On Wednesday 06 May 2009 08:43:32 am L. V. Lammert wrote:
On Tue, 5 May 2009, Rajko M. wrote:
On Tuesday 05 May 2009 09:34:11 pm L. V. Lammert wrote:
It seems that you never used personal firewall in that other OS, at least not paid for version. User is asked would he let application [name] to access Internet, with offer to give more details if user wants. So, if you see some application attempting to access Internet, and you are not sure, you click link to more information and read what firewall creators have to say.
Sorry, your assumptions are wrong on boht counts.
Let we define first what we are talking about. You speak about systems that have paid-for support. I speak about home systems. While your claims are OK in enterprise, they don't apply for home systems, for a very simple reason, the price of support. When user buy computer for $500, how in the world he will afford $100 expert visit? It is the same proportion as asking car owner to pay $2000 for oil change. On the other side, $100 for computer pro is not that much.
A *USER* should not be put in a position of knowing what is secure or not - that is just good security practice.
Well, as a car user I should not decide what action is safe and what not, because that requires expertise, but I should know what is safe and what not. And just as in auto safety, expert knowledge can be summarized in short advices ie. good safety practices. Once it is summarized user doesn't need to consult expert for every step. I'm discussing how to empower home users interested in security, having common sense and not much time to study all computer internals. The tool that will ask and provide information when required is both, protection and learning tool.
Besides, if the system is installed and supported correctly, the question will never arise.
The only way to see that happen is to have well defined computer role. That is even in enterprise possible only for certain workstations that have very limited purpose.
Can you imagine better option for user that is not specialist for computers?
Yes. Have them call support!
Can you imagine how much would cost web browsing? Should I visit this link? $10 And this? $10 ...
Again, *USERS* are not security knowledgable.
But users interested in security are not idiots and holly script of setting up security can be simplified, like in car example, to this: * This application wants to access Internet for the first time. Do you want to allow? [yes] [no] [more info] If user is positive that application is OK he will press [yes]. If he is sure that application has no business in Internet it will use [no], and run tests to see what happened. If not sure, he can press [more info] where Gatekeeper will open browser with web page that gives more details that will tell, where application wants to go, what protocol is asking for, what kind of web page is that, location of IP, advice is that activity common etc, which will give user with common sense idea what to do. I'm wondering how expert can do the same better in one visit, then Gatekeeper, as user expert assistant, present all the time.
If they KNOW it is a valid request, it's only three or four mouse clicks to turn on that port - no internal knowledge needed.
How would they know?
Maybe they need to call help? Again, *USERS* are not links in a security chain, except for training to *NOT* click on 'OK'.
You really have not very high opinion about your users, or you deal only with those that don't use common sense, which is probably the case. Those that use common sense and listen to experts are not good customers.
Today even kwrite is networked, and second, how you as new to Linux should know which application is benevolent and which not.
If you don't know, you shouldn't be answering the question.
Why not? No, is valid answer.
Which port? Applications try to access port, but never tell you which. Some, after failed attempts will tell you what ports are needed, but not many.
Well, you can always Google, or look at services, or look at the firewall config (standard services are listed).
My favorite Samba, is classic example where one has to spend few hours reading before it finds out how to make it work, and it is well documented package.
Have YOU ever looked at the firewall that runs with the OS that is the subject of this list? It would appear not.
It seems that I did. How otherwise I would come on idea that it is not perfect solution? Besides, as mentioned by Jim to call it Interactive Firewall, is not best idea, because it is not firewall alone.
Well if applications are installed that way why we have those that like Samba fail royally on my own LAN? CUPS don't work on the same LAN, and probably more.
Probably because a qualified sysadmin has not done the setup?
Hmm, should I say that if Samba for basic file sharing and printing on home LAN needs sysadmin intervention, then it is seriously broken concept. It is the same case as car that need operator other then owner.
Under normaly circumstances, the user would never see a request to open a port; if he/she DOES, it is higly likely that some malicous application is the cause, OR a new application is being installed, which should have been monitored by a qualified professional anyway.
Should I hire qualified professional to make Samba or CUPS working?
If you don't wish to learn what's going on, then yes. If you are supporting clients/customers, that's why we have support agreements.
I'm sure, if I would be lesser do-it-yourself guy, I will take another approach, ditch the non working OS and go back to working.
Why not? Seems like an improvement for all.
Well, cutting out the rest, doesn't help you Lee. Good ideas should be supported, not opposed with arguments that are not applicable for the situation.
Lee
-- Regards, Rajko http://news.opensuse.org/category/people-of-opensuse/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org