Am Donnerstag, 30. März 2006 23:35 schrieb Andre Truter:
If a java app gets compromised, it will only effect the user.
Sorry, I don't really get that point: "it will only effect the user". *I* am the user and it's exactly me whom I don't want to be affected. Quasi all of my data, all my e-mails, all my settings are "only user". So if this gets compromised, it don't care too much, if the rest of the system is still doing fine - I am not. (ok, this applies only to a single-user machine, however) To make it clear: as a non-professional "just-user" of a PC it's no comfort that "only the user" can be affected, because in case of an attack I will not be happy, when I can say: "Oh, only my stuff is gone - but the system still feels fine - Yippee!"
What started this conversation no one has addressed: the primitive [absent] interactive GUI "Firewall" technology available on Windows.
I think you are still not getting the point.
Me neither! it may seem to you. I understand that there are huge differences between W and Linux, and I very much appreciate this - i'd never never want to go back to W, that would be a nightmare (also, but not just because of security). But on the other hand: what's against it, if you get noticed when a program wants to call outside?
You percieve Linux as being primitive because it does not feature a useless application that can only give you a false sense of security.
If you have the, let's say "zone alarm" warnings, that doesn't mean that you should rely _only_ on this. I wouldn't call it a "false" but an "additional" sense of security.
... On Linux you should NOT focus on a tool that can tell you that you HAVE ALREADY been compromised.
Why not? Not everybody is a systems engineer (or wants to become one) with indeep knowledge of security etc. issues. I guess, most of the users just want to sit in front of a computer and _use_ it, as you want to see the time on your watch, even if you have no idea about on what frequency the quartz inside runs or how gears must be mounted so that they don't block. ok, you may say, those users shall go back to W. But is this what you really want? Me not. It's one of the reasons not "everybody" uses Linux that it has the image of beeing for "specialists" only. ...and about "HAVE ALREADY been compromised": ok, but then it's still better to find out by a warning than not to find out at all, don't you think so too? And, what exactly means "beeing compromised"? I, for example, just don't want Acrobat to call home (in fact I don't even know, if it does on Linux; it does on W if you don't stop it with z.a. or similar). I want to be able to block things like that easily whithout an university degree in firewalling.
No, not silent failure, but silent protection. A firewall is not there to tell you what is trying to go where, it's main purpose is to prevent thngs from going through it.
I think "firewall" and the discussed zone-alarm feature of warnings for outgoing calls are two different things. If you set up a Linux-PC (well, I know only SUSE...), you might be more secure than on W, but it is still possible, that you download or run a program that does things you don't want it to. Of course it would be best, to use only secure, trusted software, but how should an average fool (like me) decide, what is secure, whom schould I trust, whom not? In reality people just download programs if they think, they'd like to have it. Then it's just nice if you can be sure, that this program cannot connect to the internet without your explicit permission. I acknowledge that this *alone* doesn't make a system secure, but why not have it as an _additional_ comfortable feature?
If you want to see what traffic os going where, use something like Ethereal.
Well, again, for the kind of users I belong to, all those logs and other interesting and impressive things are very mystic. Often I simply don't understand, if a message is a warning, an error or just normal. Is it important? Must I google around about that or can I just leave it as it is? etc.etc. It's quite a difference to read and decipher system messages or just having a window popping up, telling me "Acrobat wants to connetc to the net. Do you want to allow this for now, for ever, not now, not at all?". I could understand something like this and - important - my action would simply be to click the desired answer. I don't have to search in systems settings how to avoid a program to connect, I don't even have to understand what ports are, what they do and how and why to open or close them. And, as said before, for most of the computer users (W or Mac or Linux, doesn't matter) the computer is just a tool. They have a profession other than programming and they have other hobbies than "computering". It shouldn't be a precondition for Linux users to develop indeep system knowledge. If this would be the case, then Linux would be nothing but a game for some freaks or, in the better case, a system for special needs run by specialists. ...
The reason MS is successfull does not have much to do with giving users what they want. It has to do with very clever marketing and social engineering....
I personally cannot understand why M$ is (was?) so successful. But it often happens in the real world that it is the worst that finally succeeds. In case of M$ I think "white-collar crime" is an important issue...
... People started to accept that a PC crash every now and again. People loose files and just carry on because that is the nature on a PC.
Here I fully aknowledge. It's crazy. Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com special interest site: http://www.bauer-nudes.com