Mailinglist Archive: opensuse (3100 mails)
| < Previous | Next > |
Re: [SLE] Re: SUSE Firewall primitive shadow of ZoneAlarm in interactive user-control
- From: Adam Tauno Williams <adam@xxxxxxxxxxxxxxxx>
- Date: Thu, 30 Mar 2006 22:51:33 -0500
- Message-id: <555-SnapperMsg05076A73C05257CD@[70.217.190.109]>
>I don't know if COM and DCOM comes from CORBA,
It doesn't.
>With COM and ActivX the API gives your app access to the memory space
>of the ActiveX component, which again use a shared system bus.
>If you plug into the Windows system bus, you can see all messages gong
>around. You can intercept messages meant for other applications,
Complete rubbish. Windows is a full fledged protected mode OS,
applications are very much shielded from each other - yes, I believe
Linux is superior but due to differences far more subtle then you are
describing.
>With the message busses used on *nix systems you cannot do that,
>because there are diferent busses and you can only access what the bus
>allow you to see.
This statement is so vague as to be meaningless. And many of the messaging
technologies used by X-windows environments over the years have been
horribly insecure.
>> Look at technology common to Windows & *nix, say Java: how much less
>> secure is Java on Windows than Gnunix?
>Very much. Due to the common message bus that Windows use, the java
>application potentially have access to any other application,
Bogus.
>> What started this conversation no one has addressed: the primitive
>> [absent] interactive GUI "Firewall" technology available on Windows.
>I think you are still not getting the point.
I think YOU are entirely missing the point. An interactive firewall
IS EASIER TO USE! Otherwise apps silently fail to work - this has nothing
whatsoever to do with worms, viruses, trojans, etc... It has to do with
informing the poor user what is going on. Lack of such a feature on the
LINUX desktop IS a deficiency no matter how you want to spin it. Like no
feedback for offline print queues and the inability to edit filesystem ACLs
in the GUI.
>You percieve Linux as being primitive because it does not feature a
>useless application that can only give you a false sense of security.
I don't percieve the LINUX desktop as primitive, but it certainly has
functionality gaps that still need closing. This is a legitimate user need.
>The point is that you should first look at where the real threats are
>on a Linux system and then think from that angle.
The inability of the system to INFORM the user that it blocked an
applications attempt tp communicate is NOT a "security" problem, it is a
usability problem.
>On Linux you should NOT focus on a tool that can tell you that you
>HAVE ALREADY been compromised.
Because an app is trying to open a port means you've been comprimised?
Again - Bogus.
It doesn't.
>With COM and ActivX the API gives your app access to the memory space
>of the ActiveX component, which again use a shared system bus.
>If you plug into the Windows system bus, you can see all messages gong
>around. You can intercept messages meant for other applications,
Complete rubbish. Windows is a full fledged protected mode OS,
applications are very much shielded from each other - yes, I believe
Linux is superior but due to differences far more subtle then you are
describing.
>With the message busses used on *nix systems you cannot do that,
>because there are diferent busses and you can only access what the bus
>allow you to see.
This statement is so vague as to be meaningless. And many of the messaging
technologies used by X-windows environments over the years have been
horribly insecure.
>> Look at technology common to Windows & *nix, say Java: how much less
>> secure is Java on Windows than Gnunix?
>Very much. Due to the common message bus that Windows use, the java
>application potentially have access to any other application,
Bogus.
>> What started this conversation no one has addressed: the primitive
>> [absent] interactive GUI "Firewall" technology available on Windows.
>I think you are still not getting the point.
I think YOU are entirely missing the point. An interactive firewall
IS EASIER TO USE! Otherwise apps silently fail to work - this has nothing
whatsoever to do with worms, viruses, trojans, etc... It has to do with
informing the poor user what is going on. Lack of such a feature on the
LINUX desktop IS a deficiency no matter how you want to spin it. Like no
feedback for offline print queues and the inability to edit filesystem ACLs
in the GUI.
>You percieve Linux as being primitive because it does not feature a
>useless application that can only give you a false sense of security.
I don't percieve the LINUX desktop as primitive, but it certainly has
functionality gaps that still need closing. This is a legitimate user need.
>The point is that you should first look at where the real threats are
>on a Linux system and then think from that angle.
The inability of the system to INFORM the user that it blocked an
applications attempt tp communicate is NOT a "security" problem, it is a
usability problem.
>On Linux you should NOT focus on a tool that can tell you that you
>HAVE ALREADY been compromised.
Because an app is trying to open a port means you've been comprimised?
Again - Bogus.
| < Previous | Next > |