• Root Access:- A normal user is given only specific privileges to access control over the system. This restricts the user to execute binary files. If at all the user gets infected by the virus, that will affect only his/her home directory. But the virus can cause serious consequences once it has the root access. In root account, it has the permission to execute binary files and so can affect the whole system. The binary file could be an attachment with email. Running under root account for normal usage itself shows user stupidity and ignorance.
• Mixing Linux and windows environments:- In the case of mixed environments, files may be shared between the hosts of both OSs, or documents between Microsoft Office or its open source variant Open Office. A virus infected file in this case will not affect the Linux desktop, but it could be shared to a vulnerable Windows desktop which will get affected.
• Using Wine:- Wine is an open source application that is used to run windows application on other operating systems like Linux, Solaris, BSD, Mac OS X. With wine you can install and run windows applications just like you do in windows. The problem with using wine is that while running the windows applications, the viruses for windows will get into Linux system. As long as you don’t run root account, these viruses will remain harmless. But using wine if you are sending these infected files for instance, as an email attachment, to a windows user, then it will infect that user’s system, who had downloaded the attachment believing that it was from a trusted source( Linux system).
• Desktop environments, GNOME and KDE:- In Linux, the desktop environments execute the various binary files. The binary file itself is not given a permission for execution(execute flag not set in the permissions of file). In Linux, a file is not defined or executed according to its extension. No matter what its extension may be its not given executable right unlike in windows where .exe files are given right to execute itself when clicked upon. But in Linux, its the desktop environment that has he right to execute a file. Thus if an email attachment is saved to desktop and then double clicked, its executed.  Besides he desktop environments offer a convenient workaround called “launchers”. They are small files describing how something should be started. They consist of a single line command to be executed. These launchers don have to have any permissions set on them to execute. Gnome or KDE will happily execute the command without the need for execute bit to be set in the launcher itself. The command may be single string argument with 2 simple commands to it- one, to download a malware script from its server, and second to execute that freshly downloaded script. After reboot, this malware can be forced o automatically lunched if the file or launcher containing it gains entry to the autostart directory, that is ~/.config/autostart in case of GNOME and ~.kde/autostart in case of KDE. A virus or other malicious software can affect a Linux system this way only if user is stupid enough to save untrusted files to desktop and run it or allowing a launcher with potentially dangerous commands to enter or be created in the system.

We can say that to a great extent Linux is itself designed in such a way as to provide very hostile environment for viruses or other malicious software. But nothing will stop user stupidity and ignorance to let a virus infect a Linux system.

Following are the reasons:

1. No root access –  Linux implements a multi-user environment. Here the uses are granted only specific privileges as a form of access control. To gain control over the entire operating system or to cause serious consequences, the virus or the malware should have access to “admin/root account” of the system. Normally users log on to “user account” which have limited privileges and much limited access to system binaries. Thus corruption of system binaries is made much harder. If a virus or a worm as email attachment has to affect the system, it should go through following procedure, that is, the Linux user should read, save, become root, give executable permission and then run that file. The more steps, less likely a virus infection becomes and far less likely a catastrophically spreading virus becomes. Unlike in Windows, where users typically run as full privileged admin 24/7.
2. File permissions for different users- Linux distros implement a secure file permission system by default.Thus an “infected user” wont affect other users or the entire system. He/she will be damaging his/her /home directory alone.
3. Execute bit not set- For normal binary files the execute bit is not set in its permissions. A binary file is not defined or executed on the basis of its extension. Upon clicking on it, it cant execute itself, unlike the .exe files in windows. Thus the viruses or other malicious software which gets infected by running the executable is kept at bay. Only the desktop environments have the permissions to run the executables. An email attachment, upon receiving, containing a virus or malicious software cant run on its own. It ought to be saved by the user to desktop inorder to run it. Thus user is given a chance to decide whether the file is potentially dangerous and to make choice whether to download it or not.  Likewise the .exe viruses of Windows won’t work here.
4. Open source and constant updates- The full disclosure of the source code leads to quick patch/fix. Everybody can see in the code where is the virus attacking the system, and the huge Linux developer base including people all over the world, closely watching it, will immediately find a cure for it. Another factor is Linux is updated constantly, so a threat would be gone within a day of being reported and it will be implemented through the kernel and not a third party software.
5. No one pays for Linux virus- Today’s world revolves around the money. Thus a major factor which attracts virus users is money. But who will pay money for making viruses for open source which itself is free of cost!
6. Installations using software repositories- This significantly reduces the threat of installation of malware as the repository maintainers continuously work to ensure that their repository is malware-free. With the use of digital signatures and gpg keys, repository is restricted to include only th original author, package and release.
7. No standardization- Linux runs on many architectures and there are many versions, packaging systems and shells of Linux. Also Linux mail clients and address book are far from standardized. The desktop environments, GNOME and KDE, are different in ways of installing a software or running an application. A virus specifically made for the email client, evolution, might affect some people but not everyone using Linux. In Windows, a single email program dominates,like Outlook Express. Thus a virus writer can target his virus securing the knowledge that millions of users have the same vulnerability.

The strong community around Linux will provide new users with education and encouragements in area such as email security, not to run as root, etc, in the form of discussion forms and tutorials thus alleviating concerns on the part of newbies. This is something that is currently lacking in windows world.

• Install packages:

sudo apt-get install packagename

Example:

sudo apt-get install mpd sbackup

• Remove packages:
  

sudo apt-get remove packagename

• To remove all dependencies:
  

sudo apt-get autoremove

Example:

sudo apt-get remove mpd sbackup

• Search for packages:

apt-cache search <keywords>

Examples:

apt-cache search Music MP3
apt-cache search “Text Editor”

• Update the apt package database after adding/removing repositories:

sudo apt-get update

• Upgrade packages:
  

sudo apt-get upgrade

• Upgrade the entire distribution (e.g. from Intrepid to Jaunty):
  

sudo apt-get dist-upgrade

In Ubuntu, the command-line-interface terminal is called Terminal, which is started: Applications -> Accessories -> Terminal.

Many changes to the operating system can only be done by a User with Administrative privileges. ‘sudo’ elevates a User’s privileges to the Administrator level temporarily (i.e. when installing programs or making changes to the system).

Example:

sudo bash

‘gksudo’ should be used instead of ‘sudo’ when opening a Graphical Application through the “Run Command” dialog box.

Example:

gksudo gedit /etc/apt/sources.list

“man” command can be used to find help manual for a command. For example, “man sudo” will display the manual page for the “sudo” command:

man sudo

While “apt-get” and “aptitude” are fast ways of installing programs/packages, you can also use the Synaptic Package Manager, a GUI method for installing programs/packages. Most (but not all) programs/packages available with apt-get install will also be available from the Synaptic Package Manager.

Here’s how to manage them:

Download the gpg keys for the repositories and automatically add them to your repository keyring.

Example: To obtain and add the Google repository key:

wget –quiet http://dl.google.com/linux/linux_signing_key.pub -O – | sudo apt-key add -

wget – retrieves a file from a network location. –quiet = no output. -O = Output downloaded item to terminal. The | (pipe symbol) is used to capture the output from the previous command (in our case the screen) and use it as an input for the piped command (i.e. apt-key, which adds it to the keyring).
Alternatively (and perhaps more easily), you can use apt-key directly:

sudo apt-key adv –keyserver keyserver.ubuntu.com –recv-keys KEY

Alternatively, if you are using synaptic package manager instead of command line, you can download the gpg key for the particular software repository to a folder and then, click

System ▸ Administration ▸ Software Sources, select the
Authentication tab, click Import Key File and select the GPG key to be imported.

1. Create a back up of your current list of sources.

sudo cp -i /etc/apt/sources.list /etc/apt/sources.list_backup

2. Edit the list of sources.

sudo nano /etc/apt/sources.list

Typically, the contents of /etc/apt/sources.list looks like this:

# sources.list
# deb cdrom:[Ubuntu 8.04.1 _Hardy Heron_ - Release amd64 (20080701)]/ hardy main restricted
#deb cdrom:[Ubuntu 8.04.1 _Hardy Heron_ - Release amd64 (20080701)]/ hardy main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://us.archive.ubuntu.com/ubuntu/ hardy main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ hardy main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://us.archive.ubuntu.com/ubuntu/ hardy-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ hardy-updates main restricted

the above is not a complete sources.list. All the lines beginning with one or two hashes (#) are comments and do not get read by apt or its front-ends apt-get, Synaptic, and Adept. All the lines beginning with one or two hashes (#) are comments and do not get read by apt or its front-ends apt-get, Synaptic, and Adept. For example, let us take the case of 2 apt lines:

deb http://us.archive.ubuntu.com/ubuntu/ hardy main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ hardy main restricted

Here’s the explanation of this format:

deb: These repositories contain binaries or precompiled packages. These repositories are required for most users.

deb-src: These repositories contain the source code of the packages. Useful for developers.

http://archive.ubuntu.com/ubuntu: The URI (Uniform Resource Identifier), in this case a location on the internet.

hardy is the release name or version of your distribution.

main & restricted are the section names or components. There can be several section names, separated by spaces.

3. Adding the repositories. For universe and multiverse repositories, we just remove “#” symbol in front of the respective apt lines in the source list. For third party repositories, we just paste the respective apt line to the source list from the website of the repository.

4. Once you are satisfied with your choices, save the file. Now, retrieve the updated package lists from the newly added repositories by issuing the following command:

sudo apt-get update

You can add the partner repositories by uncommenting the following lines in your /etc/apt/sources.list file:
deb http://archive.canonical.com/ubuntu hardy partner
deb-src http://archive.canonical.com/ubuntu hardy partner
Then update as before:
sudo apt-get update

There are some (but not many) good reasons for which you might want to add non-Ubuntu repositories to your list of software sources. Some software cannot be distributed by Ubuntu due to patent and licensing restrictions in some countries. You can add such custom software repositories by adding the apt repository line of your software source to the list of repositories. It should look something like this:
deb http://mirror3.ubuntulinux.nl/ hardy-seveas freenx
Add the line at the end of your sources.list and save the file.
Next, make apt aware of the new software repositories by issuing the following command:
sudo apt-get update

1.Open System ▸ Administration ▸ Software Sources and select Third Party Software.

2.Click Add to add a new repository.

3.Enter the APT line for the extra repository. This should be
available from the website of the repository, and should look similar
to the following:

deb http://ftp.debian.org etch main

4.Click Add Source and then click Close to save your changes.

5.You will be notified that the information about available
software is out-of-date. Click Reload.

6.Packages from the new repository should now be available in your
package manager.

As a security measure, most software repositories use a GPG key to
digitally sign the files they provide. This makes it easy to check that the
files have not been tampered with since their creation. In order for your
package manager to be able to check this, you need the public key that
corresponds to the signatures. The key should be available for download on the repository’s website.

Download the GPG key. Then, click System ▸ Administration ▸ Software Sources, select the Authentication tab, click Import Key
File and select the GPG key to be imported.

1. Main, which is the major part of the distribution. Its supported by Canonical Ltd.
2. Restricted, software which isn’t licensed under general public license(ie its not a free software), but supported by Canonical Ltd.
3. Universe, software licensed under general public license and supported by users.
4. Multiverse, software not licensed under general public license but supported by users.

Third party repositories

Software developers often maintain their own repositories, from which software packages can be downloaded and installed directly to your computer (if you add the repository to your list). Many of these third party repositories and software packages have never been reviewed by the (K)Ubuntu/Debian community and can present a security risk to your computer. Trojans, backdoors, and other malicious software can be present at any unregulated repository. When using repositories not endorsed by the (K)ubuntu/Debian community, make sure you have utter confidence in that site before enabling the repository and installing a software package from it.

Keeping up to date is important, as security fixes which protect your computer from harm are delivered in this way.

1.Click System ▸ Administration ▸ Software Sources.

2.Select Third Party Software and click on
the Add CD-ROM button.

3.Insert the CD.

The packages should then be listed. To have Synaptic only list packages
from the CD, click the Origin button on the
lower left corner of the Synaptic window and then find the name of the
CD in the list in the upper left corner the window.

But it is also possible to do it without CDs or DVDs, using a simple USB key for example to transfer only the packages you need. Here’s how:
1.Open synaptic
2.Select the packages you wish to install.
3.Click on File->Generate package download script
4.Save the script on your USB key.
5. Go to the other PC (with GNU/Linux on it so that you can run the       script) and run the script on it. It will download the packages you  selected and all necessary dependencies based on what you already    have on your PC. Nothing more, nothing less.
6. Get the downloaded packages back to the other PC.
7. Open synaptic and click on File->Add downloaded packages and select the script from the USB key.