Hi everybody!
I have recently shifted from Windows 10 to Ubuntu MATE, and I find it really convenient and well-designed.
Since I use my computer for email, home banking etc., I would like to know if it’s completely safe to use software like aMule and similar to download music, ebooks etc. on Ubuntu.
On Windows 10 I kept aMule and uTorrent on a virtual machine for security reasons.
Do you think I can install them on my main operating system now? Is there any risk?
Thank you in advance.
M.
I normally use Qbittorrent. I highly recommend it. Though, I should say, I have a had a bit of bother getting it installed on my latest 16.04 installation. So, at the moment, I am using the on-board p2p client which is Transmission. This is also a fine torrent client.
Depending on your torrent traffic, you might want to invest in a VPN. I use Airvpn
[quote=“Mario.R, post:1, topic:13039”]On Windows 10 I kept aMule and uTorrent on a virtual machine for security reasons.[/quote]You could simply do the same thing now, on Ubuntu MATE. If you feel the need to, that is.
However, I should point out that typically speaking, there is fairly little security risk involved. If anything, there is a privacy risk involved in using P2P, not a security risk. Few, if any, P2P applications allow a connected peer to do anything other than receive a transmission from you.
Normally, it is impossible for connected peers to break out and do other things on your PC.
Additionally, Linux itself typically is more secure than Windows. Even on a low level it is designed with a more strict permission system than Windows is.
So, to answer your question:
Peer-to-peer file sharing: is it safe on Ubuntu?
Yes, it is.
The more accurate question:
Peer-to-peer file sharing: is it private on Ubuntu?
As private as you make it. As suggested, use a VPN.
Thank you very much for your replies.
Since I’m not a computer expert, I apologize for asking trivial questions, but I am here to learn. As far as I know, the main risk with eMule on Microsoft Windows was about downloading viruses that could steal my data.
Is there any risk of this kind with Ubuntu? Is it safe to have an excel spreadsheet with my passwords saved in my home folder, and run eMule to download music, ebooks etc.? Is it safer to use a VPN, or just more private?
Thank you again.
Cordially,
M.
Your questions are not trivial if you don’t understand something and need answers. So, don’t worry about asking them, people here are happy to help, if they can.
As 1Q7FE6zp said, it is primarily about privacy as opposed to security. That is to say, the act of downloading via a bittorrent client in Linux is not a security issue in itself. The file you may have downloaded, however, could have security issues inherent in it. But, this would be an issue with the file, not bit-torrenting. In other words, it is the same issue as would be the case with any other file, however you obtained it.
The issue of viruses you mentioned is very low risk as compared to Windows. Viruses do exist, however. In which case, you could always belt and brace your system with a Linux anti-virus application. The most popular is ClamAV. See below for how to install it:
The main issue, though, is one of privacy. Your ISP can usually see what you are downloading as can, I presume, the seeds who are providing the file. In the event of downloading pirate media this can have legal implications. Or, in the case of sensitive political files, as with the kind of material handled by Wikileaks for example. In such circumstances, it pays to use a VPN which both renders you anonymous as well as encrypting the data on its journey to and from your PC.
All of the above, applies to any OS.
[quote=“Mario.R, post:4, topic:13039”]Is there any risk of this kind with Ubuntu?[/quote]Let us be clear – Any system that is connected to another system by definition alone is, to some extent at least vulnerable to intrusion. Because the very nature of being connected demands that data must be able and must be allowed to transmit between the two machines. As such, there is a very real theoretical risk even when using Linux.
In practice however the risk is quite low. There are very few, if any, Linux virusses in the wild and as long as you’re diligent in using the latest distro versions and keeping those updated, you should be able to avoid security holes quite well.[quote=“Mario.R, post:4, topic:13039”] Is it safe to have an excel spreadsheet with my passwords saved in my home folder, and run eMule to download music, ebooks etc.?[/quote]Just consider the following – is whatever I am downloading something that has executable code? Music has no executable code, neither do ebooks. Spreadsheets might have executable code (macros). As long as it has no executable code, as long as it is a dumb file, there is no risk. Since the file cannot be executed, cannot be run there is no virus that it could be infected with. Or that it could download. Since those virusses would not be executed/run/downloaded. As stated, macros in spreadsheets are a bit more complicated. But, just make sure you have macros disabled in your spreadsheet application and you should be fine on that front as well.[quote=“Mario.R, post:4, topic:13039”]Is it safer to use a VPN, or just more private?[/quote]Just more private. Although, by consequence that may also make you a little more secure. Anonimity will at least make you a more difficult target for, say, a hacker.
I would say, just don’t trust anything blindly,
think before running or opening something.
This should generally keep you safe on Linux.
Unless, of course, you are being targeted by a professional attack.
Then I am not sure if the normal user has a chance to defend himself anyway, even on Linux…
Actually that's not always the case.
It's possible to poison an innocuous , non-executable file to attack the program that's supposed to read it.
There are known examples of this kind of exploits using specially crafted image or sound files.
[quote=“ouroumov, post:8, topic:13039”]It’s possible to poison an innocuous , non-executable file to attack the program that’s supposed to read it.[/quote]The odds of encountering such an issue are fairly remote though. Particularly within the Linux ecosphere. Since basically everyone and their dog can and will code their own applications. There’s a gazillion applications out there for any task.
The odds that you’re going to run into a file that targets a very specific version of a very specific application (since such risks, as you’re describing are typically tied to a specific version of a specific application) are exceedingly remote at best.
I don't understand the point you're making.
Some applications have a very wide userbase.
I haven't personally bothered to create my own media players.
Like you said, there have been cases reported. And also through containers, like iso images. Last year (or the year before?) a whole distro was in fact affected by this very kind of attack when someone produced a loaded image of the Linux Mint distro and was able to distribute it through the Mint own channel.
Back to the original poster, @Mario.R, these things can happen for a number of reasons: The most common are 1) users downloading from untrusted sources, 2) users not verifying a file hash after downloading, 3) the trusted source has weak security protocols in place. the Linux Mint hack was a case of the last two.
eDonkey, Kad, BitTorrent or any other peer-to-peer file distribution network always lead users into a particularly dangerous zone, independently of the system they are using. But they have their own informal protocols in place too to handle part of these concerns. On BitTorrent, for instance, many tracker websites include pseudosecurity information like the name and trust status of the uploader on the network, comments sections on which downloaders can comment on the file, in-place file trust schemes that flag files as verified and trustworthy, etc. If the eDonkey and Kad networks that you are using don't offer similar mechanisms (they didn't when I used them back in the early 2000s), you should avoid using them for executable files or files containing executable code.
Thank you all for your replies! Very informative.
So if I understand well, if I open a non executable file downloaded from aMule, like a mp3, ebook, video, pdf or archive, after having it scanned by ClamAV, there is virtually zero risk that this file will allow anybody to steal any of my data. On this we agree?
No not really. You are asking people to make commitments as to their view on your security when they are in no position to know what sites you may visit or files you may download.
What can be said, as a general statement, is this:
If one visits reliable and well known sites to download files using a torrent client and if those files are then scanned by a suitable anti-virus checker, then the risks to security are, all other things being equal, low. Furthermore, if one also uses a VPN, then the risks to privacy are also relatively low.
Everything else, that does not a fall under the above statement, cannot be directly judged by others in terms of security since the necessary facts of your Internet activity are not known sufficiently to make that judgment.
To make an analogy to @stevecook172001,
When you are in behind enemy lines, like on P2P networks, you may get shot.
If you duck or cover chances are smaller, but you can still get shot.
The enemy has poor aim, but you can still get shot.
You can see from where they are firing, but… that’s right, you can still get shot.
So, whether you get past the enemy depends on how much you minimize the chances of getting shot.
Which are never 0.
As others have already indicated, it not completely safe downloading files with p2p software. I would go so far to say even general web surfing is not completely safe, depending on where you point your browser.
But I did have a thought, and I welcome others to offers up their opinion on this, If you just have to use p2p software to download files, why not do it all with a virtual machine? You could setup a virtual machine, install whatever software your going to need to do this, and then take a snapshot of the VM in the event it becomes infected.
One problem I see with this would be if you ever moved the files you downloaded from the VM to the host system, then it's all for naught because the end result would be the same as if you downloaded it to the host to begin with. So, the only safe way would be to leave the files on the VM and use them there. If it's mp3 files your downloading, play them on the VM, same for eBooks, or anything else you might download. It would always have to stay on, and be used on the VM.
Probably more trouble than it's worth, but it might keep your host system safe.
Ebooks usually contain JavaScript that will be executed in the ebook reader app. I wonder if there is a way to scan suspicious ebook files for potential malware in ebooks? From what I've read, it is a popular method for hackers to infect popular ebooks and then upload them to torrent sites.
[quote=“xandor, post:17, topic:13039”]Ebooks usually contain JavaScript that will be executed in the ebook reader app.[/quote]Really? I did not know that. Well, a day without learning something new is a day wasted.[quote=“xandor, post:17, topic:13039”]I wonder if there is a way to scan suspicious ebook files for potential malware in ebooks?[/quote]I’d imagine that an AV set up to simply scan All Files should pick up on those, actually.