On 3/22/06, Linda Walsh <suse@tlinx.org> wrote:
On my system, for example, no browser (IE, firefox, opera) is able to run javascript or java from any site, unless I have explictly permitted that site through my web-filter. I don't have to worry about visiting some random website that will exploit the latest java[script] or activeX bug -- they are all blocked.
OK, Linux don't have things like ActiveX and Javascript can be controlled with the different browsers themselves. FireFox lets you enable or disable javascript and you can tell it to only allow javascript from certain sites. If I wished to configure it, each time my "firewall" detected incoming
javascript from a website, it could popup a question to ask if I wished to let
How does a firewall detect incoming javascript? I suppose the only way to do this is to inspect each HTML file passing through and look for the javascript headers. AFAIK, IPCop has a plugin that allow things like that.
the javascript through (using a previously built-up "whitelist" of previously approved websites). Barring corruption of "trusted websites", I don't have to worry about downloading trojan script-code.
Firefox does this on Linux. I don't have to run an
"intrusion [virus] detection program". It doesn't get that far.
Ummm.. Intrusion Detection systems have nothing to do with viruses. Intrusion detection systems monitors incoming connections and prevent and warn possible breakin attempts. (where the real threat is on linux) Go and read up on snort, it seems to be exactly what you need.
Because I can block all network access in or out of my machine on my Windows box, I feel it is more secure than my linux box -- because on linux, something could have snuck-in via a corrupt binary or downloaded patch and I wouldn't know about it for days or longer depending on how well the evidence was buried in a log file.
First: You can set up your linux firewall to also block both incoming and outgoing traffic. In fact, I can set up my Linux firewall in such a way that my network connection becomes totally inefective. It is as if the network card does not work at all. No traffic flowing. Secondly: How can something sneek in via a corrupt binary via a firewall? You have to download in and install it. How does ZoneAlarm protect you against that? On Linux you have tools like checkrootkit, etc that inspect every file on your system and immediately lets you know if the file was tampered with. AppArmour is also a tool that will let you know immediately if files are acessed without permission. It prevents the access and then notifies you. So it is pro-active.
The main reason windows has more security problems than linux is because the defaults on windows-applications are designed for ease of use *over* security. It is often a trade-off. But linux provides *SO MUCH* logging about everything, that it's hard to sort through _everything_ to see what is important. At the very least, custom scripts and filtering are required and that right there puts it beyond most users (like my mom, etc...).
Well, the idea is that the normal user should not need to worry about security. Linux has been designed in such a way that it looks after itself. You don't need to monitor the security systems. But, I think you need to have a look at squil and snort, as that is basically what you want. It will notify you immediately of any suspect activity on your ports. It does not read log files, it acts the moment the activity is happening on the port, so it is rather pro-active than re-active. -- Andre Truter | Software Engineer | Registered Linux user #185282 ICQ #40935899 | AIM: trusoftzaf | http://www.trusoft.co.za ~ A dinosaur is a salamander designed to Mil Spec ~