I used to use Linode for just about everything, but when Akamai bought them and doubled the prices, it made me finally bite the bullet and build a system for colocation.
I have my laptop encrypted but not my desktop, mainly due to the fact that it would take SIGNIFICANTLY more effort to get to my desktop's drives than just snagging my laptop in public
I feel like as a community, we need to talk more about tools like Selinux. I know it's not the sexiest thing to talk about but there is a lot of power and extensibility. I think the part that keeps most folks away is the learning curve.
@i2Sage SELinux is "Security Enhanced Linux". I don't know much about it aside from it being good for security, but from a quick glance at the results of the iOS "Look Up" feature's Wikipedia result, it does appear to be similar (but a little different I think), if not perhaps more powerful due to being able to be fine-grained.
It's probably the fact that Linux arguably has no real security model to speak of. It doesn't need one, because nobody's making viruses for stock Linux and anyone who uses it for mission critical stuff gets it hardened. But it isn't hardened by default. At least that's what I've heard people say.
@i2Sage Android, in and of itself, is a sandboxed and customized version of Linux. SELINUX (security enhanced Linux) is a Framework that provides advanced sandboxing capabilities for standard Linux OSes. There are other Sandboxing tools for Linux like Firejail and AppArmor. FireJail would probably be the most Safety Net like of the bunch.
Librewolf does more than just changing your default search engine. They change the config files. Canvas resizing for example changes the size of your screen. Really needed if you have a screen with a resolution that's not common. I'm not sure but I think they also report that you are on windows by default. Anyways, those are all things that Firefox can do because librewolf is just Firefox but it would take forever to make those edits.
something that's worth mentioning if you've got a laptop is usbguard. Prevents usb devices from functioning until you manually whitelist them. Fantastic if you're in an environment where you're required to move around (you'd also ideally be able to lock your laptop, but when you're presenting that's not always possible). Great for universities and schools!
For the record: Portmaster's SPN and Tor may share some properties, they are definitely quite different Specifically: With Tor you usually use the same chain for each request (within the same Tor-connection), and the chain is longer than 2, with SPN (as I understand it) you use different routes per request, but always with a 'chain' of just 2
Nice video. My suggestions: 1) The biggest security tool (after knowledge and caution 😉) is selinux in enforcing mode, and I think it is not mentioned here. 2) Update everything often. I do it every day with one click. 3) Don't install software from not trusted sources. 4) Don't give your user the permission to run software as "root", unless you know what you are doing. Become root instead, when needed. 5) 05:20 "virus ... can access your linux system entirely". That's not exact. They can access what the user which runs it can access. Therefore nothing that can be accessed only by another user, be it "root" or another. It is also noteworthy that a malware which targets Windows, has no effect on linux. To have effect, it should be a malware which runs via wine *and* it targets linux.
Long term the solution for most convenient encryption is homed (from systemd). You can store and encrypt your whole home directory per user inside a file. This file can be moved between devices but only accessed with the users password. The advantage is that it supports using the password from login to decrypt during login. So you don't need multiple passwords on boot/startup. Also this makes a lot of sense for multi-user setups which would weaken a LUKS partition with one password to share.
now THAT is a great browser recommendation segment! Told everyone about the tracking, explained a proper chromium alternative BUT also mention the monopoly of google.
At 10:09 VPNs.... He should have mentioned that VPN users should check the legality of using a VPN in their area. Currently, vpns illegal in Russia, Iran, China, last I heard India. Pakistan, Vietnam, and Thailand might also have restrictions on them. Since China and India combined has nearly 40% human population, there is a significant number of people that cannot use them....
In china using vpn is legal just selling vpn is not. Because vpn is necessary for foreigner companies to work in china and for a lot of students... Yeah the Chinese government don't like people to use foreigner websites but it is not illegal in china of someone using it after someone got vpn access outside china.
I really like this video as the one about your workspace with Fedora. Always interesting to see how we can improve how we use Linux. Thanks a lot for sharing.
Thanks for the brilliant video Nick. Contemplating on moving back to Linux after a hiatus of many years (because of being forced into using Windows in the corporate environment). Found several new tools that I didn't know existed, Portmaster being one! You've got a new subscriber!
The issue with opt in telemetry is that it provides a very distorted view of user behavior. Only people who check the settings and want telemetry will turn it on. That's such a small and restricted sample. It's much more important what is shared than if it is shared by default or not.
@hello Opt-out is still a choice, no? I think FF does this very well, if you consider that opt-in heavily reduces the usefulness of the collected data. They tell you very prominently that they are collecting some data, and where to turn it off.
@hello No? How did you read that from my comment? I'm just saying that if you want to get high quality telemetry data your average user must have telemetry turned on. This is neither a case for telemetry, nor one against it. It's simply a fact. Your average user won't fiddle with the settings. Even without any telemetry you can still improve your product - based on Github Issues and angry mails sent your way - but that simply won't reflect the usage patterns of your average user.
It'll wear it out. Better option is often the SSD's inbuilt "secure erase" facility, assuming your BIOS allows it or just *one* pass with: dd if=/dev/urandom of=/dev/your_ssd bs=4096k conv=fdatasync Followed by mkfs & fstrim.
@@loc4725 Yeah but it reduces your device's lifespan and more importantly it is very unpractical as you need to erase the WHOLE disk even if you wanted to destroy one file.
@@goku445 Well deleting one file on an SSD will usually just cause those pages to be marked 'free' with the hope that they will later be purged by a subsequent trim() operation. They are still there and in theory could still be recovered. That said encrypting the drive works but but you _cannot_ just wipe the key; like the above the page containing it will remain until trimmed. To ensure and proper ease you'd have to either write so much data to the device that it runs out of spare pages and forces it to a trim or use the _secure erase_ feature (BIOS permitting), which hopefully will only erase the dirty pages.
It would be cool to see you review a Framework laptop, as they're basically open source hardware, so I would assume they're very compatible with Linux, but it would be nice to have confirmation.
As a Framework owner I can say it’s generally a good experience. Only problem is that its screen is very high res , which means fractional scaling is preferred for an optimal experience, but on GNOME you’ll either have to deal with screen tearing or blurry XWayland apps. I personally wouldn’t recommend it if you use GNOME, but if you’re more of a KDE or WM person, it’ll work great.
@@constancies I had a similar experience with an old ThinkPad W550S back in 2015 or 2016, and ended up selling it to buy a MacBook hoping I’d have less issues. I prefer KDE but they really ought to fix that, fractional scaling is such a basic thing.
I love full disk encryption but god damn it's so hard to troubleshoot a Linux install when the drive is encrypted; if only somebody could make it easier... 😅
Plasma by now comes with something like flatseal... if the used distro has updated packages. My issue with flatseal is mainly that for a normal user, various descriptions just make downright no sense. Otherwise your list is great, Nick!
As the vast majority of systems have SSDs now, "shredding" files does not work. Encryption is your best friend, as well as ensuring TRIM is executed regularly and hoping it is correctly implemented. I personally have a ton of ram, encrypted swap file, mount /tmp as tmpfs, and mount an addition temp space in my home folder as tmpfs. I have tens of gigabytes of in-memory storage for things that do not have to be saved. You can symlink a bunch of work folders from various apps to this space and end up not crowding tons of subfolders with crap.
Can I add usbguard (and usbguard-notifier) to the list? It protects you from sneaky malware filled USB drives or other Bad USB devices slipped into your ports. A must have for anyone who works for a company that may be actively targeted for hacks (banks, infra, govt, etc)
I've been using Zorinn for a half a year, and it's been great. The district on the website is old enough, but it updates the system regularly. I would revise that decision of yours
doesn't ecosia use bing as search engine? Besides the crappy results - last time I checked the environmental footprint of bing servers was worse than googles and ecosia planting trees could not mitigate that. Ecosias idea paired with real privacy and servers that don't waste the trees again would be great.
I enjoy your videos Nick, which cover really useful stuff. Having just had a warranty anulled on my HP for having installed exotic software, (i.e. Linux), I am wondering whether it will soon be necessary to tux up. Geekom assure me that they are not Linux-phobic. For portmaster on Fedora, it is necessary to make it play nice with Selinux I do a cron job system update that runs every time I turn on. Will definitely be exploring these tools you mention.
Portmaster isn't available on flathub or from the apt repo on ubuntu, at least not on 22.04. For a long time, Ubuntu/Mint has come with a builtin firewall frontend to ufw. ufw is easy to use, especially if you want to quickly enable the must have security settings: block incoming. Adding exceptions is also a breeze. I'm used to manage it from the command line, but the frontend seems intuitive enough. Some people will tell you you don't need a firewall because you're behind a router. You should not take advice from people who discourage you from such simple security measures that have you covered if your wifi gets hacked, or if visitors frequently use your main LAN, or if you take your computer to other locations.
8:33 if you have an application that you don't trust some of it's internet connection... should the application not be on your computer in the first place?
Hello, first a big thank you for your videos! really informative and useful. I have installed portmaster and find it very good, my question which is probably a stupid one is do I keep GUFW firewall now or remove it. Regards Phil
Oh my, Nick, why would you feel the need to scan those Warhammer novels you surely aquired from the reliable and fairly priced Black Library? But back to Wine, wouldn't deleting the Z: folder that links to your /home directory and restricting Lutris/Steam to a dedicated folder with Flatseal solve most security concerns?
The worse part is, I actually bought most of not all of them 😂 I think it would help, yeah. As long as the app that runs Wine is sandboxed, you’re probably relatively safe, apart from what the virus might access while the program is running
read how flatpak works. pretty neat system. my worries about every tiny app taking 2 gig hard dist were put to rest. no more nightmares when this guy is talking about flatpaks.
I just installed ClamTK using Discover on MX Linux KDE but it doesn't appear in any menu and there's no search result for it. Maybe it will show up when I reboot the system. Anyone else had any problems after installing it?
Just a quick question: I’m thinking of downloading ClamAV, Portmaster, and most likely Flatseal. But I wanna double check with you to see if Having all that software together will mess everything up? Like would the security from Portmaster clash with the security of ClamAV? I know Clam is antivirus software, and Portmaster is firewall and network monitoring software, but would they interfere with each other? Same with Flatseal if I add that to my system too?
If you want to encrypt your files like documents or pictures, I can suggest cryptomator. It works on both Linux and windows and is open source. That way if you store your personal files on a separate partition you can open them on both Linux and windows.
hey nick can you make a guide on OBS and how to setup on Linux , the reason im asking is because it is very easy to set up OBS but on linux we dont have a good encoder FFMEG is the default but GloriousEggroll suggested Gstreamer-VAAPI and that works to some extent but when recording a video / game the gpu usage goes 100% all time even when nothing demanding is happening , its a pain to record at 720p30 , going any higher means the gpu usage goes 100% and will slow down the system , even with an RX 570 :(
clam always tells me it's outdated, and it never scans what i tell it. i have ticked the right options, and looked at tutorials, haven't gotten it to work :( other than that, thanks for all of the really good suggestions!
My honest advice: dont use clam. I played with clamAV engine, its signature, ... More than a year and i can tell it's not strong enough against malwares. (No disrespect to clam team. They are cool guys providing clam for free)
Clam is probably worse than not having anything in the first place because as far as I know its detection rates are quite low and that can give the user a false sense of security.
@@dmknght8946 yea, that's the thing, it always says the signature is outdated even after updating. I don't typically download things, but on the off chance i do, I would want something to check.
yeah as in malware scanner (which is the actual job of current clamav, it supports only hash checking and pattern matching (a lot of ClamAV old signatures depends on hashes. I meant if anybody compare ClamAV with Yara, Yara has more techniques to detect malware (or binaries in general) than ClamAV. As a AV, ClamAV doesn't have process scan (or memory scan- last time i check). It doesn't have syscall / function call hook checking either. And the most important thing, IMO, is the emulator to detect packed, encrypted malware. Overall, ClamAV is the only truly open source AntiVirus engine out there. But it's not enough to defend user against malware, especially modern malware.
I tried full disk encryption on openSUSE, but was frustrated by the double entry of the encryption password during boot. I ended up only encrypting the home directory using the guided setup. Not the up to the level of Fedora or Ubuntu, but at least my personal data is encrypted at rest.
You can embed a keyfile in your initramfs so you don't have to enter your password twice. I've set mine up where I don't even need a password to boot/decrypt partitions, I just use a fido2 key. Compared to yubikeys, hyperfido's fido2 key is a fraction of the cost ($25AUD or $17ish USD) and works perfectly. If you wanna have another go at trying to encrypt your OS again, I can walk you through the process to get everything setup the way you'd like. I can run you through the setup on a VM so you can get comfortable with the process before you attempt it on your harddrive(s).
I am a Plasmazoider🤪, and KDE Vaults sure is handy.✋👌✌🤟🤘👍👏 I always wanted to build in a two or three tone bomb into my PC, so that if someone steels it and makes the wrong move it self destructs, along with the thief and half his neighborhood!
Get 100$ credit for your own Linux and gaming server: www.linode.com/linuxexperiment
I used to use Linode for just about everything, but when Akamai bought them and doubled the prices, it made me finally bite the bullet and build a system for colocation.
I'm usually paranoid when it comes to privacy and security, but that's one thing I forgot to do is encrypt my hard drive.
I always forget about it too!
I honestly skipped it on my latest install because my luks mapper broke suddenly on my last install for some mysterious reason 😅
Everyone should be. Our freedom depends on it.
I have my laptop encrypted but not my desktop, mainly due to the fact that it would take SIGNIFICANTLY more effort to get to my desktop's drives than just snagging my laptop in public
Same, but then again I use arch btw and fear that I'll have to do some system maintenance from a chroot and need to mount the FS externally
I feel like as a community, we need to talk more about tools like Selinux. I know it's not the sexiest thing to talk about but there is a lot of power and extensibility. I think the part that keeps most folks away is the learning curve.
@i2Sage SELinux is "Security Enhanced Linux". I don't know much about it aside from it being good for security, but from a quick glance at the results of the iOS "Look Up" feature's Wikipedia result, it does appear to be similar (but a little different I think), if not perhaps more powerful due to being able to be fine-grained.
It's probably the fact that Linux arguably has no real security model to speak of. It doesn't need one, because nobody's making viruses for stock Linux and anyone who uses it for mission critical stuff gets it hardened. But it isn't hardened by default. At least that's what I've heard people say.
@i2Sage Android, in and of itself, is a sandboxed and customized version of Linux. SELINUX (security enhanced Linux) is a Framework that provides advanced sandboxing capabilities for standard Linux OSes. There are other Sandboxing tools for Linux like Firejail and AppArmor. FireJail would probably be the most Safety Net like of the bunch.
Librewolf does more than just changing your default search engine. They change the config files. Canvas resizing for example changes the size of your screen. Really needed if you have a screen with a resolution that's not common. I'm not sure but I think they also report that you are on windows by default. Anyways, those are all things that Firefox can do because librewolf is just Firefox but it would take forever to make those edits.
Again, you always have at least one or 2 programs in these things that I've never heard of, but are super useful. Thanks
Thanks, glad it helped!
Wine works so well, it will even run windows viruses.
something that's worth mentioning if you've got a laptop is usbguard. Prevents usb devices from functioning until you manually whitelist them. Fantastic if you're in an environment where you're required to move around (you'd also ideally be able to lock your laptop, but when you're presenting that's not always possible). Great for universities and schools!
For the record: Portmaster's SPN and Tor may share some properties, they are definitely quite different
Specifically: With Tor you usually use the same chain for each request (within the same Tor-connection), and the chain is longer than 2, with SPN (as I understand it) you use different routes per request, but always with a 'chain' of just 2
The chain is somewhat cusomisable, if I recall correctly you have a toggle for speed/security/middle
Nice video.
My suggestions:
1)
The biggest security tool (after knowledge and caution 😉) is selinux in enforcing mode, and I think it is not mentioned here.
2)
Update everything often. I do it every day with one click.
3)
Don't install software from not trusted sources.
4)
Don't give your user the permission to run software as "root", unless you know what you are doing.
Become root instead, when needed.
5)
05:20 "virus ... can access your linux system entirely".
That's not exact.
They can access what the user which runs it can access.
Therefore nothing that can be accessed only by another user, be it "root" or another.
It is also noteworthy that a malware which targets Windows, has no effect on linux.
To have effect, it should be a malware which runs via wine *and* it targets linux.
Long term the solution for most convenient encryption is homed (from systemd). You can store and encrypt your whole home directory per user inside a file. This file can be moved between devices but only accessed with the users password. The advantage is that it supports using the password from login to decrypt during login. So you don't need multiple passwords on boot/startup. Also this makes a lot of sense for multi-user setups which would weaken a LUKS partition with one password to share.
Thank you Nick 💜💜💜 Please do a video where the default security apps are configured such as AppArmor, UFW and SELinux 🙏🙏🙏
I might do a guide on hardening Linux later!
@@TheLinuxEXP oh please do
Great video. I really love privacy and security content. You present the tools in a way everyone can understand. Thanks.
Glad you like the video!
now THAT is a great browser recommendation segment!
Told everyone about the tracking, explained a proper chromium alternative BUT also mention the monopoly of google.
At 10:09
VPNs....
He should have mentioned that VPN users should check the legality of using a VPN in their area. Currently, vpns illegal in Russia, Iran, China, last I heard India. Pakistan, Vietnam, and Thailand might also have restrictions on them. Since China and India combined has nearly 40% human population, there is a significant number of people that cannot use them....
In china using vpn is legal just selling vpn is not. Because vpn is necessary for foreigner companies to work in china and for a lot of students... Yeah the Chinese government don't like people to use foreigner websites but it is not illegal in china of someone using it after someone got vpn access outside china.
@@Tofu3435
That is a loophole that I did not know of....
As we grow, this will be a more and more important topic. Tnx, mate. Infotained as usual.
Thanks for putting together this list. Looking forward to looking through some of these tools.
Was literally just about to look into Linux security. What timing!
Excellent!
Always have been a big fan of AV solutions that capture viruses on the fly rather then by doing scans.
I really like this video as the one about your workspace with Fedora. Always interesting to see how we can improve how we use Linux.
Thanks a lot for sharing.
Glad it was helpful!
As I begin my Linux journey, this channel has been invaluable! I’m glad I found it
USBguard is an extra security step, if you can handle the annoyance.
Great video, Nick!
1:41😂😂
The cat is pawsome!😊🐈
Thanks for the brilliant video Nick. Contemplating on moving back to Linux after a hiatus of many years (because of being forced into using Windows in the corporate environment). Found several new tools that I didn't know existed, Portmaster being one! You've got a new subscriber!
Nice collection. Thanks for creating this one.
These types of videos are super helpful I always learn something new even if I knew some of these apps. Thanks!
The issue with opt in telemetry is that it provides a very distorted view of user behavior. Only people who check the settings and want telemetry will turn it on. That's such a small and restricted sample.
It's much more important what is shared than if it is shared by default or not.
@@hello-iw9pdi missed the part where he talked about not giving the users choice
@hello Opt-out is still a choice, no? I think FF does this very well, if you consider that opt-in heavily reduces the usefulness of the collected data. They tell you very prominently that they are collecting some data, and where to turn it off.
@hello No? How did you read that from my comment?
I'm just saying that if you want to get high quality telemetry data your average user must have telemetry turned on. This is neither a case for telemetry, nor one against it. It's simply a fact. Your average user won't fiddle with the settings.
Even without any telemetry you can still improve your product - based on Github Issues and angry mails sent your way - but that simply won't reflect the usage patterns of your average user.
Lol, "It won't shout at you in the middle of the night it's updated" ... I sense some Avast trauma's there XD
Oh yeah 😂
Super content, i was looking for such programs
Very good and needed video....thanks
Another great video and some useful tools/apps in my journey through linux!
Thanks Nick, for another great video!
While good start, the ultimate secure OS is obviously templeOS.
Actually CubeOS if you manage to make it work
Note that shred isn't effective on SSD like it is on mechanical hard drives.
It'll wear it out.
Better option is often the SSD's inbuilt "secure erase" facility, assuming your BIOS allows it or just *one* pass with:
dd if=/dev/urandom of=/dev/your_ssd bs=4096k conv=fdatasync
Followed by mkfs & fstrim.
What's the alternative?
@@loc4725 Yeah but it reduces your device's lifespan and more importantly it is very unpractical as you need to erase the WHOLE disk even if you wanted to destroy one file.
@@deloller2452 Full encryption. There is no alternative that I know of.
@@goku445 Well deleting one file on an SSD will usually just cause those pages to be marked 'free' with the hope that they will later be purged by a subsequent trim() operation. They are still there and in theory could still be recovered.
That said encrypting the drive works but but you _cannot_ just wipe the key; like the above the page containing it will remain until trimmed. To ensure and proper ease you'd have to either write so much data to the device that it runs out of spare pages and forces it to a trim or use the _secure erase_ feature (BIOS permitting), which hopefully will only erase the dirty pages.
Super useful information. Thank you. I will try many of them.
It would be cool to see you review a Framework laptop, as they're basically open source hardware, so I would assume they're very compatible with Linux, but it would be nice to have confirmation.
As a Framework owner I can say it’s generally a good experience. Only problem is that its screen is very high res , which means fractional scaling is preferred for an optimal experience, but on GNOME you’ll either have to deal with screen tearing or blurry XWayland apps. I personally wouldn’t recommend it if you use GNOME, but if you’re more of a KDE or WM person, it’ll work great.
@@constancies I had a similar experience with an old ThinkPad W550S back in 2015 or 2016, and ended up selling it to buy a MacBook hoping I’d have less issues. I prefer KDE but they really ought to fix that, fractional scaling is such a basic thing.
Merci!
Great video as always Nick
This channel is a goldmine!
Great tips for Linux users! Thank you very much 💪🏻
5:08 Will be helpful :)
I love full disk encryption but god damn it's so hard to troubleshoot a Linux install when the drive is encrypted; if only somebody could make it easier... 😅
This info is incredible. My respects. Thank you.
Plasma by now comes with something like flatseal... if the used distro has updated packages.
My issue with flatseal is mainly that for a normal user, various descriptions just make downright no sense.
Otherwise your list is great, Nick!
True. But it bears reminding that elementaryOS had something like than even before Flatseal got famous.
As the vast majority of systems have SSDs now, "shredding" files does not work. Encryption is your best friend, as well as ensuring TRIM is executed regularly and hoping it is correctly implemented.
I personally have a ton of ram, encrypted swap file, mount /tmp as tmpfs, and mount an addition temp space in my home folder as tmpfs. I have tens of gigabytes of in-memory storage for things that do not have to be saved. You can symlink a bunch of work folders from various apps to this space and end up not crowding tons of subfolders with crap.
As always writing a comment to support the channel
Can I add usbguard (and usbguard-notifier) to the list? It protects you from sneaky malware filled USB drives or other Bad USB devices slipped into your ports. A must have for anyone who works for a company that may be actively targeted for hacks (banks, infra, govt, etc)
I've been using Zorinn for a half a year, and it's been great. The district on the website is old enough, but it updates the system regularly. I would revise that decision of yours
Thanks, a very helpful intro!
Thanks!
Ah a fellow Ecosia enjoyer I see ^_^
For max privacy you have to use a new device that has never had its ID seen on the internet with any assocation to you.
Very very cool i will definitely try them
Really like this video!
Thanks!
Super interesting, thanks !
Instead of firejail or firetools, I'd recommend bwrap. It's command line and it's what flatpak uses underneath.
doesn't ecosia use bing as search engine? Besides the crappy results - last time I checked the environmental footprint of bing servers was worse than googles and ecosia planting trees could not mitigate that. Ecosias idea paired with real privacy and servers that don't waste the trees again would be great.
also i would say replace librewolf for the mullvad browers it is like the tor browser without tor
Useful, thank you!
Great video but i wonder if Portmaster actually works on Debian and if it's better than firewalls like ufw or firewalld ?
I enjoy your videos Nick, which cover really useful stuff. Having just had a warranty anulled on my HP for having installed exotic software, (i.e. Linux), I am wondering whether it will soon be necessary to tux up. Geekom assure me that they are not Linux-phobic. For portmaster on Fedora, it is necessary to make it play nice with Selinux
I do a cron job system update that runs every time I turn on. Will definitely be exploring these tools you mention.
Wow, this is a great of apps. I didn't even know some of these existed.
Title: APPS & TOOLS
My brain: APRIL FOOLS
Me: Kinda late huh?
Encrypted /home here 😊
What about enabling firewall with gufw?
Nice one, thanks!
Portmaster isn't available on flathub or from the apt repo on ubuntu, at least not on 22.04. For a long time, Ubuntu/Mint has come with a builtin firewall frontend to ufw. ufw is easy to use, especially if you want to quickly enable the must have security settings: block incoming. Adding exceptions is also a breeze. I'm used to manage it from the command line, but the frontend seems intuitive enough.
Some people will tell you you don't need a firewall because you're behind a router. You should not take advice from people who discourage you from such simple security measures that have you covered if your wifi gets hacked, or if visitors frequently use your main LAN, or if you take your computer to other locations.
This video was really helpful! Any suggestions for software/tools which can backup and rollback Linux if needed? Thank you.
Time shift!
Can someone go into more detail about blurring being easy to unblur?
Basically a Gaussian blur just “smears” pixels in a certain direction, and it’s easy to determine the direction and strength and undo it
8:33 if you have an application that you don't trust some of it's internet connection... should the application not be on your computer in the first place?
for tail is persistent not the wrong word because for me it means that all my data is saved even when i unplug it
7:28 No Opensnitch firewall
9:00 Mullvad VPN
11:08 No Ungoogled Chromium
Hello, first a big thank you for your videos! really informative and useful. I have installed portmaster and find it very good, my question which is probably a stupid one is do I keep GUFW firewall now or remove it. Regards Phil
Oh my, Nick, why would you feel the need to scan those Warhammer novels you surely aquired from the reliable and fairly priced Black Library? But back to Wine, wouldn't deleting the Z: folder that links to your /home directory and restricting Lutris/Steam to a dedicated folder with Flatseal solve most security concerns?
The worse part is, I actually bought most of not all of them 😂
I think it would help, yeah. As long as the app that runs Wine is sandboxed, you’re probably relatively safe, apart from what the virus might access while the program is running
read how flatpak works. pretty neat system. my worries about every tiny app taking 2 gig hard dist were put to rest. no more nightmares when this guy is talking about flatpaks.
LOL it won't wake you up in the middle of the night 🤣😂
Anyone who used Avast knows
3:29 we will tell him about Veracrypt?
Thank you for your video! What do you think about Self Encrypted Drives (SED)?
Thanks Man 💓
good video buddy - thx
Must see video
I just installed ClamTK using Discover on MX Linux KDE but it doesn't appear in any menu and there's no search result for it. Maybe it will show up when I reboot the system. Anyone else had any problems after installing it?
I would tout gocryptfs instead of ecryptutils for file system encryption.
Nothing about a stand alone in and out fire wall. UF is not uncomplicated.
Just a quick question:
I’m thinking of downloading ClamAV, Portmaster, and most likely Flatseal. But I wanna double check with you to see if Having all that software together will mess everything up?
Like would the security from Portmaster clash with the security of ClamAV?
I know Clam is antivirus software, and Portmaster is firewall and network monitoring software, but would they interfere with each other?
Same with Flatseal if I add that to my system too?
Hi 🎉
How does encrypting the hard drive work together with dual booting *sigh* windows?
Shouldn’t have an impact, you’ll just encrypt the Linux partitions
If you want to encrypt your files like documents or pictures, I can suggest cryptomator. It works on both Linux and windows and is open source. That way if you store your personal files on a separate partition you can open them on both Linux and windows.
14:49 macbook killer
Is Brave search worth using privacy wise as it is the default search engine on the Brave browser?
Sadly my library doesn't allow anyone to use USB or external harddrives while they use the computers. I guess it's a safe measure.
hey nick can you make a guide on OBS and how to setup on Linux , the reason im asking is because it is very easy to set up OBS but on linux we dont have a good encoder FFMEG is the default but GloriousEggroll suggested Gstreamer-VAAPI and that works to some extent but when recording a video / game the gpu usage goes 100% all time even when nothing demanding is happening , its a pain to record at 720p30 , going any higher means the gpu usage goes 100% and will slow down the system , even with an RX 570 :(
I can look into it, but I personally only use NVENC with my nvidia GPUs, it is unparalleled
clam always tells me it's outdated, and it never scans what i tell it. i have ticked the right options, and looked at tutorials, haven't gotten it to work :( other than that, thanks for all of the really good suggestions!
My honest advice: dont use clam. I played with clamAV engine, its signature, ... More than a year and i can tell it's not strong enough against malwares. (No disrespect to clam team. They are cool guys providing clam for free)
Clam is probably worse than not having anything in the first place because as far as I know its detection rates are quite low and that can give the user a false sense of security.
@@Komatik_ ok, that makes me feel a little better
@@dmknght8946 yea, that's the thing, it always says the signature is outdated even after updating. I don't typically download things, but on the off chance i do, I would want something to check.
yeah as in malware scanner (which is the actual job of current clamav, it supports only hash checking and pattern matching (a lot of ClamAV old signatures depends on hashes. I meant if anybody compare ClamAV with Yara, Yara has more techniques to detect malware (or binaries in general) than ClamAV. As a AV, ClamAV doesn't have process scan (or memory scan- last time i check). It doesn't have syscall / function call hook checking either. And the most important thing, IMO, is the emulator to detect packed, encrypted malware.
Overall, ClamAV is the only truly open source AntiVirus engine out there. But it's not enough to defend user against malware, especially modern malware.
The problem with Librewolf and other Firefox forks is that they can be days behind on security patches. Not worth it imo.
Hi, do you have a link for the obfuscate program? Thanks in advance.
It’s on Flathub!
Still looking for a tool capable of encrypt a folder easily and that works with Linux and Windows.
Make a hardenning linux video!
Probably later!
You forgot to mention Cryptomator 😁😁😁😁
I tried full disk encryption on openSUSE, but was frustrated by the double entry of the encryption password during boot. I ended up only encrypting the home directory using the guided setup. Not the up to the level of Fedora or Ubuntu, but at least my personal data is encrypted at rest.
You can embed a keyfile in your initramfs so you don't have to enter your password twice. I've set mine up where I don't even need a password to boot/decrypt partitions, I just use a fido2 key. Compared to yubikeys, hyperfido's fido2 key is a fraction of the cost ($25AUD or $17ish USD) and works perfectly. If you wanna have another go at trying to encrypt your OS again, I can walk you through the process to get everything setup the way you'd like. I can run you through the setup on a VM so you can get comfortable with the process before you attempt it on your harddrive(s).
I am a Plasmazoider🤪, and KDE Vaults sure is handy.✋👌✌🤟🤘👍👏 I always wanted to build in a two or three tone bomb into my PC, so that if someone steels it and makes the wrong move it self destructs, along with the thief and half his neighborhood!
Is it possibile to encrypt a specific folder, making it possible to open it only with a password in GNOME?
You can compress a folder with a password on GNOME, but the regular folder, that I do not know.