[opensuse] Re: Interactive Firewall Needed
Jim Henderson a écrit :
To ask that every person who uses a computer be trained to perform network analysis of their applications "if they're really interested in security" is frankly nonsense.
problem is that asking the user at run time is not a solution, at least for security. I have to maintain windows machines for my relatives. They tend to let many applications opened and computer just sleeping between days. Many of these applications have to connect to the net. How can they know is a connection demand is right or wrong? when the window popup, you don't even know why. Most apps nowaday have good reason to access the net (cdda database...), so in 99% of the case you have to say yes. The chance you are full awake and ready to fear when one do that shouldn't is really small. Like this you can catch programming errors or honest but too curious authors, like the one wanting to know who uses his app. I'm pretty sure malicious apps authors don't fear zone alarm jdd -- http://www.dodin.net http://valerie.dodin.org http://news.opensuse.org/2009/04/13/people-of-opensuse-jean-daniel-dodin/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, 08 May 2009 08:18:29 +0200, jdd wrote:
How can they know is a connection demand is right or wrong? when the window popup, you don't even know why. Most apps nowaday have good reason to access the net (cdda database...), so in 99% of the case you have to say yes. The chance you are full awake and ready to fear when one do that shouldn't is really small.
The way I've explained this to people whose Windows machines I maintain is that if they open an application and that application is indicated, as long as it's a commercial software package or something like OpenOffice (ie, something that either they or I have installed), then it should be allowed to access the Internet if it asks. If the program indicated isn't something they asked to start up, then they should deny the request. And if they're unsure, they should ask me to check into it.
Like this you can catch programming errors or honest but too curious authors, like the one wanting to know who uses his app. I'm pretty sure malicious apps authors don't fear zone alarm
Well, I haven't heard of any exploits against ZA, and they seem to be pretty proactive in updating the software releases. That's kinda like saying "I'm pretty sure virus writers don't fear anti- virus software" - that doesn't mean that AV software is useless and shouldn't be installed on a system. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
jdd -
Jim Henderson