Re: [SLE] Re: SUSE Firewall primitive shadow of ZoneAlarm in interactive user-control
On 3/31/06, Adam Tauno Williams
With COM and ActivX the API gives your app access to the memory space of the ActiveX component, which again use a shared system bus. If you plug into the Windows system bus, you can see all messages gong around. You can intercept messages meant for other applications,
Complete rubbish. Windows is a full fledged protected mode OS, applications are very much shielded from each other - yes, I believe Linux is superior but due to differences far more subtle then you are describing.
THe applications might be shielded from each other, but then it is not done very well. In my experience the COM and ActiveX components do use shared memory resources. If I corrupt memory of a COM object I use, other applications that use it also folds. With a CORBA bus this does not happen. Only thing that might hapen is that one of the other applications on the bus is waiting for infromation from your app and times out waiting.
With the message busses used on *nix systems you cannot do that, because there are diferent busses and you can only access what the bus allow you to see.
This statement is so vague as to be meaningless. And many of the messaging technologies used by X-windows environments over the years have been horribly insecure.
On a Linux system you do not have a system-wide message bus. Your GNOME and KDE systems each have thier own message bus, which is CORBA based as far as I know. Your application needs to actively poll for keyboard and mouse events. This is normally built into lower libraries of your graphics system, like Qt, Gtk, Motif, etc. Your Gtk appliction has it's own internal message bus that is used to generate and handle events, another application cannot see those events. Drag-'n-Drop functionality are implemented via the GNOME/KDE CORBA bus. You can get information about the mouse and keyborad activities and the locations of widgets via the X system, but you cannot control a program via that, by sending it a message. You can only use the signal system to send a signal to an application. On Windows we used to manage mis-behaving applications by intecepting thier messages on the system bus and then inject new messages for it on the bus. This cannot be done in *nix AFAIK. You need to send the KILL signal to the application and the kernel will handle it by asking the application nicely to terminate
What started this conversation no one has addressed: the primitive [absent] interactive GUI "Firewall" technology available on Windows.
I think you are still not getting the point.
I think YOU are entirely missing the point. An interactive firewall IS EASIER TO USE! Otherwise apps silently fail to work - this has nothing whatsoever to do with worms, viruses, trojans, etc... It has to do with informing the poor user what is going on. Lack of such a feature on the LINUX desktop IS a deficiency no matter how you want to spin it. Like no feedback for offline print queues and the inability to edit filesystem ACLs in the GUI.
I understand that the original issue was the fact that the user are not being notified of which applications are trying to get outside access. (Not just a user-friendly GUI for a firewall - there are amy out there, like Firewall Builder for instance) My point is that just the fact that someone wants to know which local applications wants outside access tells me that they are looking in the wrong place for security. So, what is the use of having such an application if it will only fool you into feeling secure. I say: rather get the user to understand what the real issues on Linux is and then look for user-friendly solution to that.
On Linux you should NOT focus on a tool that can tell you that you HAVE ALREADY been compromised.
Because an app is trying to open a port means you've been comprimised? Again - Bogus.
No, that is not what I am saying. My logic is that you would only wnat to know if a compromised application is trying to get outside access. Is that assumption correct? I cannot see why the system needs to tell me that FireFox is trying to get to the Internet, because that is exactly why I started FireFox. So, if my main reason for monitoring traffic going from inside to outside is to see when a compromised application is trying to access the net, then it means that the tool is telling me that I have been compromised, instead of preventing me from being compromised. What is the use of that? Would it not be better to rather focus on something that will PREVENT me from being compromised? -- Andre Truter | Software Engineer | Registered Linux user #185282 ICQ #40935899 | AIM: trusoftzaf | http://www.trusoft.co.za ~ A dinosaur is a salamander designed to Mil Spec ~
With COM and ActivX the API gives your app access to the memory space of the ActiveX component, which again use a shared system bus. If you plug into the Windows system bus, you can see all messages gong around. You can intercept messages meant for other applications, Complete rubbish. Windows is a full fledged protected mode OS, applications are very much shielded from each other - yes, I believe Linux is superior but due to differences far more subtle then you are describing. THe applications might be shielded from each other, but then it is not done very well. In my experience the COM and ActiveX components do use shared memory resources. If I corrupt memory of a COM object I use, other applications that use it also folds.
If two applications use the same component of course this can happen, but it does not effect all applications using COM.
With the message busses used on *nix systems you cannot do that, because there are diferent busses and you can only access what the bus allow you to see.
And the same is true on Windows; for applications to share a component they must share a 'bus' be it shared memory, IIOP, or whatever.
This statement is so vague as to be meaningless. And many of the messaging technologies used by X-windows environments over the years have been horribly insecure. On a Linux system you do not have a system-wide message bus. Your GNOME and KDE systems each have thier own message bus, which is CORBA based as far as I know.
KDE does not use CORBA, it uses DCOP, and "The model is simple. Each application using DCOP is a client. They communicate to each other through a DCOP server, which functions like a traffic director, dispatching messages/calls to the proper destinations. All clients are peers of each other." One bus! But there is nothing wrong with a one-bus system, the devil is in the implementation. GNOME's Bonobo used/uses CORBA but is basically dead and most of GNOME has been de-bonoboized. Current GNOME relies more and more on D-BUS with KDE is also beginning to use. D-Bus reaches all the way to the kernel. With your world-view you should be panicing about now.
Drag-'n-Drop functionality are implemented via the GNOME/KDE CORBA bus.
Nope.
On Windows we used to manage mis-behaving applications by intecepting thier messages on the system bus and then inject new messages for it on the bus.
How long ago is "used to"?
You need to send the KILL signal to the application and the kernel will handle it by asking the application nicely to terminate
You are confusing various types of 'signals'.
I think YOU are entirely missing the point. An interactive firewall IS EASIER TO USE! Otherwise apps silently fail to work - this has nothing whatsoever to do with worms, viruses, trojans, etc... It has to do with informing the poor user what is going on. Lack of such a feature on the LINUX desktop IS a deficiency no matter how you want to spin it. Like no feedback for offline print queues and the inability to edit filesystem ACLs in the GUI. I understand that the original issue was the fact that the user are not being notified of which applications are trying to get outside access. (Not just a user-friendly GUI for a firewall - there are amy out there, like Firewall Builder for instance) My point is that just the fact that someone wants to know which local applications wants outside access tells me that they are looking in the wrong place for security.
You still don't get it. This isn't about looking anywhere for security. Applications may have perfectly legitimate reasons for opening network connections, so you think them just silently failing and having to grep syslog to find out a packet was tossed is a good thing?
So, what is the use of having such an application if it will only fool you into feeling secure.
This doesn't have anything to do with FEELING secure, it is about easily knowing what is going on.
I say: rather get the user to understand what the real issues on Linux
The real issue is that their application doesn't work, they understand that perfectly well.
On Linux you should NOT focus on a tool that can tell you that you HAVE ALREADY been compromised.> Because an app is trying to open a port means you've been comprimised? Again - Bogus. No, that is not what I am saying. My logic is that you would only wnat to know if a compromised application is trying to get outside access. Is that assumption correct?
No. Because it doesn't address the issue of the application not working, and makes the assumption that this behaviour indicates being compromised which is false.
I cannot see why the system needs to tell me that FireFox is trying to get to the Internet, because that is exactly why I started FireFox.
So you run on a tiny set of applications that perform perfectly standard types of connections? Must be nice. How about a Java app that controls a CNC machine? Or a teleconferencing app that opens lots of connections? Or a network scanner? Your going to 'just know' in advance what all connections all those applications are going to make? And it you didn't know and approve them in advance then they should just 'not work', that that is OK behaviour for a user-friendly desktop? That a CAD/CAM guy should have to understand LINUX, TCP/IP and iptables? And the suit communicating with the ERP application? If I just opened an application and get a pop-up that it wants to open port so-and-so it is just as reasonable to say yes as it is to pre-approve based on assumption that firefox is going to make requests to remote port 80s.
So, if my main reason for monitoring traffic going from inside to outside is to see when a compromised application is trying to access the net, then it means that the tool is telling me that I have been compromised, instead of preventing me from being compromised. What is the use of that? Would it not be better to rather focus on something that will PREVENT me from being compromised?
Your basic premise that all types of network activity indicates malicious action is false.
On 3/31/06, Adam Tauno Williams
I understand that the original issue was the fact that the user are not being notified of which applications are trying to get outside access. (Not just a user-friendly GUI for a firewall - there are amy out there, like Firewall Builder for instance) My point is that just the fact that someone wants to know which local applications wants outside access tells me that they are looking in the wrong place for security.
You still don't get it. This isn't about looking anywhere for security. Applications may have perfectly legitimate reasons for opening network connections, so you think them just silently failing and having to grep syslog to find out a packet was tossed is a good thing?
No, why would they fail? I never said that you should block ANY traffic going outside. My whole point is that you should NOT focus on traffic going outwards, but rather focus on atacks from the outside, because that is where the bigger risk is for a Linux system. I do not block any outgoing traffic, so why would I want to have a pop-up informing me that application XYZ wants access to the outside world. The app already have access. I trust my own machine, but I do not trust all other machines, that is why I have my firewall set up to protect my box from outside access and not the other way around. -- Andre Truter | Software Engineer | Registered Linux user #185282 ICQ #40935899 | AIM: trusoftzaf | http://www.trusoft.co.za ~ A dinosaur is a salamander designed to Mil Spec ~
On 3/31/06 11:51 AM, "Andre Truter"
I do not block any outgoing traffic
You are truly missing a huge hole. -- Thanks, George You do not merely want to be considered just the best of the best. You want to be considered the only ones who do what you do. Jerry Garcia
On 3/31/06, suse_gasjr4wd@mac.com
On 3/31/06 11:51 AM, "Andre Truter"
wrote: I do not block any outgoing traffic
You are truly missing a huge hole.
Which one would that be and why? -- Andre Truter | Software Engineer | Registered Linux user #185282 ICQ #40935899 | AIM: trusoftzaf | http://www.trusoft.co.za ~ A dinosaur is a salamander designed to Mil Spec ~
participants (3)
-
Adam Tauno Williams
-
Andre Truter
-
suse_gasjr4wd@mac.com