Security of Open Suse

Hi i was just wondering how secure my data is with open suse as windows has its firewalls that you can install and virus protections that make you feel safe when online i was wondering what does opensuse have and is more secure than windows thanks

Unlike Windows, OpenSUSE comes with a real firewall already integrated into the system. The windows-firewall is merely a package filter. The firewall is highly secure and configurable. You may also opt for a long user password that is not in the dictionary and a very long and possibly random password for root. You should as all systems backup your data regularly and it is advisable to use a different partition for /home (so it is easy to clone the whole partition). You can also encrypt your file system with OpenSUSE (also full disk encryption is available currently (for unknown reasons) only via LVM. This in case it is a laptop and it is stolen.
Unless you do not wish to protect a windows computer that is branched to a Unix machine there are no useful antivirus that can be installed for Linux…just because there are no viruses that exist for linux as of today and the very few malware creations (troyans and worms) do require in general the user to install them giving the authorization root on purpose. This is called “social engineering” since the users is tricked in by using his lack of preparation or naiveness.
If you do stick to the official community repositories your data is quite a lot safer than in windows.
What you could do else: use a journaling file system when you format your /home (this lowers the possibility of damage to the data in case of i.e. power-loss).
You can also activate apparmor to controll applications you trust less (pleas read the manuals!).

One source of data insecurity of Linux is yourself, is the fact that you loose track of what you have and you may be prone to duplication. This comes from the fact that you never have to reinstall the system (it just works) and this may be for about as two years (and if you have a separate home partition, it may be even as long as 5 or more years, you will never reinstall /home. As you never loose anything, you should keep you files in order, keep well track of versions and do not “let it go”, just to avoid that one day you think you throw away a duplicate and instead it is the most recent version of a document.

In firefox you shall use noscript to lower overall susceptibility to hypothetical first day exploits.
And last but not least: Linux may be at some risk (the userland not the root, generally) by the use of Adobe software. Acrobat-reader should be avoided if possible and if you have to use it (very rarely necessary) you shall care for all the updates for the frequent security problems it has. You may also consider to create an Apparmor profile for Acrobat-Reader and for Flash (which is another sad story).
Alternatives (often much better in use then Acrobat reader) are Okular, Kpdf just to name a few.
So relax, you data is safe because you are using Linux.

Don’t want to ask, what a “real” firewall is (although it might be fun to read an answer to that ;-)), but considering the following sentence

one must say, “wrong, I’m afraid”, because the SuSEfirewall2 does pretty much the same than the built-in windows firewall (at least the one on XP) as both are “just” packet filters.

OTOH this is in most cases more secure than any of those “personal firewalls” which simply lie about what they really can do to improve security and very often open up new potential security holes instead of improving security.

And BTW:

If a system is configured securely, a packet filter becomes obsolete, especially packet filters like SuSEfirewall2 or the XP Firewall

  • If you don’t want a service to be attacked, disable it

  • If you don’t need a certain service, disable it instead of putting a filter in front of it which blocks packets arriving at the respective port

  • If you need a certain service to be reachable from the outside, configure it securely as a packet filter can not really protect it (as long as you WANT it to be reachable)

“Funny” thing about the above statements is, they are independant of the underlying OS, but certainly a fresh install of openSUSE makes it a lot easier to have the amount of services a “normal desktop user needs” (= none) running on your system than a standard install of windows.

opensuse already comes with a pretty good firewall.

With both linux and Windows, the biggest risk today is the user doing something careless such as installing a keylogger or trojan. The risk is greater in Windows, mainly because most Windows users insist on logging in as an Administrator, while most linux users login only as a normal (limited) user.

Personally, I work from a limited user login both in linux and in Windows (except when installing software). And I don’t install software without some checking on the reputation of that software and the trustworthiness of the site from which I am installing. There are no guarantees of complete safety, but I believe my risk level is quite low on either linux or Windows. Oh, and I mainly use linux.

Good to know, I thought the Windows firewall was identical to a application specific package filter. You have to authorize program exceptions and it works more or less like the personal firewalls (like zone alarm) that I know still from the windows world. The Suse firewall is able to consider interfaces and therefore seemed to me more functional then the XP one…but still thanks for enlighten me.

As the setting of permission of a Unix system is quite complex and he did not seem to be an expert of configuration (and you can(!) damage really well the system through setting wrongly permissions…I thought well to refer to a standard setup system and the security that it granted compared to a Win system (lnk problems…). Still this raises the question why everything related to security like encryption or VPN have to be so difficult to configure in SuSE.

  • If you don’t want a service to be attacked, disable it

That would require a easily to understand documentation on the available services. Try to find a documentation on default groups activated in OpenSUSE and the effects of deactivating them (i.e. uuid, cdrom, etc). Not so straightforward. But the advice is excellent. Still, does he know, or is he supposed to know as a newbie all the services that he needs (or better not needs)?

“Funny” thing about the above statements is, they are independent of the underlying OS, but certainly a fresh install of openSUSE makes it a lot easier to have the amount of services a “normal desktop user needs” (= none) running on your system than a standard install of windows.

Irony is a subtle flower, I see that you did get its nuances on the fly…