On 12/12/09 21:28, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Saturday, 2009-12-12 at 17:15 +1100, Basil Chupin wrote:
Is AppArmor designed to be the beginning of such protection for oS (I cannot find any dox for AppArmor in 11.2 for what it is supposed to do)?
No, AA can not protect you from a trojan.
AA protects the system from a previously configured program doing something outside it limits.
Say, you install a text browser. Then you set up an AA profile for that program (it is not done out of the box). If, one day, that text browser tries to open a shell, and this is not an action defined in the profile, it will be stopped. If it tries, say, to read a security log, and this is not allwed in the profile, it will be stopped.
AA only protects those programs (services, normally) that have been profiled in advance. For example, it can list all actions the mail daemon should be allowed to do. If a hacker comes and finds a hole into that daemon and tries to do something not allowed in advance, it will be stopped.
Thanks Carlos for this explanation. One can then say that - at a streeetttch - AppArmor is the primitive beginning of an attempt to come up with a protection system from malware for openSUSE. No? :-)
However, if the hole does allow him a root shell... all bets are off. But the profile should not allow a root shell, anyway.
The only thing that can protects you from a trojan, is knowing in advance that it is a trojan and not installing it. Which means, not ever installing anything outside what /you/ define as secure sources.
Aah, but this is what I have asking about. In all cases for someone who has just installed oS - and even someone who has been using oS for some time - there is a list of repos which provide software for oS. A user selects such a repo because it indicates that it has the file/apps s/he needs to be able to do "A". As a "newbie" I consider that the repos showing in YaST's Repositories are secure - afterall they are listed in my (anticipated to be so) favourite distro.....and on top of all this I have been constantly bombarded by Linux people 'shouting' that Linux is DAMN-WELL SECURE!!........ You getting the drift of what I am saying... :-) ?
An antivirus? Well, it will warn you if the malware is already known... not for a new malware.
Absolutely correct. You can catch only what is known about but not the unknown. However, having said this, I remember way back in 1990/1 when the author of the BBS software I was running posted a message to all Sysops (of his software) that he was having dinner with some friends the night before and, during a discussion about security and virii, his wife asked a question. The result of this question made him, overnight, sit down and write protection for - not known at that time but what is now known as - the polymorphic virus. So it is possible to preempt nasties.... BC -- If you don't succeed you run the risk of failure. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org