Yes
One of those (Black Lotus) was capable of bypassing secure boot.
I think we all hope we never encounter anything like this..
4 Likes
Hi Neville,
Thank you very much for the information.
Jorge
3 Likes
Problem with UEFI mode is when we install new hardware ,that hardware is not recognized by the OS, the limits of UEFI software written for linux, knowing as Drivers,
1 Like
I haven’t encountered any hardware issues related to using UEFI ‘mode’. My laptop run’s Garuda GNU/Linux with secure boot enabled after setting everything up using sbctl, and following the documentation I found on the CachyOS wiki. When I purchased a USB Wi-Fi-6 adapter, I had to get the driver from github for a time until it was included in the Linux kernel, but now, it’s supported out of the box.
Ernie
2 Likes
For one thing, it puts one more hurdle for the bad guys to overcome when they try to hide their malware in the ESP. I know, there are exploits that overcome secure boot, but it still presents an obstacle for them to overcome, in my case, just to get nothing (I have my credit bureau accounts frozen, and my bank account locked with 2FA). I always say that digital security should be established in layers, like an onion, so I’m always looking for additional layers 
Ernie
2 Likes
I wonder how many layers is reasonable.?
It depends on what you are protecting.
If there is nothing of value in a PC, you are only protecting against nuisance.
So I think maybe NAT plus firewall plus limit ssh is sufficient.
2 Likes
I agree, and I probably go a bit overboard with layered security, but I’ve encountered only one instance of malware ever since I’ve been using computers - dating back to the late 1980s/early 1990s, and that was when I still used MS-DOS (v3.1 - 5.x). Back then Norton Antivirus could be legally obtained for free, and I got a copy to scan for, and remove the infection, so the damage wasn’t too awful - I was very lucky, and viruses back then weren’t nearly as sophisticated as what we see today, so since I believe in the “If it works, keep doing it” theory, and Windows wants secure boot enabled, I’ll continue as I have been, at least until I get so fed up with Windows and Microsoft that I dump them both, and go pure GNU/Linux. If Microsoft makes Windows an Agentic OS as they’ve been alluding to, or they require that that new AI chip I’ve been hearing about must be installed for their next major release (Windows 12?), that may come sooner rather than later, but I’m waiting to see what happens next.
Ernie
2 Likes
Sorry for what might be a dumb question. I know what a firewall is and have the one provided by Mint enabled. I looked up NAT and ssh briefly and it seems to be geared towards severs.
As a home user without a server, do I need to learn about NAT and ssh?
3 Likes
You will have NAT ( network address translation) … your modem does it.
What NAT does is make the IP address of your machine invisible from the internet. It does that by changing the source IP address of every packet you send to that of your internet provider, then doing the reverse for incoming packages.
A machine with NAT is very unlikely to encounter login attempts or port access attempts, from anywhere beyond the modem.
ssh is a utility used to login between computers and sftp is a utility to transfer files between computers. You might use them if you had more than one home computer. They require a daemon (sshd) to be running.
You can configure sshd so it only listens on local interfaces… ie it will not listen to anything from your internet interface… that gjves some security, but it is not really necessary if you have NAT.
You can use sftp from the file manager, or as a CLI command.
ssh works from the CLI. You may have in the past used telnet to login from one computer to another… ssh is the modern equivalent
3 Likes
Thank you Neville for clarifying these two terms for me.
I do not try login into any other PC. And I transfer / share files using a cloud service, so it seems that I do not have to worry about ssh.
NAT is handle by my modem, so I don’t need to be concern about NAT either? Or is there some setting in Linux I should review?
I always thought that network address translation was something that was transparent to you and a person did not need to be concern about it.
2 Likes
All of this is complex, so take your time and read carefully. I’ll try to make everything as clear as I can.
If you don’t use a home file server, or have a home computer lab set up, you probably won’t have much use for SSH. On the other hand, I suspect that you do have a device provided by your Internet Service Provider (ISP) that either your computer is connected to with what’s called a CAT5 or 6 (Ethernet) cable, or that provides Wi-Fi service so your computer can connect to the Internet wirelessly. The ‘device’ is usually called a modem, but it’s really a modem and router combined, that connects your computer to the Internet using a coaxial (RG6) or Fiber-optic cable, through your ISP’s network.
The router part of your modem is also a hardware firewall, and if configured correctly, ignores any incoming connection requests from the Internet, while allowing your computer to connect to websites on he Internet. The router part of your modem can be viewed as having two sides. One side ‘faces’ the Internet (called the Wide Area Network (WAN) side), and the other side ‘faces’ your home Network (called the Local Area Network (LAN) side). The hardware firewall is part of your router’s WAN configuration, and your router has two addresses, one for your LAN (usually either 192.168.1.2, or 192.168.1.254 which is also known as your gateway address), and another that’s provided by your ISP, for the WAN side, and is the address any website you connect to sees.
Network Address Translation is a protocol that allows your router to keep track of data packets being sent to and from your computer to/from a website on the Internet, so you can have more than one computer connected simultaneously. As stated above, websites you connect to on the Internet see your router’s WAN address, and your computer sees your router’s LAN address (the gateway address mentioned earlier).
If you want to learn more, or you have more questions, maybe we should start another topic so we don’t interfere with this thread too much. Let me know, and I’ll set it up and tell you about it here, OK?
Ernie
4 Likes
You are right. I never touch mine.
Only people who want remote access need to worry about NAT. These days they mostly bypass it with a VPN.
3 Likes
Thank you Ernie for your detail explanation of some of these terms. A separate thread might be nice for me or others that might want to learn more about telecommunications.
My background goes back to the home Atari when a modem was only a modulator-demodulato.
We had modems at work that were 2400, 3600, and even 4800 Baud.
I know when people speak about their router that this device actually is a device that combines both the modem & router.
I am very familiar with coaxial and Ethernet cables. I run Ethernet cable from my router to my PC at home. Also at home, I used to run a coaxial cable from the cable setup box to the TV. At work way back when, we had a local terminal controllers (routers) that had 32 ports on it that coaxial cable would have to run from the controller in the computer room to where ever the “dumb” terminal was located in the building. What a mess (rat nest)! Four controllers each with 32 ports, 128 coaxial cables.
I know that if I ping www.yahoo.com that NAT translates this readable name into something like 87.248.114.12. I know your ISP is like your home address for the PC. People can hide / change their ISP they show to WAN by using a VPN.
I have also log onto my modem at the address of 192.168.1.2 to look at the options. Before my latest router, I had a login ID and PW. Admin / Admin … LOL.
I did not know I had a LAN because I thought that you needed more then one device on the same port of the router for a person to have a LAN. I heard of a type of LAN called token ring and believe I understand the concept of it.
Wan is the basically the internet.
That’s about all I know about telecommunications. Thanks for you help.
Howard
3 Likes
If your computer’s IP v4 address starts with 192.168., then it’s on your LAN because your modem/router assigned that address to your computer, and it may change on a timing schedule configured in your modem/router’s configuration settings.
As for the new topic, I’ll open it later today, and add a reply here.
Ernie
4 Likes
My new topic is “How computers communicate, from the ARPANET to today’s Internet”
Ernie
3 Likes