Mailinglist Archive: opensuse (3100 mails)
| < Previous | Next > |
Re: [SLE] SUSE Firewall not like ZoneAlarm...
- From: "Andre Truter" <andre.truter@xxxxxxxxx>
- Date: Mon, 13 Mar 2006 16:09:31 +0200
- Message-id: <173f0b9f0603130609w2bc32babv3854449bbd3655b0@xxxxxxxxxxxxxx>
On 3/13/06, Jerry Feldman <gaf@xxxxxxx> wrote:
> On Monday 13 March 2006 7:03 am, Andre Truter wrote:
> > Run a firewall like SuSEFirewall. THe default setup should protect
> > you 10 times better than what you are protected on your Windows box.
> >
> > You have to take into account that Linux is NOT Windows and it does
> > not work in the same way,
> This is a true statement.
> I think that the OP wanted something that would make his transition
> comfortable.
>
> While Linux is inherently safer, it still has some vulnerabilities. In
> Windows, one of the ways a virus can attack is by replacing a common
> application. Additionally, spyware also can easily be installed on Windows.
> The Zone Alarm strategy is to block outgoing traffic unless specifically
> approved by the user. The Linux strategy is much more integrated into the
> kernel since Linux has had firewall code for 10 years. But, it does not
> hurt to add a Zone Alarm type of firewall to Linux if that is what one
> wants.
I tend to disagree. I can write the OP a nice little tool that will
do what ZoneAlarm does, monitor outgoing traffic and ask the user when
an app wants to connect the outside, but that will only give him a
false sense of security, because he is applying Windows tactics to
Linux, so he is looking for the problems in the wrong place.
This is my whole point with my rant. Windows teach us to look out for
spyware and viruses, so we apply that to Linux also. We look for the
same type of vulnerabilities, while the system is designed different
and has different vulnerabilities.
It is like guarding the door to the stable, while the castle's main
gates are wide open.
I think it is better for the OP to rather try and understand what the
vulnerabilities in Linux is and to use the appropriate tools for
Linux.
--
Andre Truter | Software Engineer | Registered Linux user #185282
ICQ #40935899 | AIM: trusoftzaf | http://www.trusoft.co.za
~ A dinosaur is a salamander designed to Mil Spec ~
> On Monday 13 March 2006 7:03 am, Andre Truter wrote:
> > Run a firewall like SuSEFirewall. THe default setup should protect
> > you 10 times better than what you are protected on your Windows box.
> >
> > You have to take into account that Linux is NOT Windows and it does
> > not work in the same way,
> This is a true statement.
> I think that the OP wanted something that would make his transition
> comfortable.
>
> While Linux is inherently safer, it still has some vulnerabilities. In
> Windows, one of the ways a virus can attack is by replacing a common
> application. Additionally, spyware also can easily be installed on Windows.
> The Zone Alarm strategy is to block outgoing traffic unless specifically
> approved by the user. The Linux strategy is much more integrated into the
> kernel since Linux has had firewall code for 10 years. But, it does not
> hurt to add a Zone Alarm type of firewall to Linux if that is what one
> wants.
I tend to disagree. I can write the OP a nice little tool that will
do what ZoneAlarm does, monitor outgoing traffic and ask the user when
an app wants to connect the outside, but that will only give him a
false sense of security, because he is applying Windows tactics to
Linux, so he is looking for the problems in the wrong place.
This is my whole point with my rant. Windows teach us to look out for
spyware and viruses, so we apply that to Linux also. We look for the
same type of vulnerabilities, while the system is designed different
and has different vulnerabilities.
It is like guarding the door to the stable, while the castle's main
gates are wide open.
I think it is better for the OP to rather try and understand what the
vulnerabilities in Linux is and to use the appropriate tools for
Linux.
--
Andre Truter | Software Engineer | Registered Linux user #185282
ICQ #40935899 | AIM: trusoftzaf | http://www.trusoft.co.za
~ A dinosaur is a salamander designed to Mil Spec ~
| < Previous | Next > |