On Thursday 07 May 2009 10:58:34 am Jim Henderson wrote:
Sure, but a comprehensive security policy would do both - do what is reasonable to prevent the app from being installed, but if the app does somehow get installed, prevent it from talking to the outside world.
In other words, multilayer security. The ZA is actually good example, although advertised as firewall, it is more like AppArmor and Firewall with friendly face. It was long ago that I used it, but so far I recall, in last incarnation it was able to control any resource application is trying to use, including local, like libraries. Which is pretty much what AppArmor is meant to do. That level was a pain to configure for applications that ZA wasn't preconfigured, which is specially problematic in closed source world. -- Regards, Rajko http://news.opensuse.org/category/people-of-opensuse/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org