-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2009-12-12 at 17:15 +1100, Basil Chupin wrote:
Is AppArmor designed to be the beginning of such protection for oS (I cannot find any dox for AppArmor in 11.2 for what it is supposed to do)?
No, AA can not protect you from a trojan. AA protects the system from a previously configured program doing something outside it limits. Say, you install a text browser. Then you set up an AA profile for that program (it is not done out of the box). If, one day, that text browser tries to open a shell, and this is not an action defined in the profile, it will be stopped. If it tries, say, to read a security log, and this is not allwed in the profile, it will be stopped. AA only protects those programs (services, normally) that have been profiled in advance. For example, it can list all actions the mail daemon should be allowed to do. If a hacker comes and finds a hole into that daemon and tries to do something not allowed in advance, it will be stopped. However, if the hole does allow him a root shell... all bets are off. But the profile should not allow a root shell, anyway. The only thing that can protects you from a trojan, is knowing in advance that it is a trojan and not installing it. Which means, not ever installing anything outside what /you/ define as secure sources. An antivirus? Well, it will warn you if the malware is already known... not for a new malware. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAksjcGwACgkQtTMYHG2NR9UmHgCfdwuM/jxxzopfUAz8b3wz/iX3 rJgAnRgyRGgfyybUeEzTZFjSEIKIx626 =a3WM -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org