Am Sonntag, 12. März 2006 21:36 schrieb Anders Johansson:
On Friday 10 March 2006 18:05, Daniel Bauer wrote:
As much as I understand it (and I don't understand very much :-) ) the SUSE-firewall doesn't care abaout which application is using a specific port, so in my opinion it could easily be possible for a maleficent program to get an internet connection.
maleficient? Please tell me you got that from babelfish :)
no, from leo.org... ;-) b.t.w. what would be the correct word for what I intended to say?
Yes it's easy for a program to get internet access in linux, SuSEfirewall2 won't block outgoing connections by default. If you worry about these things, you might want to look at AppArmor, which is included by default in 10.0 and can block much more than just network access
zonealarm isn't exactly the solution. It's not too difficult to defeat, so the only thing you get from it is a false sense of security. If you're worried about outgoing connections, the only real solution is to only run software you trust.
Of course, and I guess it's not so easy to install a working program on Linux that was sent to me per e-mail for example, as it is on Win, especially if I receive e-mail as a unser (not as root) and don't open every attachement or html-e-mail. But as a quite stupid user that I am - at least in regard to computer tech :-) - I'd apprecieate if I could somehow close my PC not only from outside-in but also from inside-out and let only pass those programs to which I explicitely give permission. That was, was ZoneAlarm promised to do - and, of course, I am not really surprised to read, that it actually does other things, too. This seems to be quite common in the M$-space and is _one_ of the great advantages of open source software. However I am still interested in learning what other (more skilled) users do to protect their PC's.... ...and forgive me to choose inappropriate words from the list given by leo.org when trying to translate to something near English :-) Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com special interest site: http://www.bauer-nudes.com