Security concerns

dennis180 · July 9, 2025, 12:26am

Before using Zorin to do personal business, banking ,bill paying ,taxes. Is there any security concerns, need malware virus apps downloaded, firewall turned on?New to Zorin os 17.3. I used widows for years ,never had any issues always kept malware and anti virus updated and current. Thanks in advance for any tips info, Dennis

DotWayton · July 9, 2025, 12:49am

Linux thankfully isn't a common target and requires different design for malware and viruses

and alot of its standard features,

Like entering a password to install programs,

Installing apps through the software store from trusted sources

Means Malware is very very rare and by using Linux and Zorin OS you have a very small attack surface (ways people can get you)

Turn on your firewall absolutely
Stick to software store for apps

You'll be safer then windows

chronosJ · July 9, 2025, 2:52am

Linux is not an impervious fortress. It has attack surfaces like python, ssh, etc. Like any OS, you are the biggest vulnerability. Turning on the firewall is absolutely something you should do, but security is a continuum, and there's always more you can do. For instance, are you turning the firewall on for a "Private" network (less secure) or a "Public" network (more secure, but harder to communicate between local computers on purpose).

Something else you can do is run primarily off of a non-admin user (use an admin for installing updates and main software).

Even if you install something like steam itself as an admin, running it as a normal gaming-only non-sudo user to install/play the games themselves with Linux's permission structure would prevent those games from even having a whiff of system level access or other user access.

Separate accounts for separate things keeps them safe from each other.

If you tried playing a malicious game through wine/proton and your bills/taxes were in a separate user, they would be inaccessible to the malware.

Your non-admin "games" user couldn't ransomware encrypt your non-admin "bills" user or vice versa. You could even have a "web-surfing" user.

At the same time, then you would have to switch users whenever you want to switch tasks. So, it's a trade-off.

You could also:

Turn off Sharing in the settings (and uninstall Remmina -- thanks for the spell check @swarfendor437 -- it's for sharing a session with remote desktop protocol -- RDP).
Disable ssh logins via user passwords in your sshconfig so you don't get brute force ssh attacked.
Disable IPv6 in your wifi settings (and on your router for that matter).
The very unpopular, intentional use of SecureBoot, and sign third party drivers and software (looking at you Nvidia and VMware) with machine operator keys (MOKs). Like it or not, bootkitty was a proof of concept for Linux targeted rootkits, but even secureboot is fallible/vulnerable, but basically requires having your computer physically to exploit.

There's always more you can do, but what's worth it to you?

swarfendor437 · July 9, 2025, 5:25am

Slight correction, it is Remmina, not Remira.

Just to add I never sign up to internet banking following a Which? report years ago where they discovered that the most secure banking app was 85% secure. I stick with telephone banking, refuse voice recognition, and have statements delivered in snail mail.

Whilst GNU/Linux is not susceptible to viruses which need an .exe (which is why I don't use WINE/Windows App Support), there is always a chance email might be carrying a virus which you wouldn't want to forward to a friend or relative still using Windows so you could setup ClamTK Anti-Virus to scan your emails. Additionally, Evolution email can utilise Spam filters such as Bogofilter.

Something that all computers are vulnerable to are Rootkits. These nasties hide themselves in the system and take control of your machine without you knowing in order to launch attacks on other systems. For protection, install rkhunter and chkrootkit. These are comnand line tools that you run in the Terminal. They look at the system for rootkits and report back. You need to be aware though that these programs take a snapshot of your system at point of when they get installed, so if you were to install more applications after first run you will get some false positives because it has determined changes to what the base snapshot holds. However there is a new rootkit on the block that cannot be detected called 'curing'. Rootkits depend on system calls to work, but curing does not need to use system calls and so cannot be picked up by the usual rootkit hunters.

The biggest security flaw of any system is P.I.C.N.I.C. (Problem In Chair Not In Computer). Being careful on Browser use and checking site authenticity will prevent you from ransomware attacks.

Additionally some applications that are wrapped inside tarballs can contain malware so the method to check I reproduced Blackwolf's guide (a moderator for the defunct Ultimate Edition Oz forum) in the Unofficial Manual for Zorin 15 and 17 Core.

Ponce-De-Leon · July 9, 2025, 1:10pm

Well, You can get attacked on Linux, too. It isn't so much in the Light like Windows but there are Threats out there.

What You can do:

Turn on the built-in Firewall
install rkhunter and chkrootkit (Terminal Tools) for Rootkit Detection
install clamav and clamtk (that is an Virus Scanner but not a Real-Time Security solution like You know it from Windows). It has not the best Detection Rates but at least something.
You can use Online Scanners like VirusTotal
And of Course be sceptic. Don't use random Commands what You find somewhere in the Internet. The same is for Software. Be careful what You download from where.

aisajib · July 9, 2025, 2:19pm

Quite happy to see that folks are saying that you can get attacked on a Linux machine, too.

People used to say Linux was impenetrable back in the day... That said, I've had a Windows (secondary) for years without any anti-virus or anti-malware program, and I've never had any issues.

As I like to say, you're the first line of defense. If you follow some very simple rules to protect your computer, you can keep it quite safe.

(I know it's not always possible, like if you're running a public computer where customers need to plug in their USB drives. In those cases, having security software can be beneficial. Even then, if you're using Linux at a print shop, chances are USB drives carrying viruses would be targeting Windows and be harmless to your device )

zabadabadoo · July 10, 2025, 3:21pm

Also do remember to backup, backup, backup your /home partition regularly, to a portable drive for safe keeping to enact disaster recovery.
If all else fails you can reinstall the OS and return your /home content without too much effort.

Sorro · July 10, 2025, 4:29pm

Exactly. Linux may not be a primary target for malware, but just because malware isn't common doesn't mean linux is invencible.

Just look at Android: it uses the Linux kernel and getting access to custom ROMs or root on some devices require going through security exploits (which also explains why older devices that haven't received security updates for years are the most common there).

No tech connected to the internet is 100% safe. But some are safer than others, and some are not widely used enough to be interesting to hackers with bad intentions. But like you say, the most effective antivirus is a well-informed user

dennis180 · July 11, 2025, 1:05am

Do you install rkhunter ckkroot clamav and clamtk from a website or is it found in settings.

Storm · July 11, 2025, 1:23am

It's available via apt command. Then you run them via the terminal. Though clam got a gui which can be found in software center. Note: Clam is notorious with false positive, so don't freak out if it comes up with something.

Ponce-De-Leon · July 11, 2025, 10:33am

You can install it directly in Zorin with sudo apt install clamav clamtk rkhunter chkrootkit

One Thing to clam: clamav is the Virus Scanner but only runs in Terminal. To have a GUI, You install clamtk. rkhunter and chkrootkit doesn't have a GUI. These would only run in the Terminal.