In these interconnected times the use of computer security tools in Linux is as essential as in Windows and other operating systems. It does not matter if we are individual users or part of the network of a large corporation.
At previous article we had started listing the reasons why you should use security tools. In this post we will continue with the theme.
Reasons for using security tools.
Protection of privacy and personal data.
I don't remember the exact date, but the case was quite shocking. A 17-year-old Paraguayan teenager was kidnapped for a year until the ransom was paid. The idea of kidnapping him arose from the theft of the parents' computer that contained an Excel spreadsheet detailing the money received and the bank accounts in which they were deposited.
Of course it is an extreme case, but illustrates the importance of ensuring the confidentiality of personal data and other content that we do not want made public. It doesn't happen so much now, but at one time the theft of intimate photos from mobile phones was very common.
Prevention of data breaches
If we use our computer for professional activities, we surely have important information about our clients. En el 2018 the law firm Panamanian Mossack Fonseca suffered the theft of sensitive information from its clients that was published in newspapers around the world. Apparently the security breach was in a plugin of the content manager used by the company's website.
Beware of phishing attacks and social engineering
While malware is based on exploiting technical weaknesses, both phishing and social engineering seek to exploit human weaknesses in order to obtain sensitive information.
Phishing
This form of cyberattack consists of impersonating a trusted entity (For example, a bank website) in order to obtain critical data such as usernames, passwords or financial information.
The most common method of phishing is email, although phone calls (vishing) or text messages (smishing) are also commonly used.
Social engineering
Social engineering includes various psychological techniques of manipulating people. The goal is to gain unauthorized access or critical information. People are sought to take certain actions or disclose information that they would not willingly share. These types of attacks can take different forms, such as impersonating someone you trust, exploiting respect for authority, creating a sense of fear or urgency, or using methods of persuasion. Like phishing, these types of attacks are carried out through different channels, such as interpersonal interactions, telephone calls, emails or instant messages.
Is Linux more secure than Windows?
Twenty years ago, we Linux users liked to believe that we were less vulnerable to attack than those who used Windows. However, in recent years we have had to revise that opinion.
At that time, Linux users had more knowledge than the average computer user, in addition to the relatively low market share, there was no interest on the part of computer criminals in creating malicious software. However, as its use spreads in the corporate market and the appearance of more user-friendly distributions. Those advantages were disappearing.
The theoretical advantage of open source code didn't help much in practice either. It is true that some projects like the Linux kernel have many users supervising each line, but there are other components that, despite being widely used, do not receive the same attention.
Another point in favor of Linux, the fact that users are granted limited privileges by default, can be overridden by the action of a root or administrator user who doesn't know what he's doing.
It also doesn't help much if the responsible user doesn't install updates as they are released.