properly, and kept
fully up to date. Only connect to the net when you need to, rather
than leaving it connected 24/7, and keep monitoring your logfiles and
such, just to make sure you're still safe.

Will you be 100% protected? No. Nothing is ever 100% guaranteed. If
somebody wants to get you enough, they will. The only way to keep your
computer 100% safe from internet-based hackers is not to ever connect
it up to the net.

One thing that puzzles me, however, is how these 6 other pc's you have
are now trash. You should be able to wipe, reformat & rebuild them (if
necessary, changing the network card(s), so that your MAC addresses
are different ...

This guy (the socio-path hacker) is so good that he's managed to
install keyloggers ON THE BIOS of the two machines that we still have
left, sitting in our closet.

That's another question.

Does the BIOS of a machine BUILT for Linux work IN THE SAME WAY, as
a 'Windows' bios?

Let me give you an example Graeme.

I bought a really NICE HP Windows machine. He's corrupted the BIOS
(by hiding a keylogger IN THE BIOS itself) and HP will not let you
put a new BIOS on one of their machines, you have to mail the machine
TO THEM, and their techs will do it.

The only way to get around this is to put a NEW mother board into the
HP, that costs also as much as the PC itself, and it seems stupid to
try to fix a computer that has been torn up, in such a way.

It's just cost prohibitive.

So, if I bought another machine designed only for Linux, would there
be a BIOS menu similiar to the one for a Windows machine?

Thanks so much for your time and energy in answering my questions.

System providers: I don't know either System 76 or ZaReason. However, I
am quite familiar with the computer recycling non-profit the latter
notes as their genesis. It is legit. I've worked with it myself through
my Linux Users Group. Good people. The get surplus hardware, refurb as
needed, and set it up with Ubuntu. From the other folks who came
through, ZaReason would be enough of a contender for my $$ that I'm
going to check them out for a laptop my son is needing (I converted an
old HP/Compaq Presario laptop and it mostly works, but the power
management stuff is problematic, as it often is on laptops with Linux).
Thanks for the link, as I wasn't aware of them.

If you want to check your security (both now and when you've upgraded
and taken the security suggestions already made) I suggest you go to
www.grc.com and see how "clean" your online presence is. GRC is the
website of Gibson Research, the guy who wrote SpinRite, one of the
original (and probably still best) disk eval and repair programs. Steve
Gibson hacked someone off a couple years ago and they hit him with a
distributed-denial-of-service attack from a bot network (which he
recounts on the pages). He got very into security and has a lot of good
comments, as well as a set of programs to test your firewalling and show
you whether you're "showing" on the Web. By and large, you're external
IP is going to show; has to for anything to get to you. But that also
means someone can try to "get" to you. You just want to try to make
things as difficult as possible.

In Linux and other Unices, you have the option, if your machine is
exposed and you need to have the hardware remain secure at all costs, of
running your OS is what's called a "chroot jail," which basically
isolates the running OS from the hardware, effectively virtualizing it.
This is recommended, for example, for servers in the "DMZ" of a
business. I haven't done it and wouldn't presume to try to give
instructions. They are available in several places with a Google query
on "chroot jail howto"

The advantage of this is that, should your "friend" manage to compromise
your firewalls and even get something into your system, he can't
"escalate privilege" to a "root" account, where he would have access to
anything (and to change anything) on the system. The "chroot jail"
doesn't allow any root usage. Ubuntu, actually, is also slightly safer
in that regard, as it does not, by default, have a root account with a
password that can be compromised. It's not there, so it can't be
compromised. Rather, it runs by whitelisting "allowed" users who can use
the "sudo" (superuser do) command. That command is logged, so any usage
by someone unexpected can be tracked as to time and files involved.

Hope that's helpful.

And yes, as pointed out, you can use an antivirus--I have ClamAV, which
updates "behind the scenes" with new definitions (via an updater called
"Freshclam"). You can run it from a cron job or from the gui with
ClamTK.

Burning music CDs is pretty easy. I tend to download files done with
lossless codecs (primarily .flac, which is a free lossless codec--the
result is like a slightly compressed .wav file). I use Gnomebaker, which
is readily available for Gnome, though the newer version of Ubuntu
(8.04) will be changing to one called Brasero, which I've also used. K3B
for the KDE desktop is even fancier. They're all pretty straightforward
and will do the conversion of my .flac files to CDDA on-the-fly in the
first pass, while they're generating a disk image, which they then burn
to the CD/DVD. I've used Nero and a couple of others on Windows and
these are every bit as good for my purposes, except they'll copy DVDs
correctly, which I never managed under Windows (could have been the
drive on my new Dell laptop and not Windows, but who knows?).