On Wednesday 06 May 2009 22:28:43 Jim Henderson wrote:
And yet it's one of the more popular avenues to compromise a system - trick the user into running something they didn't mean to and then connect outbound. Why? Because it's something a lot of systems don't protect against.
You managed to miss my point. If you're running a rogue application, an outbound connection should be the least of your worries. What local root/Administrator exploits do we not know about yet? What happened to that critical presentation you were going to deliver to a customer at 7am tomorrow? And as for the pseudo-security presented by ZoneAlarm, the "security by popup" scheme simply does not work. Microsoft tried it in Vista, and people forced them to stop. The immediate and instantaneous reaction to a popup, any popup, regardless of circumstance, from a "normal" user is to click ok. I have seen it even from relatively experienced users. Error popups, warnings, whatever - it's gone a tenth of a second after it's appeared. The first ten times they might be OK with clicking "Yes, I accept" when the web browser or email client wants to connect. After this, they either click by rota, or simply select "always allow this application". And guess what? No more security, no more blocking of outgoing connections, the rogue app has a path to the outside world. It's better to design for security correctly in the first place. Part of this is not running applications from untrusted sources, and part is to have a good security infrastructure - and in this, things like ZoneAlarm have no place at all Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org