Mailinglist Archive: opensuse (3100 mails)
| < Previous | Next > |
Re: [SLE] SUSE Firewall not like ZoneAlarm...
- From: Daniel Bauer <linux@xxxxxxxxxxxxxxxx>
- Date: Mon, 13 Mar 2006 08:37:04 +0100
- Message-id: <200603130837.04758.linux@xxxxxxxxxxxxxxxx>
Am Sonntag, 12. März 2006 21:36 schrieb Anders Johansson:
> On Friday 10 March 2006 18:05, Daniel Bauer wrote:
> > As much as I understand it (and I don't understand very much :-) ) the
> > SUSE-firewall doesn't care abaout which application is using a specific
> > port, so in my opinion it could easily be possible for a maleficent
> > program to get an internet connection.
>
> maleficient? Please tell me you got that from babelfish :)
no, from leo.org... ;-)
b.t.w. what would be the correct word for what I intended to say?
> Yes it's easy for a program to get internet access in linux, SuSEfirewall2
> won't block outgoing connections by default. If you worry about these
> things, you might want to look at AppArmor, which is included by default in
> 10.0 and can block much more than just network access
>
> zonealarm isn't exactly the solution. It's not too difficult to defeat, so
> the only thing you get from it is a false sense of security. If you're
> worried about outgoing connections, the only real solution is to only run
> software you trust.
>
Of course, and I guess it's not so easy to install a working program on Linux
that was sent to me per e-mail for example, as it is on Win, especially if I
receive e-mail as a unser (not as root) and don't open every attachement or
html-e-mail.
But as a quite stupid user that I am - at least in regard to computer tech :-)
- I'd apprecieate if I could somehow close my PC not only from outside-in but
also from inside-out and let only pass those programs to which I explicitely
give permission.
That was, was ZoneAlarm promised to do - and, of course, I am not really
surprised to read, that it actually does other things, too. This seems to be
quite common in the M$-space and is _one_ of the great advantages of open
source software.
However I am still interested in learning what other (more skilled) users do
to protect their PC's....
...and forgive me to choose inappropriate words from the list given by leo.org
when trying to translate to something near English :-)
Daniel
--
Daniel Bauer photographer Basel Switzerland
professional photography: http://www.daniel-bauer.com
special interest site: http://www.bauer-nudes.com
> On Friday 10 March 2006 18:05, Daniel Bauer wrote:
> > As much as I understand it (and I don't understand very much :-) ) the
> > SUSE-firewall doesn't care abaout which application is using a specific
> > port, so in my opinion it could easily be possible for a maleficent
> > program to get an internet connection.
>
> maleficient? Please tell me you got that from babelfish :)
no, from leo.org... ;-)
b.t.w. what would be the correct word for what I intended to say?
> Yes it's easy for a program to get internet access in linux, SuSEfirewall2
> won't block outgoing connections by default. If you worry about these
> things, you might want to look at AppArmor, which is included by default in
> 10.0 and can block much more than just network access
>
> zonealarm isn't exactly the solution. It's not too difficult to defeat, so
> the only thing you get from it is a false sense of security. If you're
> worried about outgoing connections, the only real solution is to only run
> software you trust.
>
Of course, and I guess it's not so easy to install a working program on Linux
that was sent to me per e-mail for example, as it is on Win, especially if I
receive e-mail as a unser (not as root) and don't open every attachement or
html-e-mail.
But as a quite stupid user that I am - at least in regard to computer tech :-)
- I'd apprecieate if I could somehow close my PC not only from outside-in but
also from inside-out and let only pass those programs to which I explicitely
give permission.
That was, was ZoneAlarm promised to do - and, of course, I am not really
surprised to read, that it actually does other things, too. This seems to be
quite common in the M$-space and is _one_ of the great advantages of open
source software.
However I am still interested in learning what other (more skilled) users do
to protect their PC's....
...and forgive me to choose inappropriate words from the list given by leo.org
when trying to translate to something near English :-)
Daniel
--
Daniel Bauer photographer Basel Switzerland
professional photography: http://www.daniel-bauer.com
special interest site: http://www.bauer-nudes.com
| < Previous | Next > |