How to Sandbox Non-trusted Apps in Linux Systems

Sometimes we have to run an application that we do not trust, but we are afraid that it might look at or delete our personal data, since even though Linux systems are less prone to malware, they are not completely immune. Maybe you want to access a shady-sounding website. Or perhaps you need to access your bank account, or any other site dealing with sensitive private information. You might trust the website, but do not trust the add-ons or extensions installed in your browser.

In each of the above cases, sandboxing is useful. The idea is to restrict the non-trusted application in an isolated container -a sandbox– so that it does not have access to our personal data, or the other applications on our system. While there is a software called Sandboxie that does what we need, it is only available for Microsoft Windows. But Linux users need not worry, since we have Firejail for the job.

So without further ado, let us see how to set up Firejail on a Linux system and use it to sandbox apps in Linux:

more

Sandboxing Linux with Firejail (video)

Building Firejail Security Profiles (video)

SafetyDetectives: 5 Best Antivirus Protection for Linux

After years of using Linux on my main computer, I got really tired of seeing how many low-quality Linux antivirus programs were floating around the internet. While Linux is much more secure than other operating systems, I kept finding vulnerabilities that I was struggling to patch.

One of the reasons for this is that there simply aren’t very many antivirus scanners for Linux. While malware is still an issue, Linux users don’t face the same risks as PC and Mac users, so we need to utilize other cybersecurity tools to harden our devices.

I spent a long time finding the best free Linux cybersecurity tools on the internet. After testing 29 different programs, I’ve come up with some rock-solid programs to help bulk up security on my Linux machine.

• ClamAV: Open-source freeware antivirus scanner with a GUI.
• Sophos: Free for one user, scan and remove malware, command line only.
• Firetools: Sandboxing software prevents malicious web scripts with a GUI.
• Rootkit Hunter: Behavior-based rootkit scanning, command line only.
• Qubes: A distro designed to keep your computer as secure as possible.

more… Also in French and Romanian

Securely Run Programs In Linux Mint Using Firetools

For running applications sandboxed in Linux, Firetools is a good utility to do so. Sandboxing is essentially restricting applications in their own space and thereby limiting their reach to the overall system. This is a security layer to prevent any malicious programs to have full access to the system.

Firetools is a graphical front-end for the command-line sandboxing tool Firejail.

more

LinuxLinks: Essential System Tools: Firejail – Excellent Security Sandboxing

What makes Firejail so special it qualifies for inclusion in our Essential System Tools feature? Above all, it puts users first.

It’s really easy to install and use. More time to spend actually using software. Most people won’t need any custom configuration. There’s a wide range of software which come with sandbox profiles.

The software helps to reduce the risk of security breaches. It’s lightweight and while it uses CPU cycles, the overhead is remarkably low. Firejail sandboxes do not each run their own copy of a full-blown operating system. Instead they operate in a resource-isolated environment created by standard facilities of your system’s existing Linux kernel. As such, despite the high level of protection offered, the overhead of running a Firejail sandbox is extremely low. So your software, including games, run at full steam, unlike a full virtualisation environment.

Firejail is an excellent tool for the security conscious. While it adds a layer of protection, you should use it with other security tools. We use it mainly for web browsing, and to lock down services.

more